Home
%3CLINGO-SUB%20id%3D%22lingo-sub-1144696%22%20slang%3D%22en-US%22%3EUpcoming%20changes%20to%20Custom%20Controls%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1144696%22%20slang%3D%22en-US%22%3E%3CP%3EHowdy%20folks%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EToday%2C%20I%20would%20like%20to%20update%20you%20on%20our%20work%20to%20enable%20use%20of%20third-party%20multi-factor%20authentication%20(MFA)%20providers%20with%20Azure%20Active%20Directory%20(Azure%20AD).%20Customers%20have%20asked%20to%20use%20their%20existing%20third-party%20MFA%20investments%20with%20Azure%20AD.%20We%20provided%20a%20preview%20of%20this%20capability%20by%20extending%20Conditional%20Access%20through%20custom%20controls.%20Based%20on%20customer%20feedback%2C%20it%20is%20clear%20that%20this%20approach%20is%20too%20limited%2C%20so%20we%20are%20redesigning%20the%20feature%20to%20ensure%20we%20can%20give%20you%20all%20the%20functionality%20you%E2%80%99ve%20asked%20for.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20planning%20to%20replace%20the%20current%20preview%20with%20an%20approach%20which%20will%20allow%20partner-provided%20authentication%20capabilities%20to%20work%20seamlessly%20with%20the%20Azure%20AD%20administrator%20and%20end%20user%20experiences.%20Today%2C%20partner%20MFA%20solutions%20can%20only%20function%20after%20a%20password%20has%20been%20entered%2C%20don%E2%80%99t%20serve%20as%20MFA%20for%20step-up%20authentication%20on%20other%20key%20scenarios%2C%20and%20don%E2%80%99t%20integrate%20with%20end%20user%20or%20administrative%20credential%20management%20functions.%20The%20new%20implementation%20will%20allow%20partner-provided%20authentication%20factors%20to%20work%20alongside%20built-in%20factors%20for%20key%20scenarios%20including%20registration%2C%20usage%2C%20MFA%20claims%2C%20step-up%20authentication%2C%20reporting%2C%20and%20logging.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20current%2C%20limited%20approach%20will%20be%20supported%20in%20preview%20until%20the%20new%20design%20is%20completed%2C%20previews%2C%20and%20reaches%20%E2%80%9CGeneral%20Availability.%E2%80%9D%20At%20that%20point%2C%20we%20will%20provide%20time%20for%20customers%20to%20migrate%20to%20the%20new%20implementation.%20Because%20of%20the%20limitations%20of%20the%20current%20approach%2C%20we%20will%20not%20onboard%20any%20new%20providers%20until%20the%20new%20capabilities%20are%20ready.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20working%20closely%20with%20customers%20and%20providers%20and%20will%20communicate%20timeline%20as%20we%20get%20closer.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20always%20love%20to%20hear%20your%20feedback%20and%20suggestions%20and%20look%20forward%20to%20hearing%20from%20you!%20Let%20us%20know%20what%20you%20think%20in%20the%20comments%20below%20or%20reach%20out%20to%20us%20on%20Twitter%20(%3CA%20href%3D%22http%3A%2F%2Ftwitter.com%2Fazuread%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%40azuread%3C%2FA%3E).%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBest%20Regards%2C%3C%2FP%3E%0A%3CP%3EAlex%20Simons%20(%3CA%20href%3D%22http%3A%2F%2Ftwitter.com%2Falex_a_simons%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%40alex_a_simons%3C%2FA%3E)%3C%2FP%3E%0A%3CP%3ECorporate%20Vice%20President%3C%2FP%3E%0A%3CP%3EMicrosoft%20Identity%20Division%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1144696%22%20slang%3D%22en-US%22%3E%3CP%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EAn%20update%20on%20our%20work%20to%20enable%20use%20of%20third%20party%20MFA%20providers%20with%20Azure%20AD%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22custom_controls.jpg%22%20style%3D%22width%3A%20860px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F177896i5F8FA07FDFED0FE7%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22custom_controls.jpg%22%20alt%3D%22custom_controls.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1144696%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EProduct%20Announcements%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1243115%22%20slang%3D%22en-US%22%3ERe%3A%20Upcoming%20changes%20to%20Custom%20Controls%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1243115%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Alex%2C%3CBR%20%2F%3E%3CBR%20%2F%3EAmazing%20future%20capabilities%2C%20love%20the%20possibilities%20that%20will%20take%20us%20away%20from%20the%20old%20static%20approach%20to%20a%20more%20modern%20and%20dynamic%20world.%20Identity%20(even%20I(dentity)a(s)C(ode))%20is%20always%20an%20essential%20part%2C%20done%20right%20it%20will%20have%20the%20future%20impact%20on%20how%20modern%20software%20systems%20are%20developed%2C%20designed%2C%20configured%2C%20deployed%2C%20monitored%2C%20integrated%20and%20how%20they%20utilizes%20modern%20security%20concepts.%20But%20first%20and%20foremost%2C%20this%20will%20probably%20put%20the%20company%20in%20focus%3B%20those%20who%20own%20the%20apartment%20(tenant)%20whether%20it's%20in%20the%20public%20sector%2C%20private%20sector%20or%20international%20organizations.%20We%20need%20even%20better%20possibilities%20to%20stop%20identity%20theft..%3CBR%20%2F%3E%3CBR%20%2F%3EBest%20regards%3CBR%20%2F%3EMrSmith%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1243584%22%20slang%3D%22en-US%22%3ERe%3A%20Upcoming%20changes%20to%20Custom%20Controls%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1243584%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F53477%22%20target%3D%22_blank%22%3E%40Alex%20Simons%20(AZURE)%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3Ecan%20you%20give%20an%20example%20for%20where%20this%20capability%20take%20place%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F53477%22%20target%3D%22_blank%22%3E%40Alex%20Simons%20(AZURE)%3C%2FA%3E%26nbsp%3Bplease%20ignore%2C%20I%20found%20one%20%E2%80%94%20greats%20feature!%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E

