Gerry

My feedback

  1. 14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  3 comments  ·  Azure Active Directory » Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
    Gerry commented  · 

    Hi Mike,

    Thanks for the feedback here. It was originally for the following use case(s)

    - For troubleshooting and being able to see exactly when attributes have been synced between the 2 directories. I know internally MS have a report on this

    - The second one was round a ticket I raised (119052025000811) as per the attached file.

    Gerry shared this idea  · 
  2. 280 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    49 comments  ·  Azure Active Directory » Domain Services  ·  Flag idea as inappropriate…  ·  Admin →

    UPDATE 01/06/2020
    Multiple scenarios are still being investigated.

    CONFIRMED that NPS and Azure AD Domain Service can work with the Azure MFA NPS extension to enable MFA for RDP to virtual machines. That said, Azure Bastion Host (https://docs.microsoft.com/en-us/azure/bastion/bastion-overview) provides the same value without the additional infrastructure of NPS. We have a doc bug created to add the nuance to our documentation, which is to 1) Skip registering the NPS server and 2) ensure your network policy has “Ignore user account dial-in properties” selected.
    Leaving the topic open as we continue to investigate/validate other NPS use cases (e.g. VPN and 802.x scenarios)

    Mike Stephens
    Senior Program Manager
    Azure Identity
    IAM Core | Domain Services

    Gerry commented  · 

    @mike Stephens. First of it's great that you are actively commenting on and reviewing the user voice forums.

    The set up you have confirmed below we have had working for about 18 months. The main issue we have with this configuration relates to password changes.

    i.e. user changes password in azure AD. There is then a period where the synchronisation process runs to update the password in AADDS. Due to this 'sync lag' which seems to vary in time and we have very little visibility over as per the user voice I raised below, means that users cannot use WiFi through the NPS\AADDS solution until this process completes (Its particularly bad with new users).
    If Radius authentication could be done directly against Azure AD it would remove these challenges.

    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/37841206-azure-active-domain-services-synchronisation-repor?tracking_code=98fb452c99d5689ff43326ac49293a91

    Gerry supported this idea  · 
  3. 58 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Gerry commented  · 

    Would really like to see this feature. It's causing us issues with Azure only users tha thave no O365 license

    Gerry supported this idea  · 

Feedback and Knowledge Base