top of page
Microsoft Online
Category:
IDaaS
Score:
77
Microsoft is a software corporation that develops, manufactures, licenses, supports, and sells a range of software products and services.
Gartner Score:
The Forrester Wave™:
74.8
Redmond, WA, USA
10,000 +
Total Funding:
SDAQ:MSFT Over $ 1B
Founded year
1975
Administration
Ease of installation on server
Password Policy Enforcement
Administration Console
Ease of connecting applications
Self Service Password Administration
Platform
Cross Browser support
Authentication Options
Authentication User experience
Multi-Factor Authentication
Federation/SAML support (idp)
Access Control Types
Endpoint access
Local Access
Remote Access
Supports BYOD users
Alternative Solutions
OKTA
AWS Directory Service
Ping Identity
OneLogin
75
77
75
75
Access
75
Federated Identity Management
OAuth support
OpenID support
SAML support
100
true
false
true
Brute-force Protection
Protection from multiple failed logins
Utilizes CAPTCHA
Multi-factor Authentication
Multi-factor authentication - Security Questions
Multi-factor authentication via Biometrics
Multi-factor authentication via Mobile App
Multi-factor authentication via Others
Multi-factor authentication via secondary email
Multi-factor authentication via Smartcard
Multi-factor authentication via SMS
Multi-factor authentication via USB Token
100
true
false
100
false
false
true
true
false
false
true
false
Password Quality Rules
Does not save logged in session
Force change of password after some time period
Provides password reset and recovery
Requires minimum password length
Requires strong password format
Access Control
Controls IP range from which login is allowed
Supports device restrictions
Enterprise Identity Integration
Active Directory integration
LDAP integration
Account Protection
Encrypted account credentials
100
true
true
true
true
true
100
true
false
100
true
false
1
Unknown
Administrative
87
Admin Audit Trail
Tracks all administrator activity
Policies
Content security policies
Policy configuration and enforcement
Role Based Access Control
Role based access control
User Audit Trail
Tracks all end-user activity
1
Unknown
100
true
false
1
Unknown
1
Unknown
Business
100
Financial Stability
Type of Company
100
Public
Compliance
72
Compliance Certifications
COBIT
CSA STAR Self-Assessment
FedRAMP High Baseline
FedRAMP Low Baseline
FedRAMP Moderate Baseline
FISMA
GAAP
HIPAA
ISAE-3402
ISO 27001
ISO 27017
ISO 27018
ITAR
NIST SP 800-53
PCI
Privacy Shield (GDPR, CCPA)
Safe Harbor
SOC I type 2
SOC III
SOX
SSAE 16 SOC2 Type II
TRUSTe
72
false
true
false
false
true
true
true
true
true
true
true
true
true
true
true
Both
false
true
true
Unknown
true
false
Data
75
Data at Rest Encryption
50
Encryption keys in control of the Enterprise
NA
Encrypts data at rest
false
Data in Motion Encryption
90
Does not involve blockchain activities
true
Not at risk to CloudBleed vulnerabilities
true
Not Vulnerable to CRIME
true
Not Vulnerable to DROWN
true
Not Vulnerable to FREAK
true
Not Vulnerable to Logjam
true
Not Vulnerable to OpenSSL Heartbleed defect
true
Not Vulnerable to Poodle SSLv3
true
Not Vulnerable to Poodle TLS
true
SSL Certificate Chain
stamp2.login.microsoftonline.com
SSL certificate not expired
true
SSL certificate strength
2048 bits or greater
SSL key strength
256 bits or greater
SSL used for data in motion
true
Supports HTTP2
false
Supports SSLv2
false
Supports SSLv3
false
Supports TLS Secure Renegotiation
true
Supports TLS_FALLBACK_SCSV
false
Supports TLSv1
true
Supports TLSv1_1
true
Supports TLSv1_2
true
Supports TLSv1_3
false
Valid SSL Certificate Name
true
Data Sharing Controls
100
Controls sharing with external users
TRUE
Controls sharing with internal users
true
Data Handling
80
Backup data centers
Unknown
Customer data not analyzed for ad targeting
true
Customer data not analyzed for behavior mining
true
Data not stored on mobile for offline access
NA
Encrypted backup
Unknown
Offline data encrypted or otherwise protected
NA
Provides for backup/export of customer data
true
Requires or stores passwords of 3rd party services
NA
REST API Activity Log Retrieval Method
NA
EST API Activity Log Scope
NA
REST API for Activity Logs
NA
.REST API Support
true
Restrict opening files in external apps on mobile
false
HTTP Security Headers
43
HTTP Content-Security-Policy
false
HTTP Public Key Pinning Extension
false
HTTP STS
true
HTTP X-Permitted-Cross-Domain-Policies
false
HTTP Security Headers.X-Content-Type-Options
true
X-Frame-Options
true
X-XSS-Protection
FALSE
Informational
80
Type of Service
Consumer oriented service
50
true
Enterprise oriented service
true
Type of Clients
Desktop client
Native mobile app
50
false
false
Web based service
true
External Integration
No third party integration
50
true
Service
40
Agreements
100
Provides DPA
TRUE
Provides SLA
true
Hosting Service
100
Data Center Locations
TRUE
Hosting Platform Type
true
Provider if hosted on the public cloud
true
Multi-tenancy Support
100
Separation of Customer Data
TRUE
Disaster Recovery & Business Continuity
100
Data Breach Notification
TRUE
Integration
80
Cloud providers integrations
AWS
AZURE
GOOGLE CLOUD
ALIBABA
ORACE
IBM
TRUE
Cloud Service integrations
NETAPP
OFFICE 365
SALESFORCE
VMWARE
HPE
CISCO
Over alll SaaS integrations score
TRUE
TRUE
Other Functionalities
eDiscovery
Data archiving score
OS migration score
RTO score
Ransomeware recovery score
On-premise integration
bottom of page