Windows RDP lets you log in using revoked passwords. Microsoft is OK with that. - Ars Technica
Windows RDP lets you log in using revoked passwords. Microsoft is OK with that. - Ars Technica
arstechnica.com
Windows RDP lets you log in using revoked passwords. Microsoft is OK with that.
Even after users change their account password, however, it remains valid for RDP logins indefinitely. In some cases, Wade reported, multiple older passwords will work while newer ones won’t. The result: persistent RDP access that bypasses cloud verification, multifactor authentication, and Conditional Access policies.