AdminAzure AD Team (Admin, Microsoft Azure)

My feedback

  1. 1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      1 comment  ·  Azure Active Directory » Terms of Use  ·  Flag idea as inappropriate…  ·  Admin →
      AdminAzure AD Team (Admin, Microsoft Azure) commented  · 

      Hi Tony,

      We are working to provide more granular control for enforcing CA policies in general. Rather then applying a CA control like TOU or MFA at the app level, you would be able to apply it at some scoped permission with the app.

    • 220 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        13 comments  ·  Azure Active Directory » Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
        AdminAzure AD Team (Admin, Microsoft Azure) commented  · 

        We are working on this for conditional access policy and named locations now. API support for what if is something we've discussed but not on the near-term roadmap.

      • 60 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          Today, you can use conditional access to enforce MFA on a per-group basis. This is Microsoft’s recommended enforcement model.
          We will be updating the per-user enforcement of MFA to more closely match how conditional access works, but this is still in the design phase.

          Richard

          AdminAzure AD Team (Admin, Microsoft Azure) commented  · 

          Today, you can use conditional access to enforce MFA on a per-group basis. This is Microsoft's recommended enforcement model.
          We will be updating the per-user enforcement of MFA to more closely match how conditional access works, but this is still in the design phase.

        • 35 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            AdminAzure AD Team (Admin, Microsoft Azure) commented  · 

            Our recommended approach to this situation is to not install MFA Server on premise. You can install the MFA adapter for NPS, which will proxy RADIUS request to Azure MFA in the cloud. This will support VPN or other RADIUS needs on-premise. https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-nps-extension

          • 41 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              AdminAzure AD Team (Admin, Microsoft Azure) commented  · 

              We'll take this in consideration as we plan new features. In the short term, we are working on Graph API's that will allow you to change phone numbers in the StrongAuthentication fields.

            • 183 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                AdminAzure AD Team (Admin, Microsoft Azure) commented  · 

                The MFA team is currently working on adding get/set/read/delete abilities for StrongAuthentication data to the Graph API.

              • 109 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  AdminAzure AD Team (Admin, Microsoft Azure) commented  · 

                  Azure MFA is currently designing the experience for FIDO 2.0. This is the next iteration of the FIDO U2F standard that the link references.

                Feedback and Knowledge Base