AdminAzure AD Team
(Product Manager, Microsoft Azure)
My feedback
-
3 votes
An error occurred while saving the comment -
5 votes
An error occurred while saving the comment Hi Tony,
We are working to provide more granular control for enforcing CA policies in general. Rather then applying a CA control like TOU or MFA at the app level, you would be able to apply it at some scoped permission with the app.
-
766 votes
We’ll be wrapping up work soon, after making updates from feedback we’ve received so far. We should have a public date soon.
-Caleb
An error occurred while saving the comment We are working on this for conditional access policy and named locations now. API support for what if is something we've discussed but not on the near-term roadmap.
-
91 votes9 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
Today, you can use conditional access to enforce MFA on a per-group basis. This is Microsoft’s recommended enforcement model.
We will be updating the per-user enforcement of MFA to more closely match how conditional access works, but this is still in the design phase.Richard
An error occurred while saving the comment Today, you can use conditional access to enforce MFA on a per-group basis. This is Microsoft's recommended enforcement model.
We will be updating the per-user enforcement of MFA to more closely match how conditional access works, but this is still in the design phase. -
40 votes9 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
Azure AD Team
responded
Our recommended approach to this situation is to not install MFA Server on premise. You can install the MFA adapter for NPS, which will proxy RADIUS request to Azure MFA in the cloud. This will support VPN or other RADIUS needs on-premise. https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-nps-extension
Richard
An error occurred while saving the comment Our recommended approach to this situation is to not install MFA Server on premise. You can install the MFA adapter for NPS, which will proxy RADIUS request to Azure MFA in the cloud. This will support VPN or other RADIUS needs on-premise. https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-nps-extension
-
67 votes7 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
We’ll take this in consideration as we plan new features. In the short term, we are working on Graph API‘s that will allow you to change phone numbers in the StrongAuthentication fields.
Richard
An error occurred while saving the comment We'll take this in consideration as we plan new features. In the short term, we are working on Graph API's that will allow you to change phone numbers in the StrongAuthentication fields.
-
822 votes122 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
We’re really pleased to let you know that we’ve released the first authentication method APIs to public preview:
https://docs.microsoft.com/graph/api/resources/authenticationmethods-overview
So far there are APIs for managing phone numbers and password resets. When phone numbers are set with the API, the user can use that number for MFA and SSPR (as allowed by your tenant’s policy).
The team is hard at work at building out APIs for all of the other authentication methods, and we’ll update the response here as they’re released.
An error occurred while saving the comment The MFA team is currently working on adding get/set/read/delete abilities for StrongAuthentication data to the Graph API.
-
160 votes15 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
Azure MFA is currently designing the experience for FIDO 2.0. This is the next iteration of the FIDO U2F standard that the link references.
Richard
An error occurred while saving the comment Azure MFA is currently designing the experience for FIDO 2.0. This is the next iteration of the FIDO U2F standard that the link references.
Hi, could you clarify this more?