Azure Active Directory

Welcome to the Azure Active Directory Forum.

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support cloning of CA policies

    Support cloning of existing policies in the UI

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
    • Allow support for logical rules

      Please consider adding support for logical rules. It would make some rule sets easier to understand.

      Basically a rule that does nothing with the "None" option

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow more than 250 characters for 'Sign-in Page Text'

        Currently the maximum character count for the 'Sign-in Page Text' is 250. This is not suitable for many organisations who want their staff to adhere to a longer Access policy.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Branding  ·  Flag idea as inappropriate…  ·  Admin →
        • Provide details of license dependency in subscribed sku resposne

          It would be very if we get details of which license plan depends on which another license plan of same SKU. Because many times we get failure in license plan assignment/removal with error like

          License assignment failed because service plan <a>depends on the service plan(s) <b>

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Graph API  ·  Flag idea as inappropriate…  ·  Admin →
          • Ability to group Azure Conditional Access rules

            Consider adding some kind of grouping functionality within Conditional Access. This would make things a lot more simple

            Somekind like this: https://blogs.technet.microsoft.com/isablog/2009/11/25/forefront-tmg-rule-grouping/

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
            • Get JSON response from Office365 Usage Graph APIs

              Currently graph APIs (beta) for Office 365 usage return the response in csv format. Though this is good for some scenarios, but when it comes down to consuming these APIs grammatically, then it adds an overhead of parsing the csv.

              It would be great if these APIs can also return the response in Json format.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Graph API  ·  Flag idea as inappropriate…  ·  Admin →
              • REMOTE DESKTOP SERVICES Windows 2012 R2

                I would like to setup remote desktop services in Win2012R2 with MFA but authenticate to Azure AD, is this possible? I would like to avoid authenticating to on-prem domain controllers with S2S VPN. I have peering setup between RDS VNet and Azure AD vnet, please advise

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                • Support comments/description for Conditional Access policies

                  Support comments/description for Conditional Access policies

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                  • Change tracking for Conditional Access Policies

                    Support some kind of change tracking or auditing in regards to changes made for Conditional Access Policies?

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                    • See all invitations and pending invitations

                      When sending invitations via API, the returned status is 'PendingAcceptance' (the docs don't reflect this status as an expected one, but that doesn't really matter for this). What's more important is being able to request the status for an invitation, or at a minimum a GET on /invitations to see all pending. As it is now, I can't ever see the status of an invitation after the initial invitation creation happens.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
                      • Hey suckers, the create app form on Application Registration Portal cannot be saved! It is embarrassing!

                        Hey suckers, the create app form on Application Registration Portal cannot be saved! It is embarrassing!

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                        • Add MFA support to Secure the Windows 10 logon

                          Creating a way to secure the Logon to a Windows 10 workstation with MFA would then remove much of the complexity required to secure all the applications installed upon it (such as DA etc).

                          This would need to have the ability to store offline logins somehow which is possible with RSA SecurID.

                          It would and the final touches to a really great solution.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                          • Add a Keep Me Signed In capability for B2C

                            Allow a user to click a KMSI check box which would set a persistent cookie that allows users to bypass authentication the next time they visit the site.

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                            • Signup an signup o signin policy : disable all fields on the form until the code validation has been performed

                              The first user feedback show us clearly that it will be useful to disable all the field (like firstname, country) until they have validated their verification code. It's working already this way for the "Create" button.

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                              • Cannot save web platform added to app in Application Registration Portal

                                Whether I create an app on
                                https://identity.microsoft.com/portal/register-app
                                or edit an existing app on
                                https://identity.microsoft.com/#/appList
                                I cannot add a web platform. The Save button on the registration page is always disabled. Only the Discard Changes button works.

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  4 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                • Azure MultiFactor Service

                                  Dear Microsoft,

                                  We would like to be able to programmatically set the "White List IP's" in Azure Multi Factor Service. In some cases , our end points change IP Address, and we would like to be able to set these IP Addresses using a powershell script to similar. This would be particularly important if we have a large number of end points changing IP address on a regular basis.

                                  Thank you.

                                  2 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                  • AAD connect often reports sync errors inappropriately

                                    AAD connect often reports sync errors inappropriately. When we change an email address on-prem and then assign the old email address to a new and different object, no conflict ever exists on-prem, but AAD Conect will process ADDS prior to processing DELETES or MODIFICATIONS during its batch run, causing it to report a attribute conflict that never existed. It is a one-time conflict that is naturally resolved immediately after being reported, but would never have to be reported at all if the order of operations during a sync were a bit more intelligent (perform deletes and modifications prior to adds…

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                    • Implement a way to manually initiate dynamic device group membership evaluations

                                      Currently, there is no SLA/timeframe on when dynamic AAD device groups evaluate memberships.

                                      Here is the recommended troubleshooting steps for these groups not populating, straight from the Azure portal:
                                      "Please allow time for the group to populate. Depending on the size of your tenant, the group may take up to 24 hours for populating for the first time or after a rule change."

                                      If admins are using dynamic AAD device groups for any sort of application deployment or policy targeting, waiting up to 24 hours may not be reasonable. It would be very helpful if there was a way to…

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Support backend services calling into Graph API fully, including UserPassword credential and token refresh.

                                        Documentation on MS sites seems to have the single minded view that all "apps" are client side and the user will be accepting/granting auth via a popup/browser. APIs aren't just for the front end user and trawling the poor MS docs for Azure AD/Graph API etc. is frustrating. Even this article doesn't really make sense:

                                        https://msdn.microsoft.com/en-us/office/office365/howto/building-service-apps-in-office-365

                                        There are so many issues with it. It's very straight forward to get a client connected to the Graph Explorer (using the GraphServiceClient in Microsoft.Graph nuget library, even when passing in a UserPasswordCredential. However, the issue is that the token you get back cannot…

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          2 comments  ·  Graph API  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Support current password when changing a user's password

                                          When you change a user's password using the update user operation you supply a passwordProfile. This profile only allows for the new password. Add a new property to the passwordProfile for the current password and only allow the change if the current password is correct.

                                          https://msdn.microsoft.com/en-gb/library/azure/ad/graph/api/users-operations#ResetUserPassword

                                          2 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Graph API  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 41 42
                                          • Don't see your idea?

                                          Feedback and Knowledge Base