Why can User Still Sign-in to Domain Joined Computer Using PIN After Account is Locked/Disabled?

J

Jeremy Chang WHS

This is a huge security issue.1. Test user Microsoft Azure AD account has been disabled and sessions revoked through Microsoft Azure.2. Test user's domain joined computer was restart using remote software.3. Test user can still login to their computer with pin or face ID whether the computer is connected to the internet or not.The ability for them to login was not due to a delay in the system. I made sure that the test user could not access M365 resources before locking the computer and restarting it. Why is the user still able to login to the computer? Microsoft should remove the cache'd pass

Continue reading...
 
Back
Top Bottom