How can we improve Azure Active Directory?

Device-level authentication as primary authentication like ADFS 4.0 (Windows 2016) in Azure AD

It would be AWESOME, if Azure Active Directory would provide device-level authentication as primary authentication like ADFS 4.0 (Windows 2016)

We need this please!

71 votes
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)

We’ll send you updates on this idea

Peter Selch Dahl shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

3 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    I agree with Peter. Our managers are asking device-level authentication with Azure MFA without the need of ADFS.

  • Aaron Marks commented  ·   ·  Flag as inappropriate

    When using a domain account, local account, or Microsoft account that is Workplace Joined to Azure AD with Azure AD Connect/Device-Writeback/ADFS4, we're able to enable Device Authentication as a primary authentication method which our users have loved in testing.

    Unfortunately though, this Device Authentication hasn't worked for Azure AD Joined computers with Azure AD accounts. It seems like a bug or something that wasn't tested, but it would be nice to hear from the AAD team.

    Thanks.

  • Peter Selch Dahl commented  ·   ·  Flag as inappropriate

    It would be GREAT, if Microsoft would extend the same experience as "Windows Hello" across ALL platforms and provide a better end user experience and thereby increase productivity.

    Ex. I sign in to my Azure AD and MDM join that is FULLY managed by the corp. and we enforce the policies within the corp. to the device. We know that the device is fully compliant and which users is associated with the device (The owner). The end user would currently be required to not just sign into his or he device using a PIN, Windows Hello, TouchID, etc. like Microsoft Passport, but than we will force them yet again to provide proff of identity for accessing apps. Why? I get that some apps or some content needs to be more secure than other, but we can apply extra conditional accesss to apps and content.

    The ADFS team is adding the feature/support in ADFS 4.0, so why not have feature parity? I know that Microsoft recommends using Azure AD only authentication instead of ADFS as the preferred method of auth.

Feedback and Knowledge Base