Azure Active Directory

Welcome to the Azure Active Directory Forum.

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Improved Connector Space Search

    From a support point of view, the limited search options when viewing a connector's connector space can make finding an object somewhat time consuming especially when there is a high number of objects and distinguished names don't relate to the user (e.g Portal objects!). Trying to find an object usually means loading all objects, setting the columns, ordering and then manually looking through the objects.

    It would be great if we could have a more advanced search feature when viewing the connector space to quickly find an object based on unique attributes (similar to the Metaverse search).

    3 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
    • Add possibility to send cumulative Approval Requests in a single notification

      Some customers not want receive emails for every event and prefer have a single email with list of all events.
      I suggest to add a flag to Approval Action to send Approval notifications with a cumulative Emails to every approval user. Add an options in configuration can define a timer for send these emails.

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
      • Improve user experience in MIM Synch Client

        A list of simple user experience improvements:
        - Add Clipboard copy support from all cell and group of cells
        - Add Clipboard copy support to all lists
        - Add CSV Export capability to Opration list, Metaverse Search, Connectors Search, Joiner Search results
        - Renew combobox (the actual allow digit only first char to search terms)
        I've many more requests to submit about interface but I will post different suggestions

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
        • Add possibility to install Synch Engine Client on different Computer

          Many customers not allow access with RDP to Server in specific zone of network (Like DMZ) except global admins. Without an external client in some case is impossible to manage MIM Synch Engine.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
          • Custom objects with membership attributes

            Thanks for adding the ability for users to join and leave the membership of a custom object in the recent hotfix. A really useful feature. Will you now be able to provide us with another hotfix that will give us the ability to refer to these objects in MPRs, and/or to include their membership in Sets (Resource ID in <custom object>)?

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
            • Dynamic Groups: Member of group

              Would be good to have the possibility to use membership in other groups as a condition in a dynamic group membership rule.

              Example:
              (user.objectId -memberOf group.objectId)
              (user.objectId -notMemberOf group.ObjectId)

              Use case 1 - Group Based Licensing.
              If the user is member of a group that gives them a E5 license, don't let them be member of a group that gives them E3.

              Use case 2 - Exceptions
              All users should have a MDM policy applied, accept those of a specific group.

              3 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
              • Support administration of Azure Information Protection with a PIM account.

                Azure Information Protection requires a permanent Global Administrator permission to be assigned and does not support a eligible Global Administrator account.

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
                • Refresh Tokens can take a long time to be exchanged

                  We are seeing an issue where it is taking a while for a refresh token to be exchanged.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                  • Allow multi-tenant automatic registration of windows domain-joined devices

                    The guide available here:

                    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup

                    Is not multi-tenant aware.

                    This prevents the use of meaningful conditional access polices where multiple customers are sharing the same source Windows Server OnPrem AD in a hybrid 365 scenario.

                    I would like a solution that allows the SCP information to be delivered by an alternate means, GPO for example.

                    We could then sync multiple customers in AD to multiple 365 tenants and implement conditional access effectively.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                    • Review and update FIM/MIM RCDC XML Reference documentation with historical hotfix changes and latest changes to schema

                      As MIM 2016 SP1 has evolved from FIM 2010, there have been changes made to the RCDC schema that are not centrally located. This information is contained in several hotfixes over the years, so updating the RCDC XML reference with changes and notes of differences over time would be helpful instead of having to walk through Hotfix KB articles. Current Reference material for FIM 2010 - https://technet.microsoft.com/en-us/library/ee534918(v=ws.10).aspx

                      8 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        1 comment  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
                      • Azure AD doesn't yet tell a cohesive story

                        The EMS offering seems to me like a hodgepodge of products put together and while they COULD all work well together, they really don't. For example. Parts of MIM compliment Azure AD, parts compete with it, and parts just don't work (group management of AD groups to be used for app provisioning for example). ATA works on prem, even though it's part of EMS. Native auth to Azure AD works for Windows 10 clients only. Macs, even with Enterprise Connect, are left in the lurch. When you try to leverage Azure AD as an LDAPS source for mac, it still…

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Make a App for AzureAD PIM to activate my roles

                          Please Make a App for AzureAD PIM to activate my roles - so that the admin user that's only are using portal.office.com need to go into portal.azure.com to active the PIM roles (like global admin)

                          5 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
                          • Allow users to use their email on sign in even though the adress is associated with an account

                            When we invite external users to our Azure AD, we use an email that they provide. This works fine for a lot of cases. However, in some situations, the user gets a message like this:

                            You have been invited to access <somedomain>
                            To access applications in the <someorg> organization, you'll
                            need to sign in with <yourEmail>. This email
                            address is associated with an account named
                            <someaccount>

                            To get this to work, the user needs to use the account as login, and not the email we used to invited them. This is very confusing for the users, as some of them…

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
                            • Improve Azure Authenticator App to require password or touch id validation before approving push request.

                              Currently, if you receive a push notification to the Azure Authenticator app while the phone is locked, merely swiping the notification and selecting View allows access to approve (or deny) the request. Other authenticator apps (Google, Lastpass, etc.) require the device password or touch id (on iOS) before the request can be approved. This is a security flaw and needs to be fixed.

                              2 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                              • Translation are bigger than window

                                Some localized translations (for example Czech) are bigger than window to fit in. Some are also not so good at all. For example screen from branding.

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  2 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                • Azure AD Connect "PasswordNeverExpires" Attribute not synced correctly

                                  Last tests done with version 1.1.443.0 of AAD Connect

                                  The User Attribute "PasswordNeverExpires" is not synced correctly from OnPremise to AAD (when doing an inital sync of an user account). Furthermore later changes of this Attribute are not synced correctly to the AAD.

                                  I had different/random results when testing with this. Sometimes the initial value was transfered correctly to the Cloud accounts but the a change was not synced. Sometimes directly the initial value was wrong (when syncing a user the first time).

                                  Kind Regards
                                  Robin K.

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                  • When installing the MIM Language packs on a second server, provide the option to just install the local files and not update the MIM Service

                                    When installing the language packs on second portal servers, it would be nice to have an option to skip the installer updating all the locals in the Service/Database as this has already been done during the initial install on the primary server, and slows down the time it takes to patch the environments.

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Support Inheriting Roles in Nested Groups

                                      Group 1
                                      Has a Role from my Application
                                      Has a Member called Group 2

                                      Currently, roles in nested groups are not transitive. If I am a member of Group 2 above, I do not have the Role granted to Group 1, even though Group 2 is a member of Group 2.

                                      I can't believe, this is not implemented, I wasted 3 hours trying to figure this out.

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Where can I see the IP address of my AD server

                                        I need the IP address of the AD server

                                        2 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                        • allow api windows.graph.net to query the AAD Tenant's trust relationships with Azure Subscriptions

                                          allow api graph.windows.net or graph.microsoft.net to query the AAD Tenant's trust relationships with Azure Subscriptions. These trust relationships exist in the classic azure portal under Settings showing the Azure Subscription and the default AAD

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Graph API  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 37 38
                                          • Don't see your idea?

                                          Feedback and Knowledge Base