1

I'm a user, in an org of around 950 people, with a new Android smart phone being set up by our IT team. To set up apps (e.g. Outlook, Teams) on the phone, the service desk analyst has asked me to send my Windows password to him by email. There's nothing malicious in this, and I can easily change it afterwards, but this seems like the wrong approach in a big-ish enterprise with a 'proper' IT setup in every other respect.

What would be a more resilient, more secure alternative? Aren't there admin-level tools that can support the config piece without credentials being shared?

Tom F
  • 313

1 Answers1

2

To set up apps (e.g. Outlook, Teams) on the phone, the service desk analyst has asked me to send my Windows password to him by email

I don't think there is a way to set up apps on Android on behalf of somebody else, so asking for your password is really the only way.

Is it a good practice?
Absolutely not.

What would be better?
In theory the IT guy should at most install the apps for you and you should be the one signing in to them with your account. If you get stuck, than they could help you (maybe with a screen sharing session if you can't meet in person)

Máté Juhász
  • 22,071