MikeN

My feedback

  1. 33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Networking » DNS  ·  Flag idea as inappropriate…  ·  Admin →
    MikeN supported this idea  · 
  2. 870 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    132 comments  ·  Virtual Machines  ·  Flag idea as inappropriate…  ·  Admin →
    MikeN supported this idea  · 
  3. 579 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    21 comments  ·  Networking » Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
  4. 27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Networking » Virtual WAN  ·  Flag idea as inappropriate…  ·  Admin →
    MikeN shared this idea  · 
  5. 70 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    There is planned work to address this scenario. We don’t feel that backup codes provide a good security option as they’re often misplaced. Also, it’s hard to have users print them out and have them when they’re needed. Instead, we are looking at a time-limited passcode that could be generated either by the user (just in time when it’s needed) or by an admin (for example a helpdesk agent). The organization admin would have control over when a user could generate these codes. The code can be used for a limited time, then it will no longer be valid.

    Note – for areas with limited cellphone connectivity (or roaming charges), the code generated in the authenticator app will allow MFA login. The time-limited passcode is meant to stand in if the user temporarily forgot/lost their phone.

    Richard

    MikeN supported this idea  · 
  6. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    MikeN shared this idea  · 
  7. 280 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    49 comments  ·  Azure Active Directory » Domain Services  ·  Flag idea as inappropriate…  ·  Admin →

    UPDATE 01/06/2020
    Multiple scenarios are still being investigated.

    CONFIRMED that NPS and Azure AD Domain Service can work with the Azure MFA NPS extension to enable MFA for RDP to virtual machines. That said, Azure Bastion Host (https://docs.microsoft.com/en-us/azure/bastion/bastion-overview) provides the same value without the additional infrastructure of NPS. We have a doc bug created to add the nuance to our documentation, which is to 1) Skip registering the NPS server and 2) ensure your network policy has “Ignore user account dial-in properties” selected.
    Leaving the topic open as we continue to investigate/validate other NPS use cases (e.g. VPN and 802.x scenarios)

    Mike Stephens
    Senior Program Manager
    Azure Identity
    IAM Core | Domain Services

    MikeN supported this idea  · 
  8. 42 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    MikeN commented  · 

    I agree that this would improve the overall security posture of Microsoft MFA. Various 3rd party MFA solutions do require that you unlock the device in order to approve a notification. A scenario would be an employee walks away from their computer, doesn't lock the OS and they also leave their phone on their desk. Someone could walk up to an app that does Single Sign On but it also requires MFA, the unauthorized user is then able to access the MFA protected app without proving that they are authorized to use the mobile device.

    MikeN supported this idea  · 
  9. 76 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    MikeN commented  · 
    MikeN supported this idea  · 
  10. 7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Active Directory » PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
    MikeN shared this idea  · 
  11. 1,609 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    92 comments  ·  Storage » Files  ·  Flag idea as inappropriate…  ·  Admin →

    As you mentioned, we initiate a change detection job once every 24 hours to enumerate the Azure file share and scan for changes. This is required for the Azure file share because Azure Files currently lacks a change notification mechanism like Windows Server has. Long term we will add this capability and have automatic immediate sync.

    There is now a way to trigger sync to happen on files that are placed directly in the Azure File share. With this new cmdlet you can point sync to particular files or directories and have it look for changes right then. This is intended for scenarios where some type of automated process in Azure is doing the file edits or migrations are done by an admin (like moving a new directory of files into the share). For end-user changes, the best thing to do is install Azure File Sync in an IaaS VM…

    MikeN commented  · 

    I agree with this.
    In the current state, this is basically useless for production scenarios.

    Real-time syncing would be ideal.
    At a minimum it needs to be every 15 minutes if you really want to market this as being a managed service alternative to DFS.

    MikeN supported this idea  · 
  12. 252 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    47 comments  ·  Azure Active Directory » Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
    MikeN supported this idea  · 
2 Next →

Feedback and Knowledge Base