Azure Active Directory

Welcome to the Azure Active Directory Forum.

How can we improve Azure Active Directory?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Merge office365 and live accounts that use the same email address

    I use both Azure/msdn and office 365
    I already had an msdn account mvdl@our-company.com ( Windows Live account) and our company recently migrated to Office 365 which resulted in a mvdl@our-company.com Office365 account.

    Wich is causing a lot of grieve when switching between asure web portal / msdn web portal / office 365 web portal

    Even when I have no portals open, I cant switch accounts. I need to explicity open the portal that I last logged in to. Log out, and then I can switch accounts.

    And having both office 365 portal and Azure portal open at the same…

    1,693 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      110 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

      Our team owns the Microsoft account and Azure AD sign-in/sign-up experiences. We know that some experiences are confusing for some of you and we’re working hard to simplify them.

      More specifically:

      1) We know a number of users have multiple accounts with Microsoft, some they created themselves and others they got from their work or school. Today, using multiple accounts in Office 365, Azure.com or VisualStudio.com requires you sign out of one account and sign in to another. To address this we’re building the ability to be signed in with more than one account at the same time, in the same browser. This should start showing up on Microsoft web properties later this year.

      2) There’s a small number of Microsoft business services that only support “Live ID” accounts, and not organizational accounts that are used for other business services like Office 365. Examples include MSDN and Volume Licensing. We’re…

    • usertype

      Be able to see and change the userType from the portal.
      (This is only available in Powershell : example: change from Guest -> member, in order to see the directory as an external user.)

      Set-MsolUser -UserPrincipalName xxxhotmail.com#EXT#@xxxhotmail.onmicrosoft.com -UserType Member

      369 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
      • Enable legacy Windows Server Active Directory functionality for compute services

        I want use this Windows Azure Active Directory services to standard compute services to remove complecation.
        for example, we need Active Directory for building failover cluster services IaaS. I don't want to make DC only for that...

        289 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          8 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
        • 223 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            26 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
          • Update the Azure Active Directory PowerShell Module to allow MFA

            According to MS Support [1] you cannot use an account with MFA to connect to AAD via PowerShell. This is a problem, because most activities done with PS require Admin rights, and we want Admin accounts to have MFA.

            I did some digging and I believe this limitation comes from the fact that the AAD PowerShell module still uses the Microsoft Online Services Sign-In Assistant [2] for authentication.

            It looks like MS is updating Office applications to use ADAL instead of the MSOL Sign-in Assistant to "enable new authentication flows, including support for Multi-Factor Authentication (MFA)." [3]

            I propose making…

            199 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              10 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
            • Remove requirement for onprem Exchange when using DirSync

              as per : http://tinyurl.com/kqgjvqx

              Currently for a small business who want password sync, but make the move to 365. they have to keep Exchange running on premise simply to be able to edit user attributes related to Exchange. - an active directory DLL, standalone app or simply support in the 365 portal would solve this for so many customers.

              182 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
              • Add Azure Active Directory to portal.azure.com

                As more services become only available for management in portal.azure.com (such as API Apps), it's annoying to have to go back to the "old" portal.

                169 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  19 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

                  New features are starting to show up in the new portal so we are making progress but the whole migration is not complete yet.

                  You have Privileged Identity Management and Azure AD ID Protection in the new portal.

                  When you go to the Application Panel you will also see preview of the new look and feel of that as a preview.

                  Will get back to this thread asap when I have more to share on the full migration.
                  - Brjann Brekkan
                  Program Manager Customer Success Team

                • Fix Error AADSTS50020 when logged in user doesn't have permissions to selected Application.

                  Currently if the logged in users doesnt exist in the Tenant Directory for a given application. The user is shown a very unhelpful page with the following:

                  Sorry, but we’re having trouble signing you in.
                  We received a bad request.

                  The debug error is :
                  AADSTS50020: User account 'some email address' from external identity provider 'https://sts.windows.net/someguid/'; is not supported for application 'https://someappurl'. The account needs to be added as an external user in the tenant. Please sign out and sign in again with an Azure Active Directory user account.

                  164 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    9 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
                  • Graph API: Single query way to expand property of children

                    Impossible to get members of Azure AD group with expanded 'manager' property in one request.
                    for example:
                    https://graph.windows.net/<tenant_id>/directoryObjects/<group_id>/members/?api-version=1.6&$expand=manager

                    we gets the following response:
                    {"code":"Request_UnsupportedQuery","message":{"lang":"en","value":"An unsupported query was observed. Please ensure you query does not navigate across multiple reference-properties."}

                    I suppose reason of such response is clear. and current workaround is the following:
                    1) Get group members
                    2) for each five members(using OData batch) get manager
                    But this way make us do a lot of requests to Azure AD and we expect performance degradation here.

