Peter

My feedback

  1. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Azure Active Directory » Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
    Peter shared this idea  · 
  2. 67 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Azure Active Directory » Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    Peter supported this idea  · 
  3. 93 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Peter supported this idea  · 
  4. 46 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Peter supported this idea  · 
  5. 10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Peter supported this idea  · 
  6. 44 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Peter shared this idea  · 
  7. 280 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    49 comments  ·  Azure Active Directory » Domain Services  ·  Flag idea as inappropriate…  ·  Admin →

    UPDATE 01/06/2020
    Multiple scenarios are still being investigated.

    CONFIRMED that NPS and Azure AD Domain Service can work with the Azure MFA NPS extension to enable MFA for RDP to virtual machines. That said, Azure Bastion Host (https://docs.microsoft.com/en-us/azure/bastion/bastion-overview) provides the same value without the additional infrastructure of NPS. We have a doc bug created to add the nuance to our documentation, which is to 1) Skip registering the NPS server and 2) ensure your network policy has “Ignore user account dial-in properties” selected.
    Leaving the topic open as we continue to investigate/validate other NPS use cases (e.g. VPN and 802.x scenarios)

    Mike Stephens
    Senior Program Manager
    Azure Identity
    IAM Core | Domain Services

    Peter supported this idea  · 
  8. 5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Peter supported this idea  · 
  9. 16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Peter supported this idea  · 
  10. 4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Peter supported this idea  · 
  11. 8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Peter supported this idea  · 
  12. 9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Peter supported this idea  · 
  13. 353 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    29 comments  ·  Azure Active Directory » B2C  ·  Flag idea as inappropriate…  ·  Admin →
    Peter supported this idea  · 
  14. 1,180 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    72 comments  ·  Azure Active Directory » B2C  ·  Flag idea as inappropriate…  ·  Admin →

    We definitely recognize the popularity of this feature, and we discuss it constantly during the planning phases. However there are certain technical limitations in the system that add a large amount of development cost. Because of the cost and the fact that there is a workaround available, other features get prioritized over this one.

    That being said, please keep voting for it. The popularity of the feature does help bring it up and makes us reconsider every time.

    Apologies for the delay.

    /Parakh


    Old message:
    We’re doing some research both on the specifics of this ask as well as what it would take to support this.
    Is the ask here to do the same thing that regular Azure AD does (see: https://blogs.technet.microsoft.com/enterprisemobility/2014/12/18/azure-active-directory-now-with-group-claims-and-application-roles/) or is are there different requirements around this for Azure AD B2C?

    Peter supported this idea  · 
  15. 3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Peter commented  · 

    Phone sign-in feature is what you are referring to here I think. I think this is coming to Azure MFA, just not sure when. The Approve/Deny is not the best user experience (agreed), as users just get into a habit of just hitting Approve all the time, and do not necessarily think about if they initiated the request when they get one in the app. In order for them to deny when they should be choosing it, they need better wording from the prompt (push notification) in the Authenticator app. Something descriptive about the device (user agent string) and location the request came from may assist the user in deciding to Approve/Deny, or even re-phrasing the prompt to something that says "Did you initiate a request to sign-in to SERVICENAME, on DEVICENAME, from COUNTRYNAME? Please select Yes if you did initiate this request, or No, if you did not initiate this request." Then admins can audit the MFA logs in Azure around Deny or No selected to determine if they need to investigate an attempt to compromise an account.

    Peter supported this idea  · 
  16. 14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Peter commented  · 

    I know you can get OTP via email when accessing AIP labelled files that have encryption applied, for email addresses that are associated with an IDP that is not associated/trusted with the Microsoft Azure AD IDP.

    Peter shared this idea  · 
  17. 5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Active Directory » End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
    Peter supported this idea  · 
  18. 52 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Peter supported this idea  · 
  19. 61 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Peter supported this idea  · 
  20. 5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Azure Active Directory » Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
    Peter supported this idea  · 
← Previous 1 3 4 5 6

Feedback and Knowledge Base