Robin Vermeirsch
My feedback
-
1,187 votes101 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
For requiring additional factors with Windows Hello for Business, please see – https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock
For why PIN is better than a password, please see https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password
For Authenticator app sign in to Azure AD, please see https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-phone-sign-in
As always, other feedback is welcome
/Ravi
Robin Vermeirsch supported this idea ·
-
349 votes
We are looking to add additional MFA options for Azure AD B2C in the next few months. As part of the investigation, we want to learn more about your requirements. Email your feedback to aadb2cpreview@microsoft.com.
When you say “support for Microsoft Authenticator”, which feature are you referring to?
1. The ability to see the codes in the authenticator app
2. The ability to receive push notifications for MFAIf both, which do you prefer more?
Again, please email your feedback to aadb2cpreview@microsoft.com. Feel free to include more details about your scenarios/requirements!
An error occurred while saving the comment An error occurred while saving the comment Robin Vermeirsch commented
really need this
Robin Vermeirsch supported this idea ·
-
239 votes
We have restarted work on this feature. However, we don’t have a date for public preview yet.
Robin Vermeirsch supported this idea ·
-
1,467 votes292 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
We have released the Authentication administrator and Privileged authentication administrator roles that can manage the authentication methods of the user. If you are using Azure AD Premium, consider enforcing MFA on the user using Conditional Access. We are continuing to work on other roles that will let you manage other MFA settings.
Robin Vermeirsch supported this idea ·
-
2,568 votes
We’re currently evaluating an option that will provide the functionality offered by nested groups, but removes the complexity nested groups adds. We appreciate your patience on this ask and want to ensure we deliver a solution that benefits all of our customers. Below are use cases that we’d like for you to stack rank, with #1 being priority for you. We thank you for the continued comments and feedback.
Use case A: nested group in a cloud security group inherits apps assignment
Use case B: nested group in a cloud security group inherits license assignment
Use case C: nesting groups under Office 365 groupsRobin Vermeirsch supported this idea ·
-
52 votes
We are working to enable this feature. We should have another update by Dec 2018.
/Parakh
Robin Vermeirsch supported this idea ·
-
95 votes12 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
There is planned work to address this scenario. We don’t feel that backup codes provide a good security option as they’re often misplaced. Also, it’s hard to have users print them out and have them when they’re needed. Instead, we are looking at a time-limited passcode that could be generated either by the user (just in time when it’s needed) or by an admin (for example a helpdesk agent). The organization admin would have control over when a user could generate these codes. The code can be used for a limited time, then it will no longer be valid.
Note – for areas with limited cellphone connectivity (or roaming charges), the code generated in the authenticator app will allow MFA login. The time-limited passcode is meant to stand in if the user temporarily forgot/lost their phone.
Richard
Robin Vermeirsch supported this idea ·
An error occurred while saving the comment Robin Vermeirsch commented
or just allow support the enable a one time bypass.
-
66 votes
This is currently possible. Could you please elaborate more on what you’re looking to achieve?
If you mark a user as an User Administrator, you can control all fields for the users in the directory.
Robin Vermeirsch supported this idea ·
-
7 votes
Robin Vermeirsch supported this idea ·
-
2 votes
Robin Vermeirsch supported this idea ·
especially with custom policies