Howdy folks,

 

Today, I would like to update you on our work to enable use of third-party multi-factor authentication (MFA) providers with Azure Active Directory (Azure AD). Customers have asked to use their existing third-party MFA investments with Azure AD. We provided a preview of this capability by extending Conditional Access through custom controls. Based on customer feedback, it is clear that this approach is too limited, so we are redesigning the feature to ensure we can give you all the functionality you’ve asked for.

 

We are planning to replace the current preview with an approach which will allow partner-provided authentication capabilities to work seamlessly with the Azure AD administrator and end user experiences. Today, partner MFA solutions can only function after a password has been entered, don’t serve as MFA for step-up authentication on other key scenarios, and don’t integrate with end user or administrative credential management functions. The new implementation will allow partner-provided authentication factors to work alongside built-in factors for key scenarios including registration, usage, MFA claims, step-up authentication, reporting, and logging.

 

The current, limited approach will be supported in preview until the new design is completed, previews, and reaches “General Availability.” At that point, we will provide time for customers to migrate to the new implementation. Because of the limitations of the current approach, we will not onboard any new providers until the new capabilities are ready.

 

We are working closely with customers and providers and will communicate timeline as we get closer.

 

We always love to hear your feedback and suggestions and look forward to hearing from you! Let us know what you think in the comments below or reach out to us on Twitter (@azuread). 

 

Best Regards,

Alex Simons (@alex_a_simons)

Corporate Vice President

Microsoft Identity Division

4 Comments
New Contributor

Hi Alex,

Amazing future capabilities, love the possibilities that will take us away from the old static approach to a more modern and dynamic world. Identity (even I(dentity)a(s)C(ode)) is always an essential part, done right it will have the future impact on how modern software systems are developed, designed, configured, deployed, monitored, integrated and how they utilizes modern security concepts. But first and foremost, this will probably put the company in focus; those who own the apartment (tenant) whether it's in the public sector, private sector or international organizations. We need even better possibilities to stop identity theft..

Best regards
MrSmith

Senior Member

.

Regular Visitor

Hi Alex - This is good news.  We have been using custom controls since they came out, we have probably experienced first hand most of the limitations.  Due to some of the current limitations we had put ADFS :( back into the authentication flow, hopefully these improvements will allow ADFS to be removed, while keeping our third party MFA.

 

We added ADFS back in to send a static MFA claim as we hit a problem with Windows hello requiring the user to enrol into MS MFA as the custom control did not satisfy the the "MFA Claim".

Senior Member

This is encouraging news! We have been using the custom controls for over a year now and can relate to some of the challenges mentioned. We'd love to participate in the private preview, whenever you are ready.