Block Azure MFA (cloud) Enrollment from External Networks
I feel like I have been to the end of Google and back and thought I'd just reach out to this feedback hub.
We would love the ability to block Azure MFA (cloud) enrollment from external networks with Azure Conditional Access Policies or another method.
It doesn't look like the "MFA Setup" page is a "Cloud App" to build conditions on...
My other thought is the ability to build out a dynamic group based on if a user has enrolled, but the Azure Dynamic group queries seem limited at this point.
Shawn Pederson
shared this idea
10 comments
-
James
commented
Need this as well
-
James
commented
We also Need this State of NEvada
-
Eric Frazee
commented
any fix from MS on this yet?
-
Anonymous
commented
Need this.
-
Anonymous
commented
need this yesterday.
-
JP
commented
I agree with "Luke commented · January 21, 2019 3:20 AM " - its a massive loophole.
-
Daryl
commented
This is a must for this to be a viable solution
-
Anonymous
commented
We also require this functionality to avoid the scenarios listed already.
-
JasonR
commented
Agree with the above - we need a way of stopping an attacker who phishes credentials from registering MFA before the employee does.
-
Luke
commented
agree, this is a function we have been looking. If a user does not enroll in MFA there is nothing to stop a compromised account from enrolling on their behalf.