You've got to be elephanting kidding me MS
-
Until about 4 or 5 years ago I did development work for company X. Our work with them tapered off without there ever being a formal "we're not going to do any more contracts" period; but their boss discovered the one thing he hated more than running an in house development team was paying another companies overhead, and my employer was moving towards larger long term contracts instead of the short tasks X wanted. Eventually when it was clear we weren't doing anything else together they removed our access to their Jira and Bitbucket. They never removed my access to their Azure for some reason though despite multiple emails between me and my boss and X. The other day I finally got annoyed enough to file a support ticket with MS asking them how to get removed from X's Azure. The good part was that despite being a lowest tier request they got back to me same day. The WT:elephant: part is that their answer was that only the owner of X's Azure can remove me from their account 🤮 and suggested I just spamblock it instead. :doh: :omg: :doh: :wtf: :doh: Of course since they send everything from
Microsoft Azurethere's no easy/safe way to only block emails about X's azure and not any other clients I have now or in the future who use Azure.Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
-
Until about 4 or 5 years ago I did development work for company X. Our work with them tapered off without there ever being a formal "we're not going to do any more contracts" period; but their boss discovered the one thing he hated more than running an in house development team was paying another companies overhead, and my employer was moving towards larger long term contracts instead of the short tasks X wanted. Eventually when it was clear we weren't doing anything else together they removed our access to their Jira and Bitbucket. They never removed my access to their Azure for some reason though despite multiple emails between me and my boss and X. The other day I finally got annoyed enough to file a support ticket with MS asking them how to get removed from X's Azure. The good part was that despite being a lowest tier request they got back to me same day. The WT:elephant: part is that their answer was that only the owner of X's Azure can remove me from their account 🤮 and suggested I just spamblock it instead. :doh: :omg: :doh: :wtf: :doh: Of course since they send everything from
Microsoft Azurethere's no easy/safe way to only block emails about X's azure and not any other clients I have now or in the future who use Azure.Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
It's not an MS problem as much as you would like to think so.
"Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
-
It's not an MS problem as much as you would like to think so.
"Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
For anyone offering X as a service products it absolutely is. Giving contractors/freelancers/etc access to your systems is a common enough thing to do; and Company X is far from the only business with and owner either too busy to make the time to remove access for people who should no longer have it or too clueless to understand why he should take a minute to do so. While I'm neither stupid or unethical enough to take advantage of the access I theoretically have*; if my pc/MS account ever get hacked whoever pwns me is unlikely to have similar scruples about either ransomwaring X's business or spinning up up $100k/day worth of VMs to mine crypto. Beyond that the steady stream of "you need to X" emails I get represent a low level information disclosure vulnerability into X's current setup. * Theoretical because I have a vague recollection of needing a different password for X's Azure; if so it (and everything else related to X) has been long since deleted from my saved passwords list. On the gripping hand, I've no idea how hard doing a PW reset would be.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
-
For anyone offering X as a service products it absolutely is. Giving contractors/freelancers/etc access to your systems is a common enough thing to do; and Company X is far from the only business with and owner either too busy to make the time to remove access for people who should no longer have it or too clueless to understand why he should take a minute to do so. While I'm neither stupid or unethical enough to take advantage of the access I theoretically have*; if my pc/MS account ever get hacked whoever pwns me is unlikely to have similar scruples about either ransomwaring X's business or spinning up up $100k/day worth of VMs to mine crypto. Beyond that the steady stream of "you need to X" emails I get represent a low level information disclosure vulnerability into X's current setup. * Theoretical because I have a vague recollection of needing a different password for X's Azure; if so it (and everything else related to X) has been long since deleted from my saved passwords list. On the gripping hand, I've no idea how hard doing a PW reset would be.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
When a couple split up, the one remaining in the house demands teh key back, or changes the locks to be sure the ex can't get back in. Failure to get a key back isn't the lock manufacturer's fault - it's "your ex" that has made a mistake and caused a problem. I'd disagree - it's not MS's problem it's a Company X management problem. Just like when a contractor's contract ends or an employee leaves you revoke their access permissions to the building recover all keys they were issued, they should revoke all permissions to all systems. MS is right - they can't legitimately revoke permissions as you might be requesting it as a malicious act. Even if they could do it, they don't know that "Joe" has left and "Dan" isn't still an employee you want to make trouble for!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
-
Until about 4 or 5 years ago I did development work for company X. Our work with them tapered off without there ever being a formal "we're not going to do any more contracts" period; but their boss discovered the one thing he hated more than running an in house development team was paying another companies overhead, and my employer was moving towards larger long term contracts instead of the short tasks X wanted. Eventually when it was clear we weren't doing anything else together they removed our access to their Jira and Bitbucket. They never removed my access to their Azure for some reason though despite multiple emails between me and my boss and X. The other day I finally got annoyed enough to file a support ticket with MS asking them how to get removed from X's Azure. The good part was that despite being a lowest tier request they got back to me same day. The WT:elephant: part is that their answer was that only the owner of X's Azure can remove me from their account 🤮 and suggested I just spamblock it instead. :doh: :omg: :doh: :wtf: :doh: Of course since they send everything from
Microsoft Azurethere's no easy/safe way to only block emails about X's azure and not any other clients I have now or in the future who use Azure.Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
The account belongs to company X, not MS. It would actually be a crime, I'm sure, if MS helped you get removed from another company's system, without prior written agreement with said company X.
