Azure Active Directory

Welcome to the Azure Active Directory Forum.

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Bitlocker sync status

    Is there a way to let a device sync to Azure Active Directory every hour or so if Bitlocker is still active? You can already see the decryption key and when it is registered. However, we have to have prove that the device was encrypted at the moment it was stolen.

    Thank you in advance!
    Roy

    2 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
    • Please make nested Groups for assigning groups to an app or app role possible!

      Why is this feature not already here after all those Years of Azure AD? its a "Basic" feature in On Prem AD why is it not in Azure ?

      2 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow all and future users from guest tenant to automatically be added as guest users.

        Allow all and future users from guest tenant to automatically be added as guest users without invitation email. This would mimic the classic AD trust.

        2 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
        • Option to choose between enterprise app and regular app registration

          Today all app registrations in B2C is registered as Enterprise Applications and are available for any AzureAD tenants. The consequence of this is that users from any teneant can create themself a access token that is valid for a application registered in B2C (resource/scope can be set to a resource outside own tenant). In many scenarios this poses a security challange as we in most cases want full control of which identities that can be authentication and granted access to own applications. This must be addressed when B2C support client_credential flow and on-behalf of flow. Please add an option for…

          2 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
          • Add some more fields to the App Registration and capture the id of the creator

            When creating app registrations in B2C it should be possible to add custom tags or a comment field so that we can register som additional inform ation about the app registration (e.g purpose, what application it is used for, who is the owner or contact person). It should also automatically register who created the app registration and when it was done (CreatedBy and Date)

            2 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
            • 1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
              • 1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                • Microsoft Azure AD Sync Windows service is not running or could not start

                  Microsoft Azure AD Sync Windows service is not running or could not start. As a result, objects will not synchronize with Azure Active Directory.

                  Start Microsoft Azure Active Directory Sync Services
                  1. Click Start, click Run, type Services.msc, and then click OK.
                  2. Locate the Microsoft Azure AD Sync service, and then check whether the service is started. If the service isn't started, right-click it, and then click Start.

                  event viewer ..
                  Windows Azure Active Directory has sent a redirection. Redirection url: https://adminwebservice-s1-co2.microsoftonline.com/ProvisioningService.svc. Code: 87. Description: Azure Active Directory has sent a service redirection to 'https://adminwebservice-s1-co2.microsoftonline.com/ProvisioningService.svc'. Server…

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
                  • Allow to sync authentication data (Alternate Email, Mobile Phone, etc) with Azure AD Connect.

                    The only seemingly supportable way that is currently documented to synchronize the authentication data properties in Azure AD is to user PowerShell.

                    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-data

                    This is not really a great Enterprise method to manage and keep user data up to date. For multiple reasons in various cases we prefer to set some of these properties for our user population. It would be a much better scenario to be able to use the already existing on-prem to Azure AD sync tool that is Azure AD Connect.

                    4 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                    • Correct behavior when Seamless SSO fails, so that the cursor is placed into password field.

                      Currently when Seamless SSO fails (example: due to signing on with a different user account than current), the cursor is placed into the username field rather than password. This typically then ends up having the user starting to type their password in clear text into the username field. This is especially a problem when sharing your screen with others, shoulder surfing, etc.

                      6 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
                      • Expose the passwordDescription field for application's client credential keys in Microsoft Graph API or Azure Graph API

                        Currently when get a list of keys for an application through the Graph API, it returns the startDate, endDate, KeyId and Type. However, through the Azure Web portal we are able the set and view a description field when we go to settings -> keys. I don't see why this field should not be exposed through the APIs as well.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Graph API  ·  Flag idea as inappropriate…  ·  Admin →
                        • Azure AD Privileged Identity Management - Display elevation propagation process

                          It would be beneficial to be able to track how the role elevation is propagating in the various components in Azure AD/Office 365. It's possible the you activate a role but it would only come effective several minutes later. From a user experience standpoint, the expectation is that everything is active right away once we receive the notification from the Azure Portal. If everything cannot get activated right away, it would be beneficial to be able to track the progress of the activation.

                          3 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
                          • Enable Connect-AzureAD to accept a x509 certificate object

                            For scenarios where importing and retrieving a certificate from a local certificate store isn’t possible, the ability to specify an x509 certificate would be a great addition. I’ve created my own REST based PS functions to do this as a workaround when connecting to a AAD within a VSTS task where a local certificate store isn’t available.

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                            • Allow Dynamics 365 (Online) to be blocked using conditional access

                              Allow Dynamics 365 to be blocked using conditional access, currently you cannot apply conditional access policies to Dynamics 365.

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                              • Dear Sirs, Could anyone help me to setup my Azure package bought through Office 365. I would like to have more knowledge on how to move my

                                Dear Sirs,

                                Could anyone help me to setup my Azure package bought through Office 365. I would like to have more knowledge on how to move my domain to Azure domains. I have paid Azure Premium Plan 2.

                                Regards,

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                                • AD Connect Sync stopped-deletion-threshold-exceeded: Allow to get an export list (CSV or Excel file) of all objects marked for deletion

                                  Allow the possibility to export the list of users that appear in threshold so they can be verified before disabling it.

                                  As you know, if you want to delete more than 500 objects in local AD, AD Connect won;t allow you to do this. We need a way to export those users just to make sure that they are not removed by mistake.

                                  https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-feature-prevent-accidental-deletes

                                  Thank you!

                                  4 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Enable full Language customization for Azure B2B

                                    Azure AD B2B sends verification code emails to external guests only in english. There is no possibility to change language & design? Besides, if the external user has to set the new passwort for his MSA/AAD, the page is in english and cannot be customized as well. Any plans on this? Or any other idea to get this working in local language? Any plans when there will be a possibility to customize the design? Thanks a lot!

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
                                    • MFA cloud-only solution should support an additional PIN option.

                                      In order to compete with equivalent solutions available today, it would be great to have the ability to enforce a PIN as a prefix or suffix to a verification code, or even as per the current on-premise MFA offering. This allows systems an additional "what you know" option, where primary authentication is weak or only deals with identification and not authentication.

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Offer granular controls for "Require Multi-Factor Auth to join devices" setting

                                        The setting "Require Multi-Factor Auth to join devices" always applies to all users and all kinds of device registrations (e.g. Device Registrations and Intune enrolments). As with other access controls (like Conditional Access for example), this setting should allow more granular controls.

                                        For example: To require MFA for device registrations done because of MAM without enrollment policies (Intune App Protection Policies without enrollment) you currently have to enable the setting mentioned above.
                                        -> This then automatically also enables MFA requirements for ALL Intune enrollments, without any way to exempt certain user groups or any other controls.

                                        Please offer some control…

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Enable "Owner" attribute for Group Object on Azure AD Connect Sync

                                          Currently, the group owner on Azure AD Portal is mapped to "Owner" attribute while the Office 365 Admin Portal is mapped to "ManagedBy". For a group which is synced from local AD to the AAD via AAD Connect, there is no way to update the "Owner" attribute on Azure AD.

                                          The AAD Connect does not support "Owner" attribute for sync and we can't assign "Owner" on Azure AD as it is a synced object.

                                          So to resolve this issue, the "Owner" attribute should be supported as an attribute for sync on the Azure AD Connect.

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 54 55
                                          • Don't see your idea?

                                          Feedback and Knowledge Base