Azure Active Directory

Welcome to the Azure Active Directory Forum.

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Merge office365 and live accounts that use the same email address

    I use both Azure/msdn and office 365
    I already had an msdn account mvdl@our-company.com ( Windows Live account) and our company recently migrated to Office 365 which resulted in a mvdl@our-company.com Office365 account.

    Wich is causing a lot of grieve when switching between asure web portal / msdn web portal / office 365 web portal

    Even when I have no portals open, I cant switch accounts. I need to explicity open the portal that I last logged in to. Log out, and then I can switch accounts.

    And having both office 365 portal and Azure portal open at the same…

    702 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      123 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

      Our team owns the Microsoft account and Azure AD sign-in/sign-up experiences. We know that some experiences are confusing for some of you and we’re working hard to simplify them.

      More specifically:

      1) We know a number of users have multiple accounts with Microsoft, some they created themselves and others they got from their work or school. Today, using multiple accounts in Office 365, Azure.com or VisualStudio.com requires you sign out of one account and sign in to another. To address this we’re building the ability to be signed in with more than one account at the same time, in the same browser. This should start showing up on Microsoft web properties later this year.

      2) There’s a small number of Microsoft business services that only support “Live ID” accounts, and not organizational accounts that are used for other business services like Office 365. Examples include MSDN and Volume Licensing. We’re…

    • usertype

      Be able to see and change the userType from the portal.
      (This is only available in Powershell : example: change from Guest -> member, in order to see the directory as an external user.)

      Set-MsolUser -UserPrincipalName xxxhotmail.com#EXT#@xxxhotmail.onmicrosoft.com -UserType Member

      125 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
      • Enable legacy Windows Server Active Directory functionality for compute services

        I want use this Windows Azure Active Directory services to standard compute services to remove complecation.
        for example, we need Active Directory for building failover cluster services IaaS. I don't want to make DC only for that...

        108 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          8 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
        • Add Azure Active Directory to portal.azure.com

          As more services become only available for management in portal.azure.com (such as API Apps), it's annoying to have to go back to the "old" portal.

          90 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            21 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

            New features are starting to show up in the new portal so we are making progress but the whole migration is not complete yet.

            You have Privileged Identity Management and Azure AD ID Protection in the new portal.

            When you go to the Application Panel you will also see preview of the new look and feel of that as a preview.

            Will get back to this thread asap when I have more to share on the full migration.
            - Brjann Brekkan
            Program Manager Customer Success Team

          • Update the Azure Active Directory PowerShell Module to allow MFA

            According to MS Support [1] you cannot use an account with MFA to connect to AAD via PowerShell. This is a problem, because most activities done with PS require Admin rights, and we want Admin accounts to have MFA.

            I did some digging and I believe this limitation comes from the fact that the AAD PowerShell module still uses the Microsoft Online Services Sign-In Assistant [2] for authentication.

            It looks like MS is updating Office applications to use ADAL instead of the MSOL Sign-in Assistant to "enable new authentication flows, including support for Multi-Factor Authentication (MFA)." [3]

            I propose making…

            87 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)

              We’ll send you updates on this idea

              11 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
            • Remove requirement for onprem Exchange when using DirSync

              as per : http://tinyurl.com/kqgjvqx

              Currently for a small business who want password sync, but make the move to 365. they have to keep Exchange running on premise simply to be able to edit user attributes related to Exchange. - an active directory DLL, standalone app or simply support in the 365 portal would solve this for so many customers.

              86 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)

                We’ll send you updates on this idea

              • Fix Error AADSTS50020 when logged in user doesn't have permissions to selected Application.

                Currently if the logged in users doesnt exist in the Tenant Directory for a given application. The user is shown a very unhelpful page with the following:

                Sorry, but we’re having trouble signing you in.
                We received a bad request.

                The debug error is :
                AADSTS50020: User account 'some email address' from external identity provider 'https://sts.windows.net/someguid/'; is not supported for application 'https://someappurl'. The account needs to be added as an external user in the tenant. Please sign out and sign in again with an Azure Active Directory user account.

                69 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  13 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
                • 51 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    8 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                    under review  ·  Robert FallerRobert Faller responded

                    Please provide more details. DirectAccess is an on-premises technology and as such may not fall into Azure Active Directory.

