I am in a business environment in which we want to use a SaaS solution, and they use their own AD environment to manage our user accounts.
What kind of questions should I ask them about how they manage accounts? I have already made sure that the complexity of the passwords, the frequency of change of the passwords, is in place.
- Do you use NTLM v1 or v2 for hashing?
- Who has access to the AD, only the administrators?