We have restarted work on this feature. However, we don’t have a date for public preview yet.
We have this automated using the AZ powershell but are plagued with the error: "Updates to converged applications are not allowed in this version."
Inability to control the Access token version ("accessTokenAcceptedVersion": 2)
Inability to programmatically grant consent - API doesn't exist (even with a GA service account)
We are looking to add additional MFA options for Azure AD B2C in the next few months. As part of the investigation, we want to learn more about your requirements. Email your feedback to firstname.lastname@example.org.
When you say “support for Microsoft Authenticator”, which feature are you referring to?
1. The ability to see the codes in the authenticator app
2. The ability to receive push notifications for MFA
If both, which do you prefer more?
Again, please email your feedback to email@example.com. Feel free to include more details about your scenarios/requirements!
We are working to enable this feature. We should have another update by Dec 2018.
Consider adding built in policy definitions similar to apigee:
This is especially critical for a native azure solution since you cannot put an App Gateway in front of APIM and still support Mutual Authentication with certificate checks.
An important item to track here would be to support the KeyVault Sign operation for HSM backed Certificates used for backend mutual authentication (AKA Private Key Non Exportable + RSA-HSM ). This would important so Backend gateway "client cert" credentials can be used for mutual authentication in FIPS compliant fashion with the native KeyVault integration.
Also, rather than using the APIM key store, why not allow the use of KeyVault for public certs? This would be especially useful if expiration notices were sent. See: https://feedback.azure.com/forums/906355-azure-key-vault/suggestions/37844218-support-storing-certificates-without-private-keys
Please see http://aka.ms/apimdevops for (work in progress) guidance and tools around automating deployment across multiple API Management environments.
Thanks for the feedback – be great to get continued input on this. Keep the votes coming!
Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature
Thanks for all your feedback so far. This is something we are looking to address relatively soon. Please stay tuned.
Please consider adding a "x-forwarded-client-cert" style header so we can validate the client certificate in downstream proxies (ex: Azure Api Management)
Now in Preview:
please go here to sign-up:
How about supporting Certs where only public key is available - need to have notifications when these are expiring : https://feedback.azure.com/forums/906355-azure-key-vault/suggestions/37844218-support-storing-certificates-without-private-keys
Adding another scenario: use the KV for inbound mutual authentication where only the public key is known.
*checking certificate details (thumbprint, x5t, CN, expiration)
*tracking certificate expiration
*comparing x5t header from other services (ex: APIM)