Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Daniel McAuley

My feedback

  1. 518 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    41 comments  ·  Azure Active Directory » Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Daniel McAuley commented  · 

    We would like the ability to granularly modify the failure notices which are shown to users when they do not meet conditional access requirements.

    For example, with COVID19, we have made changes to conditional access policies to only allow authentication from North America. However, when an employee logs in from outside of this region, they are presented with the following notice: "Your sign-in was successful but does not meet the criteria to access this resource. For example, you might be signing in from a browser, app, or location which is not support by your admin".

    This is a wealth of information for a threat actor as they would now know they have valid credentials and they may attempt to log in from different geographies to circumvent conditional access.

    We would love the ability to granularly modify the notification for conditional access policies to provide a much simpler answer with less details. For example, "Authentication failure. Please contact your administrator".

    Daniel McAuley supported this idea  · 

Feedback and Knowledge Base