Knowing your domain may help hackers and other attackers when they trying to use brute force and break into your website by guessing passwords. For that reason the WordPress + Office 365 Login can be configured to redirect anyone who enters a user name ending with your (custom or default cloud) domain e.g. firstname.lastname@example.org into the default WordPress login form to Microsoft instead. Of course this is not a bullet proof solution but it will surely help avoid so called brute force attacks from being successful.
Launch the WordPress + Office 365 wizard by navigating to WordPress Admin, go to the plugins page and click Configuration. Select the Login / Logout tab and check the box labelled Intercept manual logins. In addition, you must enter a valid URL in Goto after field. This URL is where the user will be redirected to after having successfully signed in with Microsoft.
In addition, on the User registration tab you must enter your Default domain and optionally Your (own) domain or else the plugin cannot know what domains are yours (and should be intercepted) and which aren’t.
|Intercept manual logins||Yes||Yes||Yes|
|Your (own) domain||Yes||Yes||Yes|