AdminAzure AD Team
(Product Manager, Microsoft Azure)
My feedback
-
1 vote
-
382 votes
Hi
We’ve begun work on exposing policies through MS Graph and PowerShell. I can’t give a date yet, but I’m it is in the pipeline.
Thanks,
CalebWe are working on this for conditional access policy and named locations now. API support for what if is something we've discussed but not on the near-term roadmap.
-
70 votes9 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
Today, you can use conditional access to enforce MFA on a per-group basis. This is Microsoft’s recommended enforcement model.
We will be updating the per-user enforcement of MFA to more closely match how conditional access works, but this is still in the design phase.Richard
Today, you can use conditional access to enforce MFA on a per-group basis. This is Microsoft's recommended enforcement model.
We will be updating the per-user enforcement of MFA to more closely match how conditional access works, but this is still in the design phase. -
36 votes8 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
Our recommended approach to this situation is to not install MFA Server on premise. You can install the MFA adapter for NPS, which will proxy RADIUS request to Azure MFA in the cloud. This will support VPN or other RADIUS needs on-premise. https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-nps-extension
Richard
Our recommended approach to this situation is to not install MFA Server on premise. You can install the MFA adapter for NPS, which will proxy RADIUS request to Azure MFA in the cloud. This will support VPN or other RADIUS needs on-premise. https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-nps-extension
-
52 votes7 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
We’ll take this in consideration as we plan new features. In the short term, we are working on Graph API‘s that will allow you to change phone numbers in the StrongAuthentication fields.
Richard
We'll take this in consideration as we plan new features. In the short term, we are working on Graph API's that will allow you to change phone numbers in the StrongAuthentication fields.
-
262 votes30 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
The MFA team is currently working on adding get/set/read/delete abilities for StrongAuthentication data to the Graph API.
Richard
The MFA team is currently working on adding get/set/read/delete abilities for StrongAuthentication data to the Graph API.
-
127 votes12 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
Azure MFA is currently designing the experience for FIDO 2.0. This is the next iteration of the FIDO U2F standard that the link references.
Richard
Azure MFA is currently designing the experience for FIDO 2.0. This is the next iteration of the FIDO U2F standard that the link references.
Hi Tony,
We are working to provide more granular control for enforcing CA policies in general. Rather then applying a CA control like TOU or MFA at the app level, you would be able to apply it at some scoped permission with the app.