cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Attestation/account verification for Viral/Just in time users

Bally Kahlon
Brass Contributor

‎Jul 06 2017 09:12 AM - last edited on ‎Jan 14 2022 04:48 PM by

‎Jul 06 2017 09:12 AM - last edited on ‎Jan 14 2022 04:48 PM by

Attestation/account verification for Viral/Just in time users

For viral/JIT client users, we need to have validation set at regular intervals to ensure the user is still a part of their organisation.  Currently, there is no validation in place for these JIT users.  Are there any plans to address this and timings?

Labels:
2,273 Views
3 Likes
6 Replies
Reply
6 Replies
Mark Wahl

‎Jul 06 2017 09:18 AM

‎Jul 06 2017 09:18 AM

Re: Attestation/account verification for Viral/Just in time users

Hi Bally, we have heard this ask from several customers and it is definitely on our roadmap.  For background, we have access reviews today in Azure AD as part of Azure AD PIM for a different scenario - attestation of users who have privileged roles assigned to them.  Currently we plan to leverage this access reviews approach to enable organizations to ensure their invited guest users confirm they have a continued need for access.  This is particularly important for organizations engaging with guests which come from an un-managed tenant which has no user lifecycle process in place. No dates yet but when we have more updates in this area we'll post to the Enterprise Mobility blog: https://blogs.technet.microsoft.com/enterprisemobility/  Thanks, Mark

3 Likes
Reply
Bally Kahlon

‎Jul 06 2017 09:24 AM

‎Jul 06 2017 09:24 AM

Re: Attestation/account verification for Viral/Just in time users

Thanks Mark.  We've tested the access review and this does not meet our needs around attestation.  Our ideal scenario would be to have periodic (i.e. MFA only required every 60/90 days) where the MFA was tied to email address.  Does that make sense?  

0 Likes
Reply
Mark Wahl

‎Jul 06 2017 09:36 AM

‎Jul 06 2017 09:36 AM

Re: Attestation/account verification for Viral/Just in time users

Yes it does, periodic reviews to confirm the user is still receiving emails at their home organization email address  (e.g., @live.com or @contoso.com) are not yet in preview.   Thanks!

0 Likes
Reply
Harald Rau

‎Apr 09 2018 06:21 AM

‎Apr 09 2018 06:21 AM

Re: Attestation/account verification for Viral/Just in time users

Mark, do we have an update on the periodic account verification for viral/JIT users? I have checked but couldn't find any news about that in the Enterprise mobility blog.

0 Likes
Reply
Brian Guthrie

‎Jul 18 2018 11:16 AM

‎Jul 18 2018 11:16 AM

Re: Attestation/account verification for Viral/Just in time users

Was there any more info provided on this possible capability to verify periodically?

0 Likes
Reply
Bally Kahlon

‎Nov 15 2018 07:37 AM

‎Nov 15 2018 07:37 AM

Re: Attestation/account verification for Viral/Just in time users

This will be handled by NOPA (passwordless account) whereby a validation code will be sent to the corporate email address when the user requires access.  Interested to hear others views on this...

0 Likes
Reply