How can we improve Azure Active Directory?

Support for Hardware Token in Cloud hosted Multi-Factor Authentication

If the MFA server supports hardware tokens, why can't the azure hosted MFA support it ?!
Please add this feature.

265 votes
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)

We’ll send you updates on this idea

Curtis shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

62 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • David commented  ·   ·  Flag as inappropriate

    Is there a time table for when this will be ready for customers?

  • Han Valk commented  ·   ·  Flag as inappropriate

    Support for event-based hw tokens would be very much appreciated since time-based tokens tend to get out of sync every now and then which will result in helpdeskcalls.

  • Joost Groot commented  ·   ·  Flag as inappropriate

    MFA via a hardware token would be a great feature. We have a lot of customers that want to use MFA. But most of the users don't have a business phone and the law prohibits the customers to force users to use their personal devices for work.

    Providing a Smartphone for MFA only is a bit expencive. A hardware token would be safe and simple to use.

  • Kevin Raineri commented  ·   ·  Flag as inappropriate

    If you can't wait and need 2FA today, you should check out SurePassID. They have a 60-day free trial and you can lock down just about any point of access with 2FA including OFFLINE Windows logins.

    Check out their tokens too. Plenty of different types of OATH and FIDO tokens. The OATH TOTP fobs are inexpensive and can be imported into MFA server just like the SafeNet tokens. The OTP Display cards are awesome! Event-based are in stock (HOTP) but the TOTP display cards can be ordered.

  • Volkan Boreaz commented  ·   ·  Flag as inappropriate

    Are there any updates on where we can follow a roadmap for this feature? This has been requested by many and yet no further updates since November 2017. There are plenty of 2FA providers out there, this is simply not acceptable in 2018 - I'm sorry to be brutally blunt.

  • Eric Denis commented  ·   ·  Flag as inappropriate

    We would also like an update on this, we recently moved to the Microsoft 365 Subscription and are looking into implementing some of the services but really need to know if this will ever become available.

  • Mike Ruddell commented  ·   ·  Flag as inappropriate

    I would also like to know what progress has been made in this area please.
    We are experiencing similar issues.

  • Brian Sørensen commented  ·   ·  Flag as inappropriate

    Any update on this? When can we expect it available, it is a make or break scenario for us wether to use Azure AD or an alternative solution

  • Amy Westerman commented  ·   ·  Flag as inappropriate

    can you please post the link in the roadmap where this is referenced as being in development? I can't find it.

  • Mohamed commented  ·   ·  Flag as inappropriate

    Hi Guys,
    We also need to know when support for hardware tokens will be available. Any update would be greatly appreciated. I really don't want to source a different vendor for MFA. If I have a timeline we can plan around that.

  • Anthony nz commented  ·   ·  Flag as inappropriate

    Hi guys, I can't see anything about MFA on the roadmap page. Is it actually under development? Can we please get an ETA and have it added to the Roadmap?

  • Richard Gianforte commented  ·   ·  Flag as inappropriate

    Official Microsoft Response - This feature is currently in active development. We understand the need to support hardware tokens in Azure MFA and it is very high on our priority list.

  • Melissa Klug commented  ·   ·  Flag as inappropriate

    This is now a requirement for our company, any update on if this will be supported in the future?

  • Chris Eckl commented  ·   ·  Flag as inappropriate

    Too many clients can't get their staff to use their personal mobile phones and will not issue company phones. Should be easy enough to allow uploading of seed information at least via PowerShell.

  • Jeffrey Hornak commented  ·   ·  Flag as inappropriate

    We currently have a legal requirement for hard tokens. We cannot compel union employees to use personal devices (mobile) for corporate use. They do not have dedicated phone lines (shared manufacturing floor) and procuring dozens of corporate-owned mobile devices specifically for MFA is just not practical. Having feature parity between the premise MFA server and the cloud-service is critical.

Feedback and Knowledge Base