SAML login for VPN
With the recent enhancements to Azure AD MFA implementing number matching, this would be a huge boost for security with the mobile workforce.
Currently, we can use RADIUS via approve/deny or purchase AuthPoint at an additional license fee and use tokens. For those of us already paying for Azure AD, it would be nice to tie it all in together without another purchase.
Unfortunately RADIUS does not support anything except for approve/deny and that is now being exploited through "MFA fatigue" attacks, where an attacker repeatedly sends MFA requests to your device until you approve. Number matching removes this problem.