Chad
My feedback
-
98 votes15 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
An error occurred while saving the comment Chad
supported this idea
·
-
131 votes
An error occurred while saving the comment Chad
commented
This is a starting point via IEF: validate new PW doesn't match (current) PW. Nutty this is not available out of the box
https://github.com/azure-ad-b2c/samples/tree/master/policies/password-reset-not-last-password
Chad
supported this idea
·
-
30 votes
An error occurred while saving the comment Chad
commented
Conditional Access for B2C is in preview: https://docs.microsoft.com/en-us/azure/active-directory-b2c/conditional-access-identity-protection-setup#supported-identity-protection-risk-detections
It does mention supporting the BOT related "malware linked IP" rules from big daddy AAD CA: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#sign-in-risk
Does not exactly seem to be CAPTCHA related though - if you want human detection consider: https://github.com/Azure-Samples/active-directory-b2c-node-sign-up-user-flow-captcha
Chad
supported this idea
·
-
2 votesChad
shared this idea
·
-
2 votesChad
supported this idea
·
-
40 votesunder review · 4 comments · Azure Active Directory » Privileged Identity Management · Flag idea as inappropriate… · Admin →
An error occurred while saving the comment Chad
commented
Sending alerts to O365 email groups is problematic, they generally dont get delivered for reasons unknown.
Try adding SMS provider email domains into those groups - those really dont work!
Would be nice to get some webhook functionality for teams/slack (outside of channel emails for the reasons mentioned above).
Chad
supported this idea
·
-
29 votesstarted · 1 comment · Azure Active Directory » Privileged Identity Management · Flag idea as inappropriate… · Admin →Chad
supported this idea
·
-
Azure B2C custom user attribute validation like using regex, range etc. e.g. postcode, date of birth
67 votesThe immediate term is to make this possible by giving you full control of the B2C provided pages (sign up, sign in, etc) by allowing custom javascript (https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/15493536-add-support-for-javascript-inside-the-custom-ui-br).
Chad
supported this idea
·
-
80 votes
We’re looking at this feedback and along with work for verification emails, looking to do some work around customization to completely remove the Microsoft brand and allow this depth in customization. Please bear with us as we are looking at how best to prioritize these changes.
/Sam
Chad
supported this idea
·
-
99 votes
This is not planned for the next 6 months. If this is needed for your scenario, please continue voting and we will re-evaluate at a later.
Chad
supported this idea
·
-
87 votes
There is a current configuration to allow users to choose to remember a device for MFA: https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-whats-next#remember-multi-factor-authentication-for-trusted-devices
Additionally, we’re looking at providing more controls for this through conditional access.Chad
supported this idea
·
-
91 votes
This is a scenario we are looking to support in the future however, it is not on our immediate roadmap for the next 6 months. Please continue voting and we will evaluate at a later date.
Chad
supported this idea
·
-
118 votes
We have a private preview of this feature available. If you are interested in joining, please contact aadb2cpreview@microsoft.com with the name of your tenant.
/Sam
Chad
supported this idea
·
-
124 votes
Hi all, unfortunately we don’t have plans to share out a public roadmap. This is constantly changing as we’re listening to customer requests. We will continue to update feedback.azure items as they come up so feel free to suggest anything you are curious about.
Chad
supported this idea
·
-
142 votes
An error occurred while saving the comment Chad
commented
AADB2C90146 - The scope provided in request specifies more than one resource for an access token, which is not supported.
Due to this limitation, we are unable to request an access token for more than 1 downstream API during SSO - as other commenters have mentioned, this leads to structuring your APIs to be monolithic or avoid using user tokens and move toward system tokens (omitting policy from the B2C STS and using straight OAuth)
Chad
supported this idea
·
-
166 votes
We are in the process of planning this feature and hope to have a preview available by the end of november. In the meantime, could you please respond to aadb2cpreview@microsoft.com with your responses to the following questions:
- If you had a “password change” policy, what kind of information would you like to get back once the policy has been executed?
- Would you prefer to have a policy that forces you to sign in first, and then asks you to change the password, or one that let’s you do it all on the same page?
- Would you want an email to get sent out to the user whenever the password is changed?Chad
supported this idea
·
-
340 votes
We have started the planning for this feature and hope to have a preview by the end of the calendar year. In the meantime, could you respond to aadb2cpreview@microsoft.com with the answers to the following questions:
- In which scenarios do you plan to force the user to change his/her password?
- What kind of information (if any) would you like to get back if the user goes through the reset flow?
- Do you currently or plan to track which users have reset their password?Chad
supported this idea
·
-
406 votes
We have a sample for this use case here: https://github.com/azure-ad-b2c/samples/tree/master/policies/invite
Let us know what you think and if this fits your use case.
Chad
supported this idea
·
-
1,142 votes
We continue evaluating several alternatives to provide full email customization. We are actively working on an alternative.
Unfortunately we do no yet have an ETA.
Chad
supported this idea
·
-
1,034 votes
We’ve recently picked up this work again and apologize for the lack of updates.
The approach we previously pursued did not work well and we’re re-pivoting to a different solution that will enable custom domains to be easier to set up and manage.
We hope to have this ready for a public preview late-2020 or early-2021.
Chad
supported this idea
·
Basic security on a b2c tenant that must immediately be disabled when using automation for advanced things like OAUTH permissions granting :(