Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

How can we improve Azure Active Directory?

← Azure Active Directory

Device-level authentication as primary authentication like ADFS 4.0 (Windows 2016) in Azure AD

It would be AWESOME, if Azure Active Directory would provide device-level authentication as primary authentication like ADFS 4.0 (Windows 2016)

We need this please!

73 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Peter Selch Dahl shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

3 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Anonymous commented  ·   ·  Flag as inappropriate

    I agree with Peter. Our managers are asking device-level authentication with Azure MFA without the need of ADFS.

  • Aaron Marks commented  ·   ·  Flag as inappropriate

    When using a domain account, local account, or Microsoft account that is Workplace Joined to Azure AD with Azure AD Connect/Device-Writeback/ADFS4, we're able to enable Device Authentication as a primary authentication method which our users have loved in testing.

    Unfortunately though, this Device Authentication hasn't worked for Azure AD Joined computers with Azure AD accounts. It seems like a bug or something that wasn't tested, but it would be nice to hear from the AAD team.

    Thanks.

  • Peter Selch Dahl commented  ·   ·  Flag as inappropriate

    It would be GREAT, if Microsoft would extend the same experience as "Windows Hello" across ALL platforms and provide a better end user experience and thereby increase productivity.

    Ex. I sign in to my Azure AD and MDM join that is FULLY managed by the corp. and we enforce the policies within the corp. to the device. We know that the device is fully compliant and which users is associated with the device (The owner). The end user would currently be required to not just sign into his or he device using a PIN, Windows Hello, TouchID, etc. like Microsoft Passport, but than we will force them yet again to provide proff of identity for accessing apps. Why? I get that some apps or some content needs to be more secure than other, but we can apply extra conditional accesss to apps and content.

    The ADFS team is adding the feature/support in ADFS 4.0, so why not have feature parity? I know that Microsoft recommends using Azure AD only authentication instead of ADFS as the preferred method of auth.

Azure Active Directory: End user experiences

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice