Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
PowerShell and Graph API support for managing Multi-Factor Authentication
Currently, the only available option to automate Azure MFA administration appears to be the MSOnline PowerShell module, released back in 2015.
The MSOnline module's Set-MsolUser and Get-MsolUser cmdlets allow administrators to enable and disable MFA on a user object using PowerShell scripts.
Alas, the MSOnline module itself does not support MFA when connecting to Azure AD. Administrators hoping to make use of the MSOnline module cannot have MFA enabled on their accounts. In short, for an admin to manage MFA with PowerShell, the admin's account can't be protected by MFA.
The new AzureAD and AzureADPreview PowerShell modules support connecting to…
929 votesWe’re really pleased to let you know that we’ve released the first authentication method APIs to public preview:
https://docs.microsoft.com/graph/api/resources/authenticationmethods-overview
So far there are APIs for managing phone numbers and password resets. When phone numbers are set with the API, the user can use that number for MFA and SSPR (as allowed by your tenant’s policy).
The team is hard at work at building out APIs for all of the other authentication methods, and we’ll update the response here as they’re released.
-
Enable per user MFA bypass for Azure MFA (Cloud) make this both temporary and permenant based on settings
Currently per user bypass is not capable in Azure MFA (Cloud only) this can be done using the Azure MFA on premise server. This functionality make Azure MFA more usable for a end user community that often loses or forget cell phones and need temporary bypass. Also using Azure MFA with NPS/Radius there is no way to allow services accounts that do network equipment monitoring to avoid Azure MFA if we want to enable MFA to access critical network infrastructure or VPN using radius this would help this scenario too
295 votesWe are currently working on a method to allow users to sign in while their authentication methods are temporarily unavailable.
-
Azure MFA Trusted IP limitation of 50 address ranges
Currently per the article: https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-whats-next the Trusted IP for configuration "For requests from a specific range of public IPs" is restricted to a hard limit of 50 IP Address ranges.
Please provide the ability to extend this number as there are companies like ours where the limit of 50 IP Address ranges makes this not usable for production environments.
62 votesHey folks,
The work for this has started to increase this. We hope to have an update soon.
@MarkMorow
-
IPv6 Whitelisting option in Azure Multi-Factor Authentication
The Azure Multi-Factor Authentication server software only allows IPv4 whitelisting. IPv6 whitelisting would be great for the future.
15 votesHey folks,
The work for this has started. We hope to have an update for you really soon.
@MarkMorow
-
Azure MFA Cloud : Abillity to remove specific sign-in option like Telephone for work
I've not heard two times from customers that they REQUIRE that they can manage / choose which authentication methods are available to users during the MFA enrollment proces.
The IT administrators would like to control the phone authentication numbers or limit access to the Azure Authenticator.
It would also be nice, if it would be posible to define different policies for specific users or group of users
@Shawn Bishiop
4 votesWe are working on something similar to this request that should be available for preview soon.
- Don't see your idea?