                    We develop multi tenant application which access Azure AD of all our customers and it's…

                    140 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Graph API  ·  Flag idea as inappropriate…  ·  Admin →
                    • 116 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        8 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                        under review  ·  Robert FallerRobert Faller responded

                        Please provide more details. DirectAccess is an on-premises technology and as such may not fall into Azure Active Directory.

                      • SSO / Sign in to Azure via Google Apps IDP

                        We'd like to enable our users for lots of Azure services (incrementally), starting with some RemoteApp services. We do *not* want to move user authentication to Azure AD (users have lots of complex Google Apps logins, with 2-Factor and U2F Keys).

                        Is there an easy way for us to enable Google Apps as an IdP in Azure AD?

                        Like, can we copy user profiles from Google Apps -> Azure, and on login attempt, redirect to the Google Apps sign in screen?

                        113 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
                        • Device-level authentication as primary authentication like ADFS 4.0 (Windows 2016) in Azure AD

                          It would be AWESOME, if Azure Active Directory would provide device-level authentication as primary authentication like ADFS 4.0 (Windows 2016)

                          We need this please!

                          90 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            2 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
                          • Support for Single page application (angularJs) in AD B2C

                            By when we are expecting support for SPA apps in AD B2C? Any tentative date?

                            89 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              8 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                            • Get user membership groups in the claims with AD B2C

                              As it's possible in the standard AD by changing the API application manifest option "groupMembershipClaims" to "SecurityGroup", is it possible to return user membership group in the claims with AD B2C?

                              Now, we can have only the default and custom attributes by adding a signin policy, but it's impossible to get user membership groups.

                              87 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                              • Add Application's ServicePrincipal using powershell

                                Today it's possible to add an applications serviceprincipal to a customer's tenant using msol Pow-ershell cmdlets. BUT unfortunately a serviceprincipal created using powershell is not visible is the userers Azure Management portal. According to Azure Support:
                                "You will not be able to use the Azure PowerShell cmdlets to have your application be visible within the Azure Management Portal as the cmdlets do not support this functionality. The only option at present is to use the Azure Management Portal to register and add the application to Active Directory."
                                My suggestion is to add this functionality to the Powershell cmdlets.

                                77 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  3 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                                  under review  ·  Robert FallerRobert Faller responded

                                  Your suggestion has been passed to the appropriate Program Manager for their review.

                                • AADB2C: Send email invitation for new user to sign up

                                  I would like the ability to trigger an email invitation be sent to new users for our web application that I want to authenticate with AADB2C. In our multi-tenant design, each tenant will be responsible for adding their own users to their tenant. I would like the admin of the tenant to be able to send an email invitation to the new user and then that user can complete the sign-up process.

                                  76 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Enable Self Service Password Reset from Windows 10 Sign In Screen

                                    Azure AD self service password reset works great. The issue being if a user cannot log on they haven't a browser to access the portal easily.

                                    Can the reset portal be integrated with a "Forgotten my password" link on the Sign In screen. Azure AD join integrates with web based services such as MFA so it hopefully the foundations are there.

                                    75 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      5 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Azure AD Application Proxy – add ability to publish on-prem Remote Desktop Web Access.

                                      Now we use MS TMG (with RSA SecurID 2-factor authentication) to publish RDWeb and RD Gateway to Internet. We need a replacement for MS TMG and RSA 2-factor authentication.
                                      We want to publish our on-prem RDWeb sever to Internet via Azure AD Application Proxy. This solution should support Azure Multifactor authentication and RD Gateway.

                                      73 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Add Custom Identity Provider feature to Azure AD

                                        We have a custom IDp on old ACS and use ADAL v1 to auth a desktop app. We need to use new thinks of ADAL v2 or newer versions.

                                        We already have this app in production so we realy need a way to use Azure b2c with our custom identity provider. In fact we want the feature of custom Idp in Azure AD in order to substitute ACS.

                                        69 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Add ability to create service principal and grant permissions in the portal

                                          Add ability to create service principal and grant permissions in the portal like management certificates at manage.windowsazure.com or the app tokens in GitHub / AWS / GCE.

                                          It should allow you to easily upload a cert or get back a string token + grant access to the subscription.

                                          64 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 25 26
                                          • Don't see your idea?

                                          Feedback and Knowledge Base