Currently, we are not aware of any plans from Windows Server for this capability. We’ll continue to work with Windows Server to revisit this in the near future
Thank you for your feedback! Would you like the feature to be controlled by the admin or available for everyone?
1,076 votes92 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
For requiring additional factors with Windows Hello for Business, please see – https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock
For why PIN is better than a password, please see https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password
For Authenticator app sign in to Azure AD, please see https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-phone-sign-in
As always, other feedback is welcome
Outside removing Global admin from AAD joined devices’ local admin group, we are working on more granular AAD group based admin privileges on AAD joined devices.
Please refer to https://feedback.azure.com/admin/v3/suggestions/31914520/ for details on how we’re expanding the scope of local admin groups in AAD joined devices.
312 votes35 comments · Azure Active Directory » Self-Service Password Reset · Flag idea as inappropriate… · Admin →
Hi folks – apologies for the lack of updates here. This work is still in progress but unfortunately we don’t have an ETA that we can share yet. We will update as soon as we do. Thanks!
357 votes40 comments · Azure Active Directory » Role-based Access Control · Flag idea as inappropriate… · Admin →
Just a quick update here. We’re still actively working on support for custom roles (RBAC) across Azure AD. Stay tuned for more announcements in the next couple of months.
You can have a look at what we’ve shipped thus far (custom roles for application registration management) here – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview.
Azure Active Directory Team
We are looking to add additional MFA options for Azure AD B2C in the next few months. As part of the investigation, we want to learn more about your requirements. Email your feedback to email@example.com.
When you say “support for Microsoft Authenticator”, which feature are you referring to?
1. The ability to see the codes in the authenticator app
2. The ability to receive push notifications for MFA
If both, which do you prefer more?
Again, please email your feedback to firstname.lastname@example.org. Feel free to include more details about your scenarios/requirements!
177 votes19 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
Azure AD now supports FIDO2 security keys in public preview. We’re working on allowing them to be used as a second factor as well (today they are used only first in sequence, but they satisfy MFA).
Thanks for your suggestion. This is under review and in our backlog but initially you will see this capability show up in AD FS in Windows Server 2016.
/ Brjann Brekkan
We have restarted work on this feature. However, we don’t have a date for public preview yet.
Thanks for the great feedback and comments. We are working on this, but don’t have an ETA yet. We will share an update when we are closer to release.
Thanks for the feedback, we’re currently reviewing this capability to see how we can support RADIUS auth on NPS specifically, for AAD Joined Windows 10 devices to authenticate to WiFi access points
If there are scenarios beyond the above, please provide the details in the comments
1,436 votes283 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
We have released the Authentication administrator and Privileged authentication administrator roles that can manage the authentication methods of the user. If you are using Azure AD Premium, consider enforcing MFA on the user using Conditional Access. We are continuing to work on other roles that will let you manage other MFA settings.
We’re currently evaluating an option that will provide the functionality offered by nested groups, but removes the complexity nested groups adds. We appreciate your patience on this ask and want to ensure we deliver a solution that benefits all of our customers. Below are use cases that we’d like for you to stack rank, with #1 being priority for you. We thank you for the continued comments and feedback.
Use case A: nested group in a cloud security group inherits apps assignment
Use case B: nested group in a cloud security group inherits license assignment
Use case C: nesting groups under Office 365 groups
We continue evaluating several alternatives to provide full email customization. We are actively working on an alternative.
Unfortunately we do no yet have an ETA.
We have a private preview of this feature available. If you are interested in joining, please contact email@example.com with the name of your tenant.
172 votes20 comments · Azure Active Directory » Self-Service Password Reset · Flag idea as inappropriate… · Admin →
We are planning to re-design the self-service password reset experience. The new experience will be mobile-friendly! We’ll keep you up to date as we make progress.
We’re working on global file locking and will share more once we’re ready to start the preview program.
Please help us understand your requirements by filling out this survey: https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR4MoPQd5uTpCnj3Y_cY3MXRUMUZWRlZOWEFKNUE1QUNBN0JQTjQwQ0tYUi4u
210 votes34 comments · Azure Active Directory » Groups/Dynamic groups · Flag idea as inappropriate… · Admin →
We are investigating what it would take to add support for multi-value attributes in Dynamic Groups to enable this and related scenarios.
Kristina Bain Smith
All consumer logins including local and social/federated are included in the audit logs.
Is there more information that you are looking for?
An error occurred while saving the commentRobin Vermeirsch commented
Seriously... how can this not be logged and accessed?