[MlMt] Follow Up to Email Concerns
dgreenbhm at gmail.com
Tue Jun 29 10:49:41 EDT 2021
On 29 Jun 2021, at 9:13, Glenn Parker wrote:
> To restate my question: what are the downsides to a compromised email account, and do they justify this level of access control?
I think in the University scenario (and probably many corporate scenarios), the risk that is being addressed is that due to Single Sign On (SSO), the identity used for accessing mail is the same identity for accessing other resources. Any use of the identity that does not work within the SSO system (including DUO) is considered a risk. For most Universities using MS Exchange, the vast majority of users use mechanisms that work with the SSO (Outlook and Outlook Web Access) and it is considered an acceptable “solution” to just turn off IMAP, etc. unless there is a significant reason to invest in supporting additional variations.
There are, of course, several downsides to this decision but the downsides to a compromised email account included a compromised identity.
More information about the mailmate