GPS is for the audit log. I can go into my AAD security center (security.microsoft.com) and view a history of logins in my org that include IP address and approx location.
> GPS is for the audit log. I can go into my AAD security center (security.microsoft.com) and view a history of logins in my org that include IP address and approx location.
You can already get a rough idea of location using just the IP address. Surely enough to know if your user logged in from the same country/state/ISP as usual. Is that really a situation where you need pin point location accuracy? Do you really need to know which room of their house they were in?
Whatever fringe feature is used to justify the access it's not required for authentication and there's nothing to enforce that those are the only situations in which Microsoft will use the access you've given them. Microsoft and Google are in the data collection/ad pushing business and I can't blame folks for wanting to limit the amount of data they leak to those parties.
IP is useless if you are using a VPN a lot of corporate uses of MS will also have a VPN . Many times the vpn won't even exit in the same country so can't use IP.
These kind of logs are typically demanded by customers and customers inturn have either strong compliance requirements (HIPAA FEMA , ITAR etc ) or have suffered breaches and react with collecting a ton of info in a effort to keep it more secure.
That is not say MS is innocent, just that enterprises would demand this anyway.
> Surely enough to know if your user logged in from the same country/state/ISP as usual.
Same ISP, maybe. Every single customer of my ISP shows up (using "IP geolocation") as being in a small office building in a non-descript town. Is that where they are? No, it isn't even where the ISP's main hardware is, that's just an office, the geo-location maps every address assigned to them to their registered place of business, and nothing more.
And to be sure it isn't "required for authentication" and yet, just as with the password rotation nonsense and a dozen other requirements, somewhere there will be a business that is absolutely certain they require this feature, so Microsoft checked the box. That's all Microsoft are interested in, you want to give us $1B but we must check a box? Box checked.
You want Linux support? Box checked. You want package management? Box checked. None of these things are done well but box checking exercises aren't about doing it well they're about checking the box. I assume if you're into actually doing a good job you either soon leave Microsoft or you find some niche team where they'll let you do that in peace.
> That's all Microsoft are interested in, you want to give us $1B but we must check a box? Box checked.
Microsoft is now a company whose purpose is data collection and targeted ad pushing so they've lost any benefit of the doubt. You can be certain that for every scrap of data they're collecting it isn't collected because they are only interested in feature creep/bloat. At this point we have to treat them no differently than Google. We're left assuming that they'll take whatever data they can extract from you so they can use it against you. Their own practices and privacy policies don't offer any reassurances either.
You can already get a rough idea of location using just the IP address.
Being able to correlate the location of the user with the location of the login request is very useful to determine the risk profile of this particular login attempt.
GPS is for the audit log. I can go into my AAD security center (security.microsoft.com) and view a history of logins in my org that include IP address and approx location.
Camera: QR code enrollment https://support.microsoft.com/en-us/account-billing/add-your...
Storage is likely for backing up or temporary files, but i'm not sure.