Kasper

My feedback

  1. 20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure Active Directory » Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
    Kasper commented  · 

    Bump.
    I need this for VPN through Conditional Access. Support said that our Hybrid AAD Joined machines get an MFA claim included in the Azure AD PRT.
    If a user leaves their machine unattended in a foreign location, they have SSO to all Azure apps and VPN to on-premises.
    We're not interested in MFA with Windows Hello for Business for this scenario, as we're dealing with machines with active user sessions. The machines themselves aren't that important, it's the VPN that we worry about.

    The ideal outcome is that we can bypass the MFA token in the PRT and force the user to provide their preferred MFA method.

    Kasper supported this idea  · 
  2. 10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Active Directory » Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
    Kasper supported this idea  · 
  3. 29 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Kasper supported this idea  · 
    Kasper commented  · 

    We want to integrate Conditional Access in our VPN profiles and we even made it work.
    Guess what - we've set Azure MFA to remember devices for 7 days, and we want that for most other apps, but not a VPN for Pete's sake.. It doesn't give us the option to NOT remember devices.

    We have to make the choice, either sacrifice usability of everyone else and require MFA on all devices, anytime they are outside our Named Locations/trusted ips, or to keep our current, inferior VPN vendor.
    This is something that's a no-brainer to include in Conditional Access per policy. "Allow device to remember for [x] days" Yes/No.

Feedback and Knowledge Base