-
Start receiving secret expiration notifications
Lately we noticed a growing number of administrators, reporting that users were no longer able to sign in with Microsoft. More often than not, the configured client secret for the registered application (= App registration) in Azure AD had expired. With its latest version, WPO365 can help monitor the expiration date(s) of AAD application /…
-
Eating our own dog food!
We have updated our website WordPress + Azure AD / Microsoft Office 365 and made it easier for you to log in using our brand new Azure AD B2C tenant. So what did change? You can still access your account to manage your details, subscriptions, licenses and download purchased items at https://www.wpo365.com/your-account/. But now you will note that we automatically…
-
URGENT: nOAuth, or how an OpenID Connect misconfiguration can lead to full account takeover
If you have enabled support for multi-tenant authentication for your registered application in Azure AD then please read the following information carefully. The Descope security team discovered a gray area in Microsoft Azure AD multi-tenant OAuth applications that could lead to full account takeover. Please compare your configuration with the example below, if you are not sure whether…
