Child pages
  • 2020-01-13 azuread-govteam mtg

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Update: AAD/O365 2FA project & Expand MFA project [time boxing this to 15m max]

    • Conditional Access design/operations (includes CHG expectations)
    • Azure MFA remember me settings to match emerging Duo remember me
    • Per-User opt-in & per-org requirement, with UW requirement following later in year
    • Both Shib & AAD likely to share same opt-in group, but still need to work out how to handle exceptions
    • Likely to prevent MFA requests to Shib IdP at ADFS from AAD relying party (to prevent "double" MFA logons)
    • Timing still unclear, but as you know we have some users already in place, so timing is about being ready at scale
  • Discuss: MS recommendation to remove user consent [time boxing this to 15m max]
    • Current status: no change has been made. Acknowledgement that we should consider adding additional conditions to monitor/alert.
    • Is there broad agreement that removing user consent is too disruptive w/o better rationale?
    • What additional conditions might we alert on? And/or what additional review practices should we implement?
  • Discuss: Azure AD Strategy on a Page [time boxing this to 20m max]
  • Discuss: Enable hybrid AAD join & office proplus device licensing [time boxing this to 15m 10m max]
    • Some very limited exploration of hybrid join happening today.
    • Would like agreement we can expand exploration as broadly as all MWS computers to explore the impacts in a semi-well understood environment before we consider flipping to a default of all NETID joined are hybrid joined.
    • Hybrid joined is needed for Office ProPlus device licensing, and also enables a variety of security controls and scenarios
  • Update: AMC SSO conversations [time boxing this to 5m max]
    • Draft report written by UWM staff presented to Slayton/Cris; unclear what will happen next
    • Solutions require significant resourcing and/or strategy shift from UWM
  • Update: Hybrid Cloud for AD joined: Expressroute hub vnet project to get resourcing [time boxing this to 5m max]
  • Input on backlog & Future discussion topic input