I live in New York, where the speed limits on highways vary from 50 mph in NYC to 65 in the rural areas. My car is governed at 110 mph. Why? There is no reasonable scenario where that is smart to discover.
Microsoft has billions of users. The security needs of the US Department of Justice are not the same as my mom’s real estate office.
When you use 3rd party IdP, for example, how does Azure MFA know what the app is?
The configuration described was not out of the can. Somebody decided to make it the way it was.
Most likely due to some physical (not legal) issue that would make it mechanically unsafe to operate the vehicle above that speed even in an otherwise appropriate location. (Or perhaps it's due to some obscure state law, or the manufacturer is just out to spoil your fun, or ... who knows?)
More generally, I agree with the point you make here about the responsibility to configure things correctly. However, it seems to me that Microsoft is also on the hook for failing to include the necessary context when an MFA request is sent. It's a bit like selling a car with seat belts that superficially appear to work but fail at the slightest provocation, no?
Microsoft has billions of users. The security needs of the US Department of Justice are not the same as my mom’s real estate office.
When you use 3rd party IdP, for example, how does Azure MFA know what the app is?
The configuration described was not out of the can. Somebody decided to make it the way it was.