Login

u/Emotional-Trifle5507

r/cybersecurity r/hipaa r/grc r/microsoft365
▲ 4 r/microsoft365+1 crossposts

A company plans to enforce an 8-hour sign-in frequency such that every 8 hours, the users will have to re-authenticate with Azure Extre ID to access M365. Azure Extra ID Conditional Access Control Policy was creaed to set 8-hours sign-in frequncy with MFA.

However, all users use corporate laptop enrolled into Intune, which allows seamless SSO to access M365. The authentication with Azure Extra ID is done automatically bypassing userid/password/MFA entirely whenever the user tried to access M365.

This aparently increases the risk that someone can gain access to M365 without credentials through an unattended computer. Is there a way to enforce sign-in frequency on corporate laptops? or any other controls can be implemented to minimize the risk?

reddit.com
u/Emotional-Trifle5507 — 1 month ago
▲ 2 r/grc+1 crossposts

I alwasy worked on projects for clients, which has clearly defined SOW and deliverables. I am just curious about how does vCISO work to support the client, specifically,

-what are the typical scope of work

-what are the processes to enage with the client's execitives and various client's internal team and get the work done

-what are the typical deliverable or outcome that can determine the success of vCISO work

-how does vCISO get compensated

-any specific tools/solutions/applications used to support the client

-how many clients a vCISO can support

Last question: what experience/skill/knowledge is required for a vCISO

reddit.com
u/Emotional-Trifle5507 — 1 month ago