Alexander Filipin

My feedback

  1. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Alexander Filipin shared this idea  · 
  2. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Alexander Filipin shared this idea  · 
  3. 3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Alexander Filipin shared this idea  · 
  4. 69 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    There is planned work to address this scenario. We don’t feel that backup codes provide a good security option as they’re often misplaced. Also, it’s hard to have users print them out and have them when they’re needed. Instead, we are looking at a time-limited passcode that could be generated either by the user (just in time when it’s needed) or by an admin (for example a helpdesk agent). The organization admin would have control over when a user could generate these codes. The code can be used for a limited time, then it will no longer be valid.

    Note – for areas with limited cellphone connectivity (or roaming charges), the code generated in the authenticator app will allow MFA login. The time-limited passcode is meant to stand in if the user temporarily forgot/lost their phone.

    Richard

    Alexander Filipin commented  · 

    Hi Richard,
    can you provide some more details how the user could generate the passcode? Wouldn't that require another MFA option like U2F or UAF in the first place? I would like to have two independent MFA options and none of them should be SMS.

    Alexander Filipin commented  · 

    Push! This also very important as backup solution if your authenticator app is no longer working (e.g. faulty smartphone).

    As far as I understand recovery / backup codes are more secure than a mobile number as MFA backup due to mobile number hijacking from carrier. Without this option you cannot remove the phone number because otherwise there is no MFA fallback option.

    Looking forward to FIDO U2F but as of now backup codes are a quick win and common (e.g. Personal Microsoft Account).

    Alexander Filipin supported this idea  · 
  5. 4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    Alexander Filipin shared this idea  · 
  6. 3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    Alexander Filipin shared this idea  · 
  7. 7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Alexander Filipin shared this idea  · 
  8. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Thank you for your feedback! To clarify, you want all eligible admins to receive a notification when an admin resets their password?

    At this time, you can ensure that other admins are notified when an admin resets their password. Check out this setting under the Notifications tab in the Password reset section of the Azure AD portal.

    Thanks,
    Sadie Henry (sahenry)

    Alexander Filipin commented  · 

    Please ping me at af@ocg.de and I will forward you more details.

  9. 18 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure Active Directory » Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
    Alexander Filipin commented  · 

    This ensures that the user accessing the application is actually the logged on user.

    Alexander Filipin shared this idea  · 

Feedback and Knowledge Base