Cameron Gocke

My feedback

  1. 119 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    27 comments  ·  Azure Active Directory » Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
    Cameron Gocke supported this idea  · 
  2. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Active Directory » Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
    Cameron Gocke shared this idea  · 
  3. 32 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Azure Active Directory » B2C  ·  Flag idea as inappropriate…  ·  Admin →
    Cameron Gocke supported this idea  · 
  4. 46 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Azure Active Directory » End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
    Cameron Gocke supported this idea  · 
  5. 20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    need-feedback  ·  5 comments  ·  Azure Active Directory » Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
    Cameron Gocke commented  · 

    To elaborate, with the Intune ability to integrate and issue certificates, but only from an Enterprise CA, this feature would be immensely helpful. We currently cannot use our Microsoft CA within Azure AD Domain Services b/c of the restriction on the ability to create an Enterprise CA.

    Cameron Gocke supported this idea  · 
  6. 260 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    47 comments  ·  Azure Active Directory » Domain Services  ·  Flag idea as inappropriate…  ·  Admin →

    CONFIRMED that NPS and Azure AD Domain Service can work with the Azure MFA NPS extension to enable MFA for RDP to virtual machines. That said, Azure Bastion Host (https://docs.microsoft.com/en-us/azure/bastion/bastion-overview) provides the same value without the additional infrastructure of NPS. We have a doc bug created to add the nuance to our documentation, which is to 1) Skip registering the NPS server and 2) ensure your network policy has “Ignore user account dial-in properties” selected.
    Leaving the topic open as we continue to investigate/validate other NPS use cases (e.g. VPN and 802.x scenarios)

    Mike Stephens
    Senior Program Manager
    Azure Identity
    IAM Core | Domain Services

    Cameron Gocke supported this idea  · 
  7. 14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure Active Directory » Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Justin, thanks for the feedback! It will definitely be helpful to have managers as the reviewers, there is a “manager” attribute in AAD’s user profile, but it’s currently a string only. We are working to improve the architecture first, then we can leverage the data to automatically assign managers to be reviewers. If you have any more feedback or questions on this, feel free to comment on this thread or email accessreviews@microsoft.com.

    Cameron Gocke commented  · 

    @Justin Long, I think the existing Access Review routine already allows for this doesn't it? You setup an Access Review for an application and schedule it to happen automatically?

  8. 23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure Active Directory » Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for all the feedback, we have made progress on this and the ability to apply the same policy to multiple groups (and applications) is now live! You can include multiple groups or apps in a single Azure AD access review for group membership or app assignment. Access reviews with multiple groups or apps are set up using the same settings and all included reviewers are notified at the same time. (more info in “What’s new in AAD, Feb 2019” https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/whats-new)

    We’ll be continuing to work on applying an Access Review policy to new groups as they are created, and update here when that’s done.

    /Fionna :)

    Cameron Gocke commented  · 

    I agree with the latter statement the most. What I really want is to be able to create a single Quarterly Access Review and have it apply to all of the Groups I select and automate the whole process from one scheduled routine.

    Cameron Gocke supported this idea  · 

Feedback and Knowledge Base