499 votes42 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
For requiring additional factors with Windows Hello for Business, please see – https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock
For why PIN is better than a password, please see https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password
For Authenticator app sign in to Azure AD, please see https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-phone-sign-in
As always, other feedback is welcome
We’re working on a solution and will update you when we know more.
Due to various technical limitations, the first iteration of the customer-owned domains functionality will not be available for a few more months. We will provide an update as soon as we can get a more specific ETA.
936 votes181 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
This feature is now on the roadmap. The MFA team is planning to adjust admin roles or create a new role that will allow delegation of MFA registration and credentials to an admin role.
52 votesJoe Stocker commented
FYI - you can now do this with Microsoft Cloud App Security Conditional Access App Control. https://docs.microsoft.com/en-us/cloud-app-security/proxy-deployment-aad
This is a problem we’re aware of and working on how best to address this use case.