Rename - 'Require multi-factor authentication'
Per the custom controls, we’re allowing 3rd party MFA providers to be included in a CA policy. (assuming it will be more than MFA providers in the future).
Can the term ‘Require Multi-factor authentication’ be re-worded to simply ‘Azure MFA / Federated MFA’ or similar.
Assumption:
The ‘Require multi-factor authentication’ implies strictly the Azure MFA service (or on-premises federated MFA provider)
Justification:
If multiple MFA providers are added to CA (via custom controls), the Customer may mis-interpret that the ‘Require multi-factor authentication’ applies to ANY successful MFA auth from any in-scope provider when in reality it only applies to Azure MFA (or on-prem federated MFA)
CHDAFNI - MSFT
shared this idea
1 comment
-
Shawn
commented
I agree it would add clarity to the logs if you could rename the 'Require MFA' column header because we too satisfy MFA with 3rd Party product via Conditional Access Policy. Another related enhancement would involve adding another column to clarify the meaning of 'Success' under the 'Conditional Access' column. Our Security Analyst identified gaps in our SIEM log when correlating the Azure Log and DUO Security Log. Users have dozens of Azure logins reflecting the DUO MFA CA Policy was successfully fulfilled, yet in DUO Security Log, there is no indication the login occurred. We now know this is related to the use of AccessTokens and RefreshTokens to enable Keep Me Signed In feature. Please add another column that would indicate the CA was satisfied by either an existing AccessToken or RefreshToken.