Dan Smith
My feedback
-
807 votes118 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
We’re really pleased to let you know that we’ve released the first authentication method APIs to public preview:
https://docs.microsoft.com/graph/api/resources/authenticationmethods-overview
So far there are APIs for managing phone numbers and password resets. When phone numbers are set with the API, the user can use that number for MFA and SSPR (as allowed by your tenant’s policy).
The team is hard at work at building out APIs for all of the other authentication methods, and we’ll update the response here as they’re released.
An error occurred while saving the comment An error occurred while saving the comment Dan Smith
commented
Can the status for this request be changed from "UNDER REVIEW" to "STARTED"?
The last official post (almost a year ago) stated that the MFA team was working on implementing this. This is an extremely important feature which will fill a large gap for us. Can we please get an official statement?
Thank you.
An error occurred while saving the comment Dan Smith
commented
Okay, this is our 1st check-in for 2019 on this request. Does Microsoft have any information about when this feature will be ready for use?
An error occurred while saving the comment Dan Smith
commented
Hello, is there any update on this feature?
This is a major gap in functionality which is critically needed.Dan Smith
supported this idea
·
An error occurred while saving the comment Dan Smith
commented
We have over 12,000 users we need to provision for MFA.
I know we can enable MFA via PowerShell, but there doesn't seem to be a way to update the "StrongAuthenticationUserDetails" attribute (Alt. Phone, Email, etc.) programmatically.
This is turning out to be a huge pain for us. Does anyone have a timeline for when we'll be able to do this?
-
274 votes35 comments · Azure Active Directory » Self-Service Password Reset · Flag idea as inappropriate… · Admin →
Hi folks – apologies for the lack of updates here. This work is still in progress but unfortunately we don’t have an ETA that we can share yet. We will update as soon as we do. Thanks!
An error occurred while saving the comment Dan Smith
commented
We're coming up on 1 year since the last update from Microsoft.
Could we get some information about when this capability will be available?
-
1,816 votes
We’re currently evaluating an option that will provide the functionality offered by nested groups, but removes the complexity nested groups adds. We appreciate your patience on this ask and want to ensure we deliver a solution that benefits all of our customers. Below are use cases that we’d like for you to stack rank, with #1 being priority for you. We thank you for the continued comments and feedback.
Use case A: nested group in a cloud security group inherits apps assignment
Use case B: nested group in a cloud security group inherits license assignment
Use case C: nesting groups under Office 365 groupsDan Smith
supported this idea
·
An error occurred while saving the comment Dan Smith
commented
Use case D: extend dynamic groups to support references to other groups
Example:
(user.memberOf -contains "MyOtherAzureGroupName")
(user.memberOf -notcontains "EvilUsersGroup")
-
18 votes
Thanks for this feedback. This is something that has been in our backlog, and having your input helps us to prioritize this.
You can currently write your own runbook to use to check in other artifacts as a workaround. You may want to take a look at http://blogs.technet.com/b/privatecloud/archive/2014/05/08/automation-mvp-spotlight-series-tfs-and-service-management-automation-better-together.aspx to see how this was done with TFS and convert to modules.
An error occurred while saving the comment Dan Smith
commented
Amen to this idea!
We have extensive PowerShell modules which would benefit from a deeper Github integration with the modules gallery and/or imported custom modules.
Dan Smith
supported this idea
·
-
3 votesDan Smith
shared this idea
·
-
963 votes71 comments · Azure Active Directory » Groups/Dynamic groups · Flag idea as inappropriate… · Admin →
Thank you for your feedback! The feature team is aware of this suggestion and will keep it under consideration. There are technical challenges to overcome in order to make this happen. Please keep the votes coming if this feature matters to you.
Chen
Dan Smith
supported this idea
·
An error occurred while saving the comment Dan Smith
commented
I could really use this right about now...
I need to create a dynamic group which consists of any users who are not presently members of another particular group.
-
16 votesDan Smith
shared this idea
·
-
4 votesDan Smith
shared this idea
·
-
5 votesDan Smith
supported this idea
·
-
40 votes9 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
Azure AD Team
responded
Our recommended approach to this situation is to not install MFA Server on premise. You can install the MFA adapter for NPS, which will proxy RADIUS request to Azure MFA in the cloud. This will support VPN or other RADIUS needs on-premise. https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-nps-extension
Richard
Dan Smith
supported this idea
·
An error occurred while saving the comment Dan Smith
commented
We feel that the Azure AD Team's initial response to this question is unacceptable.
Our users interact with numerous Azure-based applications as well as on-premises applications which require MFA authentication. The lack of synchronization between on-premises MFA and Azure MFA is a critical gap in functionality.
Hello Everyone (and Microsoft),
I was the one who originally posted this back in 2018...
We've since given up and have deployed Duo across our enterprise - https://www.duo.com
Duo has been extremely flexible, it is reasonably priced and has excellent support. I encourage everyone to ditch Microsoft Azure MFA and adopt a different product.