search

piaudonn / SecurityNotifications

Send security notifications to your users when something important happened on their accounts (such as new MFA methods, atypical travels, TAP usage...).
MIT License
9 stars 2 forks source link

[Feature] Password Change Notification #39

Open mcrommert opened 1 year ago

mcrommert commented 1 year ago

Would there be a way to create a module for password changes in AzureAD

We have been looking at adopting SEEN at our company, but beyond the MFA notifications we would also like to notify on password changes

piaudonn commented 11 months ago

@mcrommert Thanks for your request! And sorry for the delay...

Password change was not kept as a scenario because it is an event that likely break the email flow for the user. In other terms, if the user changes the password, or if there if a password reset is performed on the account, it is likely that the notification would arrive after the access to the mailbox is broken. There are still some cases with token cache and if the application doesn't do continuous access evaluation where the notification will be received, but that's a really a timing condition. What do you think?