-
The account belongs to company X, not MS. It would actually be a crime, I'm sure, if MS helped you get removed from another company's system, without prior written agreement with said company X.
The actual crime is that by not providing any way for me to stop receiving emails about X's azure, MS is violating the CAN SPAM act.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
-
The actual crime is that by not providing any way for me to stop receiving emails about X's azure, MS is violating the CAN SPAM act.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
You could write a cease and desist letter threatening further legal action, directed toward company X. That would solve your problem, but it would require some effort on your part.
-
You could write a cease and desist letter threatening further legal action, directed toward company X. That would solve your problem, but it would require some effort on your part.
Slacker007 wrote:
You could write a cease and desist letter threatening further legal action, directed toward company X. That would solve your problem, but it would require some effort on your part.
I had a problem with the company that has programmed the web to access my bank. I wrote them an email saying about a problem and giving them a couple of ideas to resolve it. The ignored me. I resent the email some days later, they answered me some weeks later with some "off the book" answers that didn't even correlate to my message. I sent them more or less the same content a third time and told them that it is not about comfort but about security and that they are not following the european privacy act and they might get accountable for any data leak... the answered me the same day (I saw it next day though) that the changes were already being implemented and that it would go live by the next update... The issue is still active, and I am really thinking on giving a notice to a customer defense organization (I am not going to start something myself alone against them). If they don't learn being nice...
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
Until about 4 or 5 years ago I did development work for company X. Our work with them tapered off without there ever being a formal "we're not going to do any more contracts" period; but their boss discovered the one thing he hated more than running an in house development team was paying another companies overhead, and my employer was moving towards larger long term contracts instead of the short tasks X wanted. Eventually when it was clear we weren't doing anything else together they removed our access to their Jira and Bitbucket. They never removed my access to their Azure for some reason though despite multiple emails between me and my boss and X. The other day I finally got annoyed enough to file a support ticket with MS asking them how to get removed from X's Azure. The good part was that despite being a lowest tier request they got back to me same day. The WT:elephant: part is that their answer was that only the owner of X's Azure can remove me from their account 🤮 and suggested I just spamblock it instead. :doh: :omg: :doh: :wtf: :doh: Of course since they send everything from
Microsoft Azurethere's no easy/safe way to only block emails about X's azure and not any other clients I have now or in the future who use Azure.Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
Dan Neely wrote:
They never removed my access to their Azure for some reason though despite multiple emails between me and my boss and X.
Inform them (via email, with your boss CC:ed) that you've reset your password for that account, and that you're going to snail-mail them the new password on a piece of paper, sent via certified mail, and that you won't be keeping any copy of that document once it's been sent. Point is, you want to get yourself in a situation where, from that point forward, anything that happens from access through that account is no longer your problem because you cannot access it yourself even if you wanted to. I suppose the problem is proving you won't keep a copy of the new password (beyond your own claim). But I think you get the idea I'm suggesting.
-
Dan Neely wrote:
They never removed my access to their Azure for some reason though despite multiple emails between me and my boss and X.
Inform them (via email, with your boss CC:ed) that you've reset your password for that account, and that you're going to snail-mail them the new password on a piece of paper, sent via certified mail, and that you won't be keeping any copy of that document once it's been sent. Point is, you want to get yourself in a situation where, from that point forward, anything that happens from access through that account is no longer your problem because you cannot access it yourself even if you wanted to. I suppose the problem is proving you won't keep a copy of the new password (beyond your own claim). But I think you get the idea I'm suggesting.
