Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

KjetilEVRY

My feedback

  1. 138 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    18 comments  ·  Azure Active Directory » Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    KjetilEVRY commented  · 

    You can restrict it, read here: https://nedinthecloud.com/2020/01/19/enabling-conditional-access-for-azure-active-directory-applications/

    But it's complicated, it all depends on how you create Service Principals. Only the correct way gives you the option to add SP as a Cloud App in Conditional Access.

    KjetilEVRY supported this idea  · 
  2. 1,604 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    53 comments  ·  Networking » DNS  ·  Flag idea as inappropriate…  ·  Admin →
    KjetilEVRY supported this idea  · 
  3. 401 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    16 comments  ·  Networking » Bastion  ·  Flag idea as inappropriate…  ·  Admin →
    KjetilEVRY supported this idea  · 
  4. 62 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    triaged  ·  7 comments  ·  Networking » Bastion  ·  Flag idea as inappropriate…  ·  Admin →
    KjetilEVRY supported this idea  · 
  5. 275 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    35 comments  ·  Azure Active Directory » Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    KjetilEVRY commented  · 

    I think something is coming soon. Until then, you could use Azure Monitor and create alerts by using this query:
    AuditLogs | where OperationName contains "Policy"

    Not optimal, but better than nothing

    KjetilEVRY supported this idea  · 
  6. 647 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    26 comments  ·  Networking » IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    KjetilEVRY supported this idea  · 
  7. 3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    KjetilEVRY supported this idea  · 
  8. 140 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    22 comments  ·  Azure Active Directory » Other  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    KjetilEVRY commented  · 

    Indeed, for me this is the highest risk factor with AzureAD itself. Not that I fear advanced attacks, but that we have no tools to recover from an advanced attack... or a technical *****-up.

    KjetilEVRY supported this idea  · 
  9. 38 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  5 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    KjetilEVRY shared this idea  · 
  10. 65 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Hi,
    Assigning cloud groups to built-in roles is in public preview starting today. Here’s the published documentation -

    https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-groups-concept

    https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-features

    We will get started on on-prem groups shortly. Stay tuned!

    Regards,
    Abhijeet Kumar Sinha
    Azure Active Directory Team

    An error occurred while saving the comment
    KjetilEVRY commented  · 

    Totally agree. It's sad that the Hybrid Identity part which is a killer in large enterprises hasn't been developed and designed well enough, preventing large-scale rollout to large customers. Even if O365 with Intune and AzureAD will be dominant for many customers, most large enterprises will still keep their on-premise AD for several years to come.

    KjetilEVRY supported this idea  · 
  11. 56 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  2 comments  ·  Azure Active Directory » Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
    KjetilEVRY supported this idea  · 
  12. 6,055 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    270 comments  ·  Networking » DNS  ·  Flag idea as inappropriate…  ·  Admin →
    KjetilEVRY supported this idea  · 
  13. 97 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  Azure AD Team responded

    Today, you can use conditional access to enforce MFA on a per-group basis. This is Microsoft’s recommended enforcement model.
    We will be updating the per-user enforcement of MFA to more closely match how conditional access works, but this is still in the design phase.

    Richard

    An error occurred while saving the comment
    KjetilEVRY commented  · 

    Absolutely, this is a must for large enterprises. And even better, make it easy to enforce a method also (ie SMS/call/app notification) already, so we don't have to run a scheduled PS script to enforce this.

    KjetilEVRY supported this idea  · 

Feedback and Knowledge Base