Allow 3rd party MFA with PIM
Azure conditional access policies allow for 3rd party MFA, such as Duo, but Azure PIM does not allow this level of customization with the "Require MFA" configuration for a PIM role. This means that we need to manage 2 different MFA platforms if we're going to leverage both Duo MFA and Azure PIM for security. I'd like the ability to use Duo MFA when activating a PIM role.
Brad Heacock commented
+1 for enabling Duo for PIM and SSPR.
Note - if you allow this via claim from the IDP - please account for the B2B Guest use case where AD tenant is not the HOME tenant for the user + the HOME tenant is federated IDP. Use case is all users are GUESTS into our tenant where we PIM. See: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/37590304-b2b-scenario-the-b2b-guest-user-should-use-the-m
Tim Humphrey commented
+1 for Ping MFA
ABHINAVA GOPAGANI commented
+1 for Enabling DUO for PIM and SSPR.
As a standard in our organisation, we use DUO for MFA. Two instances, where we are not able to use Duo MFA are PIM and SSPR. We want to enable SSPR in our organisation but authentication methods of SSPR does not support DUO as of now.