That plan presupposes that: 1) I still remember how to get from the base me@companyName.tld MS account tied to my MSDN/Outlook/Office subscriptions to where ever it's linked to the company X azure account. 2) That I'm willing to do anything that would involve touching the Company X Azure at all. The latter is why I've spent several years emailing boss person @ company X and more recently MS; instead of trying to find out if they gave me enough admin rights to their azure to disconnect myself. I want nothing to do with their systems now.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
-
Until about 4 or 5 years ago I did development work for company X. Our work with them tapered off without there ever being a formal "we're not going to do any more contracts" period; but their boss discovered the one thing he hated more than running an in house development team was paying another companies overhead, and my employer was moving towards larger long term contracts instead of the short tasks X wanted. Eventually when it was clear we weren't doing anything else together they removed our access to their Jira and Bitbucket. They never removed my access to their Azure for some reason though despite multiple emails between me and my boss and X. The other day I finally got annoyed enough to file a support ticket with MS asking them how to get removed from X's Azure. The good part was that despite being a lowest tier request they got back to me same day. The WT:elephant: part is that their answer was that only the owner of X's Azure can remove me from their account 🤮 and suggested I just spamblock it instead. :doh: :omg: :doh: :wtf: :doh: Of course since they send everything from
Microsoft Azurethere's no easy/safe way to only block emails about X's azure and not any other clients I have now or in the future who use Azure.Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
I had the same problem and it blocked me from using my from using teams. I was able to contact the old company and they did remove me. But, I think it is Microsoft responsibility to manage this. Microsoft owns azure and they charge a pretty penny to 'use' it. The accounts are for Microsoft security and ability to bill you. That being said, there needs to be a way I can remove my account from being tied to something I don't want/need/can't use or have. This is the state of the cloud. Always using someone else' property. Cheaper up front probably. I'd guess not in the long term.
Jack of all trades, master of none, though often times better than master of one.
-
Until about 4 or 5 years ago I did development work for company X. Our work with them tapered off without there ever being a formal "we're not going to do any more contracts" period; but their boss discovered the one thing he hated more than running an in house development team was paying another companies overhead, and my employer was moving towards larger long term contracts instead of the short tasks X wanted. Eventually when it was clear we weren't doing anything else together they removed our access to their Jira and Bitbucket. They never removed my access to their Azure for some reason though despite multiple emails between me and my boss and X. The other day I finally got annoyed enough to file a support ticket with MS asking them how to get removed from X's Azure. The good part was that despite being a lowest tier request they got back to me same day. The WT:elephant: part is that their answer was that only the owner of X's Azure can remove me from their account 🤮 and suggested I just spamblock it instead. :doh: :omg: :doh: :wtf: :doh: Of course since they send everything from
Microsoft Azurethere's no easy/safe way to only block emails about X's azure and not any other clients I have now or in the future who use Azure.Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
I suspect resetting the PWD is not all that hard. It's likely that a reset email will be sent to your listed email address, and clicking a link will take you to the reset page. This is good in general, but not good in your situation. The danger to you is that if anyone does anything to their materials, you can be a suspect as you have access. Sure, you'll be cleared, but it's a hassle you don't need. One idea is to identify the old manager's boss, get his/her number, and call. Recommend that they check ALL accounts, as it's highly likely that others have access where they shouldn't. If you haven't, preserve copies of all emails sent to prove you're trying to do the right thing. If that doesn't get results, start forwarding the Azure emails back to the company with a note at the top that your access needs to be revoked.
-
I suspect resetting the PWD is not all that hard. It's likely that a reset email will be sent to your listed email address, and clicking a link will take you to the reset page. This is good in general, but not good in your situation. The danger to you is that if anyone does anything to their materials, you can be a suspect as you have access. Sure, you'll be cleared, but it's a hassle you don't need. One idea is to identify the old manager's boss, get his/her number, and call. Recommend that they check ALL accounts, as it's highly likely that others have access where they shouldn't. If you haven't, preserve copies of all emails sent to prove you're trying to do the right thing. If that doesn't get results, start forwarding the Azure emails back to the company with a note at the top that your access needs to be revoked.
It's a very small company, the person who's ignoring my emails is the owner/ceo/etc. There's no one over him I can talk to. I also CCed the one developer there whose email I had; but either he left, is equally clueless as to why my having access is a problem, or can't convince his boss to do anything either.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
-
It's a very small company, the person who's ignoring my emails is the owner/ceo/etc. There's no one over him I can talk to. I also CCed the one developer there whose email I had; but either he left, is equally clueless as to why my having access is a problem, or can't convince his boss to do anything either.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
Dan Neely wrote:
It's a very small company, the person who's ignoring my emails is the owner/ceo/etc.
