This will help if a user succumbs to the "Verify your account" phishing attack. If someone gets access to the account, they can change the "Update my phone numbers used for account security" settings for the user.
Of course, Conditional Access can help to enforce MFA given certain "Trusted Locations." This does not work for nomad users like Salesmen or Field Agents who may or may not use VPN on their BYOD. In a perfect world, everyone would have a device registered to Intune/Airwatch. But, most of IT is to empower business while trying to implement a frictionless security framework.
We have heard the feedback and we’ve added it to our upcoming investments. While we do not have a date for this yet, we hope to be able to provide one soon. Thank you for the continued feedback.
I agree. If the user sees the app before we do and management has not approved its use or has not assessed how to make the product compliant, it's hard to take these features away or even to restrict the app the be compliant with company policy.
It just invites unnecessary political tension or the idea that "IT always says no," then we get shadow IT. It's like trying to put the genie back in the bottle.
These are great features, but they should allow the admin and governance time to see how to implement it in compliance with the company policy.
I agree with this. Especially when we have to promptly produce and explain logs.