Phasing out temporary mobile passwords in Yammer
Temporary Mobile Passwords have been a useful workaround for situations where users needed to use Yammer mobile applications, even if the identity provider is blocked for devices connecting from the internet. With the recent end of support for Yammer SSO, and all Yammer federated authentication having been moved to use Azure Active Directory (AAD), the time has come to also end support for this workaround, and instead rely on AAD Conditional Access (CA) as a solution.
AAD CA is a much better solution than Yammer Temporary Mobile Passwords because it does not require users to manage two separate passwords for Yammer authentication. With AAD CA, customers can enable the same access control scenario, while also giving users a better authentication experience that works consistently across all their devices.
Removal schedule for Temporary Mobile Passwords
Temporary Mobile Passwords will be phased out based on the schedule below. Yammer networks that currently use TMPs will need to transition to using AAD CA to limit their authentication to work only on the intranet in general, with the exception of allowing Yammer mobile app authentication from the Internet.
June 29th, 2017: End of support for Temporary Mobile Passwords announced. New networks will no longer have this functionality.
July 3rd, 2017: Yammer networks with minimal usage (fewer than 30 logins a month) will have Temporary Mobile Passwords disabled. If your network falls into this category, and you require an extension - please follow your tenant's normal process to open an Office 365 support request and Support can provide you with a temporary extension.
April 3rd, 2018: Temporary Mobile Passwords will no longer function.
After April 3rd, 2018, if you do nothing, the following changes will take place:
- Temporary Mobile Passwords will be removed from the Yammer interface & blocked from the authentication path.
Yammer Temporary Mobile Password scenarios and their replacement
If you are currently using Temporary Mobile Passwords for specific scenarios or behaviors, you can transition to new methods to continue with similar functionality. The following table lists these scenarios or behaviors and the replacement for that behavior.
|Intranet Only Access. Admin has blocked federated Yammer authentication from working for devices which connect from the Internet, only allowing authentication on their intranet. Temporary Mobile Passwords ensure users access credentials via the company intranet & allows users to authenticate to the mobile app.
||AAD Conditional Access. AAD CA allows admins to restrict access to trusted networks and allows users to authenticate via AAD.
|Password Security on Untrusted Devices. There's a risk that untrusted devices can be compromised & expose corporate passwords to unauthorized users. Temporary Mobile Passwords offers a way to protect sensitive corporate passwords, by providing ephemeral login credentials that don't provide access to the entire O365 suite.
||AAD Conditional Access with Intune. With AAD CA, you can enforce multi-factor authentication--using multi-factor authentication helps protect resources from being accessed by an unauthorized user who might have gained access to the credentials of a valid user.
To immediately disable Temporary Mobile Passwords for your network
Open a support case using the Microsoft 365 admin center and we would be happy to disable Temporary Mobile Passwords for your network.