Reply to post: Depends on the documentation

Malwarebytes says its Office 365, Azure tenancies invaded by SolarWinds hackers, insists its tools are still safe to use


Depends on the documentation

There might be perfectly reasonable design decisions as to why Microsoft did that. Equally there might not be (Microsoft aren't going to tell us either way are they).

If you have documented prominently that "anyone can gain access to AD as a domain admin by doing this. If you want to stop that then do this this, and this. This has the known side effect of causing this behaviour..."

Isn't that documented well enough (if prominent enough) such that the customer can make a judgement call about it? Everything's a trade-off isn't it, and I presume that MalwareBytes made that trade-off...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon