You people are idiots. You think everyone is allowed to have a cell phone at work and that we all are assigned a desk phone. NOT TRUE on either of these. Trying to get into my email now is like trying to access Ft. Knox for gold!

The Add ADFS farm wizard, needs to cater to when the SQL browser service is off and also for custom SQL ports.

If MFA is enabled, I need to enter my username and password, along with using the MS Authenticator app to access O365. However, what if I forget my password? What is the authentication method here? Is it simply using MS Authenticator to gain access? If so, I've now gain access using 1 factor instead of 2.

In Azure Government, there is no feature for Conditional Access to integrate DUO 2FA. The only option available is to use Microsoft Authenticator that does not support OAUTH Tokens. A mobile phone is not allowed in all areas for push notifications.

MFA technology today is an important security requirement and cannot be conditioned by premium products, it is ridiculous because competitors provide the option of MFA as a security solution and not conditional on using Azure AD premium, security is for all of that it is a shot in the foot or I would not feel safe in the environment that tells me I have passwords and secure security mechanisms and wants to sell me the use of MFA

AzureMfaNpsExtnConfigSetup.ps1 from the "NPS Extension for Azure MFA" is not OS language independent.
Use $networkService = New-Object System.Security.Principal.SecurityIdentifier([System.Security.Principal.WellKnownSidType]::NetworkServiceSid, $null); for getting the name of the Network Service.

AzureMfaNpsExtnConfigSetup.ps1 from the "NPS Extension for Azure MFA" is not OS language independent.
Use "$networkService = New-Object System.Security.Principal.SecurityIdentifier([System.Security.Principal.WellKnownSidType]::NetworkServiceSid, $null);" for getting the name of the Network Service. The attached file does work for me.

AzureMfaNpsExtnConfigSetup.ps1 from the "NPS Extension for Azure MFA" is not OS language independent.
Use "$networkService = New-Object System.Security.Principal.SecurityIdentifier([System.Security.Principal.WellKnownSidType]::NetworkServiceSid, $null);" for getting the name of the Network Service. The attached file does work for me.

The use case is around the MFA fraud alerting. Our configuration is to use the app code or push notification only. What we’ve noticed is that 9/10 times the user has hit the report fraud when their computer is requesting a refresh token and they’re not in front of the pc. If there was a way to include other information into the alert such as impossible travel or even where the session is located, that would help in our investigation process.

If an IT Admin needs to help a Tenant-User logging into a user Portal the MFA blocks access. It would be helpful in cases where the user wants the IT Admin to also be able to log into Web Access with an alternate text enabled phone to support the additional IT Admin's access. Currently the only way is to assign the Office Phone number to the IT Admin who needs to help the Tenant-User.

It will be good if we can add email option with mobile device for authentication. Since it is very difficult to login where you don't have mobile access inside the premises. If we have email option we can ask for the authentication code to be send on official email and then can login. It is really very inconvenient for everyone to login into HCL portal and access imp. tabs.

Provide a native RADIUS interface for Azure MFA. Currently Windows NPS servers are required to integrate VPN Servers with Azure MFA. It would be better to not have to deploy and manage these NPS machines just to perform this function.

Need an option to Export MFA blocked users Report.
As of now there is no option to export the MFA blocked user details in the portal or powershell or though Graph.

Ik ben altijd samen met mijn tellefoon en die geef ik niet uit handen. Ik ben de eigenaar van de IPhone XR. Ronnybryden

We are testing MFA for Always on VPN. Whenever the conditions match to trigger Always on VPN, there needs to be a popup on Windows 10 to notify you of the MFA request. Currently Windows 10 doesn't even tell you its asking for MFA, just says verifying info.

Implement the "pick a number" model for the standard (non-passwordless/phone sign-in) Azure MFA workflow. Users get in the habit of hitting approve/deny and could easily mistakenly (or be tricked into) hitting approve. The pick a number method at least requires some coordination between the person logging in and the person holding the phone.

Should also provide additional details in the MS Authenticator app regarding the authentication attempt. Geo source of the attempt at a minimum would be helpful - similar to Apple's MFA that shows a map of the location.

A simple GUI experience for activating MFA for all users. From Azure Portal as well as Microsoft 365. Potentially even a wizard with organization wide authentication settings and then activation.

Activation potentially even to be customizable to be Enabled, enforced, but even scheduled and enabled to be configured next logon in the portal only.