6 votes1 comment · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
3 votes2 comments · Azure Active Directory » Privileged Identity Management · Flag idea as inappropriate… · Admin →
70 votes10 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
There is planned work to address this scenario. We don’t feel that backup codes provide a good security option as they’re often misplaced. Also, it’s hard to have users print them out and have them when they’re needed. Instead, we are looking at a time-limited passcode that could be generated either by the user (just in time when it’s needed) or by an admin (for example a helpdesk agent). The organization admin would have control over when a user could generate these codes. The code can be used for a limited time, then it will no longer be valid.
Note – for areas with limited cellphone connectivity (or roaming charges), the code generated in the authenticator app will allow MFA login. The time-limited passcode is meant to stand in if the user temporarily forgot/lost their phone.
can you provide some more details how the user could generate the passcode? Wouldn't that require another MFA option like U2F or UAF in the first place? I would like to have two independent MFA options and none of them should be SMS.
Push! This also very important as backup solution if your authenticator app is no longer working (e.g. faulty smartphone).
As far as I understand recovery / backup codes are more secure than a mobile number as MFA backup due to mobile number hijacking from carrier. Without this option you cannot remove the phone number because otherwise there is no MFA fallback option.
Looking forward to FIDO U2F but as of now backup codes are a quick win and common (e.g. Personal Microsoft Account).Alexander Filipin supported this idea ·
4 votesunder review · 1 comment · Azure Active Directory » Azure AD Connect · Flag idea as inappropriate… · Admin →
7 votes0 comments · Azure Active Directory » Provisioning from Cloud HR · Flag idea as inappropriate… · Admin →
Thanks for your feedback. This is under review. Please keep voting up to help us prioritize.
2 votes1 comment · Azure Active Directory » Self-Service Password Reset · Flag idea as inappropriate… · Admin →
Thank you for your feedback! To clarify, you want all eligible admins to receive a notification when an admin resets their password?
At this time, you can ensure that other admins are notified when an admin resets their password. Check out this setting under the Notifications tab in the Password reset section of the Azure AD portal.
Sadie Henry (sahenry)
Thank you for your feedback. We will review this request. Kepp voting to help us prioritize.
This ensures that the user accessing the application is actually the logged on user.