Reset your PWD, login, delete all files, and add a text file containing, "told ya that ya should have removed me!"? :laugh: Nope, don't do that (not that I figure you will) -- it makes for a good joke, but is a truly bad idea. Given the situation, I see 2 choices: 1) Ignore it. The likelihood of anything bad happening via your account is low. 2) Send him a registered letter requesting that he revoke your access, and that his failure to do so may compromise his systems, and that you are not responsible for his inaction. That may scare him enough to get off his butt and fix it. In either case, preserve your evidence of trying to do the right thing.
-
That plan presupposes that: 1) I still remember how to get from the base me@companyName.tld MS account tied to my MSDN/Outlook/Office subscriptions to where ever it's linked to the company X azure account. 2) That I'm willing to do anything that would involve touching the Company X Azure at all. The latter is why I've spent several years emailing boss person @ company X and more recently MS; instead of trying to find out if they gave me enough admin rights to their azure to disconnect myself. I want nothing to do with their systems now.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
-
Dan Neely wrote:
It's a very small company, the person who's ignoring my emails is the owner/ceo/etc.
Reset your PWD, login, delete all files, and add a text file containing, "told ya that ya should have removed me!"? :laugh: Nope, don't do that (not that I figure you will) -- it makes for a good joke, but is a truly bad idea. Given the situation, I see 2 choices: 1) Ignore it. The likelihood of anything bad happening via your account is low. 2) Send him a registered letter requesting that he revoke your access, and that his failure to do so may compromise his systems, and that you are not responsible for his inaction. That may scare him enough to get off his butt and fix it. In either case, preserve your evidence of trying to do the right thing.
BryanFazekas wrote:
Reset your PWD, login, delete all files, and add a text file containing, "told ya that ya should have removed me!"? :laugh: Nope, don't do that (not that I figure you will) -- it makes for a good joke, but is a truly bad idea.
Not even doing the first part. Going from my base Me @ My Company Microsoft account to the linked Me @ Company X azure account in the hope of finding a way to reset that password to line noise or do a self service disconnect is a line I don't feel comfortable crossing. Especially since the MS support person said the only person who could do anything is Owner @ Company X. If they'd said they couldn't do it themselves because reasons, but provided a how-to guide to remove myself I would (after clearing it with my boss) email X saying I was going to follow MS provided instructions to remove myself unless you do it first.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
-
Dan Neely wrote:
I want nothing to do with their systems now
That's why I was suggesting this. If you can't access the system, you can't be blamed for anything bad that might happen to it.
I'd need to access their system to change my password, and in terms of being able prove I can't login nothing would change. Currently it's only my word that I don't remember the additional password to go from my MS account to their azure; after going in and doing a reset to a new password it'd only be my word that I didn't record whatever I changed it to. If I could go in and remove myself from their system entirely that would be something else; but the message from Microsoft implies that I can't do it.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
-
I'd need to access their system to change my password, and in terms of being able prove I can't login nothing would change. Currently it's only my word that I don't remember the additional password to go from my MS account to their azure; after going in and doing a reset to a new password it'd only be my word that I didn't record whatever I changed it to. If I could go in and remove myself from their system entirely that would be something else; but the message from Microsoft implies that I can't do it.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
If *they* changed the password themselves they wouldn't be able to place anything nefarious that happened subsequently on you. IMO, that's the best you can hope for - let *them* take ownership of the account so you can wash your hands of it. That's all I'm saying. I'd hate to be in that situation.
-
If *they* changed the password themselves they wouldn't be able to place anything nefarious that happened subsequently on you. IMO, that's the best you can hope for - let *them* take ownership of the account so you can wash your hands of it. That's all I'm saying. I'd hate to be in that situation.
MS says they can't do anything, Company X can't be bothered to do anything. Edit: And because the company X azure is tied to my employer MS account my employer can't do anything until such time as I stop working for them. I'll admit a degree of curiosity if when that happens I'll disappear from X's azure entirely, or if MS will keep trying to send emails to an account that was deleted from their systems...
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
-
MS says they can't do anything, Company X can't be bothered to do anything. Edit: And because the company X azure is tied to my employer MS account my employer can't do anything until such time as I stop working for them. I'll admit a degree of curiosity if when that happens I'll disappear from X's azure entirely, or if MS will keep trying to send emails to an account that was deleted from their systems...
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
Dan Neely wrote:
I'll admit a degree of curiosity if when that happens I'll disappear from X's azure entirely, or if MS will keep trying to send emails to an account that was deleted from their systems...
Depends on a lot of things. If the account continues to exist in Azure AD but is marked as inactive, the system should start generating errors whenever someone tries to send an email to the associated mailbox. When happens next is anybody's guess. :-)
