Richard Brooks

My feedback

  1. 71 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Azure Active Directory » End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
    Richard Brooks supported this idea  · 
    An error occurred while saving the comment
    Richard Brooks commented  · 

    We use Federated Identity in Apple Business Manager to sync AppleIDs with Azure Active Directory. We also run Mosyle Auth which allows us to logon to our Macs with our Office 365 credentials. Mosyle Auth syncs local Macintosh user passwords with AzureAD, but unfortunately, I must use Mosyle's MDM, when I'd rather use Intune. It's pretty convoluted, but it works. This demonstrates what happens when Microsoft decides to let the market come up with solutions to a problem that they should have solved in the first place.

    An error occurred while saving the comment
    Richard Brooks commented  · 

    Hey there is! I gave up waiting for Microsoft to fix this - believe me I've been on this rant for four years. We just implemented Mosyle MDM (business.mosyle.com), which is $1.00 per device per month, and added their **just released** Mosyle Auth, which lets my Mac users authenticate against Azure AD (or AD, or ADFS, or Google) from their logon screen. Mosyle Auth is an add-on which costs $0.34 per device per month. It's not full-on AD join; it only performs an authentication that, when successful, takes you to your Mac desktop. It then has a mechanism that sync's your Mac's local password to Azure. Performs SSO as well though I haven't tried that yet. So far it's working OK for us.

    An error occurred while saving the comment
    Richard Brooks commented  · 

    And finally, please gather together all the similar posts that are making this request and put them together in ONE. Then we can truly see just how many people are asking Microsoft for this same functionality.

    An error occurred while saving the comment
    Richard Brooks commented  · 

    By the way, in the feature request entitled "Enable Apple Mac binding with Azure AD Domain Services", the idea was CLOSED without my question being answered. Here it is again, Azure AD Team Product Manager said "Moved to device registration based on user feedback that they want Macs to join Azure Active Directory (not Azure AD DS, which is possible) directly." But I can't find this feature request under Device Registration.
    Please tell me where I can go to this request so I can direct my Mac friends to go and vote for it.

    An error occurred while saving the comment
    Richard Brooks commented  · 

    So this idea keeps getting rejected one way or another. So here we go again: Microsoft needs to fix this - and take responsibility for the ability for Windows AND Macintosh to connect to Azure AD from the login prompt. This way we can ditch our on premise Active Directory servers once and for all. Then and only then will I stop making these posts.

  2. 5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Active Directory » Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Richard Brooks commented  · 

    I've been on this UserVoice site for 2-1/2 years asking for Mac AAD Join. Microsoft does not want to do this. I gave up and am just getting started using Mosyle MDM. They have a component called Mosyle Auth that replaces the Mac login and give the user a Microsoft login. On successful authentication, it lets the user into a local account with the same name, and runs a password sync agent. It's the least expensive MDM for Macs on the market. Jamf and JumpCloud are three times the price.

  3. 197 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Richard Brooks commented  · 

    We want to use our desk phone at the office for MFA. In fact it works, if we use the original (not the new SSPR and MFA combined) method. In that case, the AD field "telephoneNumber" gets propogated to the Office 365 "Office phone" field in the user's contact information. However, in Azure Active Directory > Authentication Methods, there is no field that picks up this number. When I paste the number (+1 905-544-5439 x219) into the "Alternate phone" field I get an "Invalid phone number format" error. This needs to be fixed, or we can't use the combined SSPR/MFA experience.

  4. 282 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Richard Brooks commented  · 

    We want to use our desk phone at the office for MFA. In fact it works, if we use the original (not the new SSPR and MFA combined) method. In that case, the AD field "telephoneNumber" gets propogated to the Office 365 "Office phone" field in the user's contact information. However, in Azure Active Directory > Authentication Methods, there is no field that picks up this number. When I paste the number (+1 905-544-5439 x219) into the "Alternate phone" field I get an "Invalid phone number format" error. This needs to be fixed, or we can't use the combined SSPR/MFA experience. And I can't see the "Authentication phone" field that's being mentioned in this thread. Where is it?

  5. 21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Active Directory » Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
    Richard Brooks supported this idea  · 
  6. 12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Azure Backup » MARS  ·  Flag idea as inappropriate…  ·  Admin →
    Richard Brooks shared this idea  · 
  7. 70 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Signup and Billing  ·  Flag idea as inappropriate…  ·  Admin →
    Richard Brooks supported this idea  · 
  8. 1,302 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Folks,

    Thanks for the questions and suggestions. And apologies for not sharing any update on this thread for so long. We’ve been working on this problem and have announced changes on our official team blog (see here: https://cloudblogs.microsoft.com/enterprisemobility/2016/09/15/cleaning-up-the-azure-ad-and-microsoft-account-overlap/).

    First, we are acutely aware of the UX pain this is causing and we are sorry for this. We are trying to undo a decade and a half of systems divergence. There are literally hundreds of different engineering teams across Microsoft involved in this effort. So this is taking time.

    Second, we can’t easily “merge” two accounts, or allow IT to “take over” personal Microsoft accounts. There are two main hurdles: (1) The terms of service are fundamentally different for the two account types and (2) they are based on different technologies with different stacks (different identifiers, SDKs, token formats, etc.). We’re working to converge the two stacks but again this…

    Richard Brooks supported this idea  · 

Feedback and Knowledge Base