Microsoft
Microsoft
MicrosoftHey folks! Thanks for all the great comments. I'll respond to them all here.
Q: "Why is this in the MFA Server blade in the Azure Portal?"
A: Great question--we're continuing to evolve our UX for MFA and credentials management. The next stage isn't ready yet, but when it is, OATH tokens will move to a better aligned, more aptly-named location.
Q: "FIDO2 and FIDO U2F?"
A: Yes, we love FIDO2! At Ignite, we announced private preview for FIDO2 support, and we're shooting for public preview early in 2019. We don't have plans, though, for FIDO U2F--we think going passwordless is much more important than having yet another second factor.
Q: "Once OATH is activated for a user, can they not sign-in using SMS or mobile app?"
A: Activating OATH doesn't change any credentials already registered for a user! It just sets OATH as their default MFA method. If the user wants to SMS, app, or any other cred, they can click "Sign-in another way" on the MFA screen. They can also change their default at MyApps > Profile > Edit Security Info.
Q: "Is there a way to disable support for multiple devices?"
A: No, it's on for all users.
Q: "What is the recommended procedure in case the token is damaged/lost/stolen?"
A: An admin can delete the token from the user in the admin interface. The user can also deactivate their token themselves from MyApps > Profile > Edit Security Info.
Q: "Why is the MFA Server blade saying we don`t have an Azure Premium License?"
A: It's a bug--sorry! We have a fix coded and are going to deploy shortly.
