Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

Allow all Admin Console access to require MFA

Make everything more secure by requiring Multi-Factor auth for console access. Bonus: make it work over the internet securely.

38 votes
Vote
Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
You have left! (?) (thinking…)
Admindjam (Product Director, or Executive, System Center Configuration Manager) shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

7 comments

Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
Submitting...
  • Daniel Clemow commented  ·   ·  Flag as inappropriate

    creating a security settings that when enabled, requires approval from (one or more) other SCCM administrators before a deployment is allowed to become alive/active perhaps may be an easier solution? Accessing SCCM console over MFA enabled Remote desktop, or Direct Access is probably easier and safer than publishing the console to the Internet?

  • ASM commented  ·   ·  Flag as inappropriate

    The MFA should be defined individual per user in the console

  • ASM commented  ·   ·  Flag as inappropriate

    A hardening of the application (administrative console) would be very appreciated. Because of that username and passwords can stolen very easy.

  • ASM commented  ·   ·  Flag as inappropriate

    A hardening of the application (administrative console) would be very appreciated. Because of that username and passwords can stolen very easy.

  • Kadir Unal commented  ·   ·  Flag as inappropriate

    SCCM Server has very important and powerful rights. When an attacker gains access to site server, he can easily destroy the systems in a very short time. (Formatting disks of all clients or servers etc.)

    To be a second protection algorithm, when required deployment is set, the user should be entered a PIN or another MFA method. So, even an attacker has access to sccm server, he cannot destroy the systems with several steps.

Feedback and Knowledge Base