Device-level authentication as primary authentication like ADFS 4.0 (Windows 2016) in Azure AD
It would be AWESOME, if Azure Active Directory would provide device-level authentication as primary authentication like ADFS 4.0 (Windows 2016)
We need this please!
Thanks for your suggestion. This is under review and in our backlog but initially you will see this capability show up in AD FS in Windows Server 2016.
/ Brjann Brekkan
I agree with Peter. Our managers are asking device-level authentication with Azure MFA without the need of ADFS.
Aaron Marks commented
When using a domain account, local account, or Microsoft account that is Workplace Joined to Azure AD with Azure AD Connect/Device-Writeback/ADFS4, we're able to enable Device Authentication as a primary authentication method which our users have loved in testing.
Unfortunately though, this Device Authentication hasn't worked for Azure AD Joined computers with Azure AD accounts. It seems like a bug or something that wasn't tested, but it would be nice to hear from the AAD team.
Peter Selch Dahl commented
It would be GREAT, if Microsoft would extend the same experience as "Windows Hello" across ALL platforms and provide a better end user experience and thereby increase productivity.
Ex. I sign in to my Azure AD and MDM join that is FULLY managed by the corp. and we enforce the policies within the corp. to the device. We know that the device is fully compliant and which users is associated with the device (The owner). The end user would currently be required to not just sign into his or he device using a PIN, Windows Hello, TouchID, etc. like Microsoft Passport, but than we will force them yet again to provide proff of identity for accessing apps. Why? I get that some apps or some content needs to be more secure than other, but we can apply extra conditional accesss to apps and content.
The ADFS team is adding the feature/support in ADFS 4.0, so why not have feature parity? I know that Microsoft recommends using Azure AD only authentication instead of ADFS as the preferred method of auth.