Background

Based on an issue I raised in a discussion with Microsoft employees - first in public with Merill Fernando and https://twitter.com/inbarck - and then escalated into a private chat with:

• Inbar Cizer Kobrinsky
• Steve Turner
• Greg Kinasewitz

This article summarizes the discussion and is modelled as an exercise to go through.

The scenario

Introducing MFA policy at the company using Azure

Shared responsibility model

Originally brought up in the context of Microsoft, but also applies to other B2B scenarios

• Should the company allow inaccessible scenarios?
• Provide a common framework to handle accessibility requests and exceptions in the security policy

Inclusion at the design level

Include people with disabilities at the design level - before the policy is implemented

1. Ask for direct feedback at the company
2. Implement general recommended practices

Co-existing condtions

Test not only for separate conditions, but also consider co-existing conditions - i.e. how a person with both hearing and vision impairment would use the security policy at the company? With a particular focus on different sensory requirements

Provide an actionable feedback channel

1. Provide a feedback channel that’s actively listened to
2. In a place that’s easily discoverable for people with different disabilities