Could someone from NetAPP explain to me how making me login through Azure, thus forcing me to login with my company email, which is already registered on Azure for different content, with a different password to my password here, is improving security?
So I'm now being forced to consolidate content from multiple different sources into one auth domian, all accessible through one email address and one password, so if/when I get compromised, I can get really, really compromised properly. How is that a security improvement for me or you?
I'd have thought that a company who literally exist by providing network attached devices would understand the concept of compartmentalisation, you know all that 'different passwords for different sites' stuff people have been talking about for the last two decades.
Hi Dave, Please accept my apologies for the delayed response. I appealed to the teams leading these changes have shared their response below:
Logging in through Microsoft Azure AD B2B using a customer's existing MS AAD organization credentials or a One-Time-Passcode sent to their organization email address ensures that the user is active in the organization and is permitted to access the organization’s content. The organization’s onboard and offboard mechanisms provide them with the control to ensure their entitlements are protected. The organization’s security tools provide visibility and mitigation controls that protect their security.
Secure, complex passwords should always be used, and this allows the organization to ensure the passwords meet their standards. When individuals have too many logins and passwords there is a tendency to simplify, use across multiple environments, or write them down. Centralized credentials for company workflows provides an increase in visibility and security. MFA reduces the risk of compromised credentials.
Passwords are the least secure component of the security chain. The transition to MS AAD B2B focuses on user accounts where it is best practice to employ Single Sign On (SSO) across systems, adding corporate security controls. Ideally, compartmentalization would be protected further, where appropriate, with a Privileged Access Management solution.