AdminAzure AD Team (Admin, Microsoft Azure)

My feedback

  1. 1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Active Directory » Terms of Use  ·  Flag idea as inappropriate…  ·  Admin →
    AdminAzure AD Team (Admin, Microsoft Azure) commented  · 

    Hi Tony,

    We are working to provide more granular control for enforcing CA policies in general. Rather then applying a CA control like TOU or MFA at the app level, you would be able to apply it at some scoped permission with the app.

  2. 314 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Azure Active Directory » Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
    AdminAzure AD Team (Admin, Microsoft Azure) commented  · 

    We are working on this for conditional access policy and named locations now. API support for what if is something we've discussed but not on the near-term roadmap.

  3. 66 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Today, you can use conditional access to enforce MFA on a per-group basis. This is Microsoft’s recommended enforcement model.
    We will be updating the per-user enforcement of MFA to more closely match how conditional access works, but this is still in the design phase.

    Richard

    AdminAzure AD Team (Admin, Microsoft Azure) commented  · 

    Today, you can use conditional access to enforce MFA on a per-group basis. This is Microsoft's recommended enforcement model.
    We will be updating the per-user enforcement of MFA to more closely match how conditional access works, but this is still in the design phase.

  4. 35 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    AdminAzure AD Team (Admin, Microsoft Azure) commented  · 

    Our recommended approach to this situation is to not install MFA Server on premise. You can install the MFA adapter for NPS, which will proxy RADIUS request to Azure MFA in the cloud. This will support VPN or other RADIUS needs on-premise. https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-nps-extension

  5. 50 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    AdminAzure AD Team (Admin, Microsoft Azure) commented  · 

    We'll take this in consideration as we plan new features. In the short term, we are working on Graph API's that will allow you to change phone numbers in the StrongAuthentication fields.

  6. 226 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    AdminAzure AD Team (Admin, Microsoft Azure) commented  · 

    The MFA team is currently working on adding get/set/read/delete abilities for StrongAuthentication data to the Graph API.

  7. 120 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    AdminAzure AD Team (Admin, Microsoft Azure) commented  · 

    Azure MFA is currently designing the experience for FIDO 2.0. This is the next iteration of the FIDO U2F standard that the link references.

Feedback and Knowledge Base