We are currently working on items that will enable service endpoints for multi-tenant App service. We will share the news of the features we deliver on the App Service Blog here: aka.ms/AppServiceBlog.
We also expect to speak about this topic at the Ignite conference in September in Orlando.
28 votes6 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
35 votes9 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
Conditional access only works with modern-auth applications. Non-modern auth applications bypass conditional access checks (such as Outlook 2010, Outlook 2013 without the registry tweak), so app-password wouldn't be applicable in conditional access scenarios.
Today, conditional access policies are handled AFTER authentication (as MS support and the following article indicate: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-locations#what-you-should-know)
The problem with this is that we're leveraging the conditional access policy to block access based on country. Ideally, this should happen prior to authentication happening, as the identity & the resource is known (parts of the condition).
The reason for this is so that people in other countries that we want blocked do not have the ability to lock out accounts as is currently possible (and happening).
We have MFA in place, so we should be protected, but would be ideal if the logic would block prior to authentication (just using identity), that'd make a lot more sense.
Thanks for your suggestion. Would you attach a copy of the email you are talking about? We can then match it to an existing template and see what needs to be adjusted.
Not seeing an attach option, but here's the body of it. If you want to provide your email address, I can attach it in a reply.
Azure App Service to comply with TLS requirements
Azure App Service to maintain compliance with TLS requirements
Dear Azure customer,
You’re receiving this email because you have an App Service app and we want to let you know about upcoming security improvements we’re making for PCI compliance. The PCI Security Standards Council announced that PCI-compliant websites must transition from TLS version 1.0 to TLS 1.1 or higher by June 30, 2018.
What is App Service?
App Service is a service to rapidly build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform. Meet rigorous performance, scalability, security and compliance requirements while using a fully-managed platform.
What this means for you:
• By April 30, 2018:
o Through the Azure portal and Azure Resource Manager templates, you’ll be able to select the minimum-required TLS version (1.1 or 1.2) for your app.
o We’ll configure App Service apps to require only newer TLS versions (1.1 and 1.2)—two months before the required date.
• After June 30, 2018, all newly created App Service apps will be automatically configured to require TLS 1.2. You’ll still retain the option to configure earlier TLS versions for your apps, if necessary, for compatibility with older browser clients.
Questions or concerns? Please contact us on the App Service forum or on Stack Overflow.
Your Azure team
Subscription Id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052
2 votes0 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
Get-MsolPartnerInformation actually doesn't provide the information being requested. Partners are assigned on each license in O365, and we'd need to see which licenses that have (or don't have) a partner assigned to it.
This is something we are planning to deliver. We don’t yet have a committed timeline.
Given the sparse nature of Windows Azure Storage and with recent announcement for trim support on guest OS’s that support trim, the need for resizing should be reduced, as you should just assume you start with the largest size possible and only pay for what you use.