MicrosoftDear Microsoft-Team,
First of all I am very happy to read that you support OAUTH-Tokens! We have already obtained some and apart from a few flaws (mentioned above, like not describing the OAUTH-Method distinctively, but still showing as Code from Authenticator App) it works very well.
However, there is one thing that bothers our administrators and I hope that you will improve this once the Preview progresses into an official release:
When we receive the OAUTH-Hardwaretoken (e.g. SafeID - Deepnet) we register it on the Azure platform. This could be done for a bulk order of more than 1000 devices with a csv-file. BUT, when we actually want to activate the OAUTH-Token, this has to be done by the Azure administrator as well - manually. He has to enter the generated code from every single hardware token that has been registered before.
On the other hand, with smartphones users can purchase, register and activate the authenticator app on that particular device themselves without the need of an administrator.
My question: Do you think you can create a process, where IT can register OAUTH-hardware tokens (not FIDO, but SafeID - Deepnet) on Azure through CSV files, but let users activate the hardware tokens themselves? I would imagine that during the activation process the azure will check the serialnumber of the token to verify that the token has been registered through an Azure administrator and thus make it trustworthy.
This would be such a relief, since users could even obtain hardware tokens themselves in case of a loss or theft, contact our IT, pass through the serial number, get their hardware token registered and then activate the hardware token themselves.
Thanks for your consideration!
Cheers