                  • Graph API: Single query way to expand property of children

                    Impossible to get members of Azure AD group with expanded 'manager' property in one request.
                    for example:
                    https://graph.windows.net/<tenant_id>/directoryObjects/<group_id>/members/?api-version=1.6&$expand=manager

                    we gets the following response:
                    {"code":"Request_UnsupportedQuery","message":{"lang":"en","value":"An unsupported query was observed. Please ensure you query does not navigate across multiple reference-properties."}

                    I suppose reason of such response is clear. and current workaround is the following:
                    1) Get group members
                    2) for each five members(using OData batch) get manager
                    But this way make us do a lot of requests to Azure AD and we expect performance degradation here.

                    We develop multi tenant application which access Azure AD of all our customers and it's…

                    50 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Graph API  ·  Flag idea as inappropriate…  ·  Admin →
                    • Enable Self Service Password Reset from Windows 10 Sign In Screen

                      Azure AD self service password reset works great. The issue being if a user cannot log on they haven't a browser to access the portal easily.

                      Can the reset portal be integrated with a "Forgotten my password" link on the Sign In screen. Azure AD join integrates with web based services such as MFA so it hopefully the foundations are there.

                      46 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        5 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
                      • Get user membership groups in the claims with AD B2C

                        As it's possible in the standard AD by changing the API application manifest option "groupMembershipClaims" to "SecurityGroup", is it possible to return user membership group in the claims with AD B2C?

                        Now, we can have only the default and custom attributes by adding a signin policy, but it's impossible to get user membership groups.

                        44 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                        • AADB2C: Send email invitation for new user to sign up

                          I would like the ability to trigger an email invitation be sent to new users for our web application that I want to authenticate with AADB2C. In our multi-tenant design, each tenant will be responsible for adding their own users to their tenant. I would like the admin of the tenant to be able to send an email invitation to the new user and then that user can complete the sign-up process.

                          43 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                          • Device-level authentication as primary authentication like ADFS 4.0 (Windows 2016) in Azure AD

                            It would be AWESOME, if Azure Active Directory would provide device-level authentication as primary authentication like ADFS 4.0 (Windows 2016)

                            We need this please!

                            40 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              2 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
                            • SSO / Sign in to Azure via Google Apps IDP

                              We'd like to enable our users for lots of Azure services (incrementally), starting with some RemoteApp services. We do *not* want to move user authentication to Azure AD (users have lots of complex Google Apps logins, with 2-Factor and U2F Keys).

                              Is there an easy way for us to enable Google Apps as an IdP in Azure AD?

                              Like, can we copy user profiles from Google Apps -> Azure, and on login attempt, redirect to the Google Apps sign in screen?

                              40 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
                              • Sync Azure Active Directory Down to On-Premises AD

                                It would be great to be able to sync Azure AD down to On-premise AD. I want to centrally manage my users, passwords, and groups from Azure AD. That way the on-premise server just acts as a medium for the local environment.

                                Here: http://msdn.microsoft.com/en-us/library/azure/dn798669.aspx

                                It says "coming soon" for cloud to on premise sync. It was last updated on September 5th 2014. I cant find any new information on if this is out.

                                38 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                • Add Custom Identity Provider feature to Azure AD

                                  We have a custom IDp on old ACS and use ADAL v1 to auth a desktop app. We need to use new thinks of ADAL v2 or newer versions.

                                  We already have this app in production so we realy need a way to use Azure b2c with our custom identity provider. In fact we want the feature of custom Idp in Azure AD in order to substitute ACS.

                                  35 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Add Application's ServicePrincipal using powershell

                                    Today it's possible to add an applications serviceprincipal to a customer's tenant using msol Pow-ershell cmdlets. BUT unfortunately a serviceprincipal created using powershell is not visible is the userers Azure Management portal. According to Azure Support:
                                    "You will not be able to use the Azure PowerShell cmdlets to have your application be visible within the Azure Management Portal as the cmdlets do not support this functionality. The only option at present is to use the Azure Management Portal to register and add the application to Active Directory."
                                    My suggestion is to add this functionality to the Powershell cmdlets.

                                    34 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      3 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                                      under review  ·  Robert FallerRobert Faller responded

                                      Your suggestion has been passed to the appropriate Program Manager for their review.

                                    • Azure AD Application Proxy – add ability to publish on-prem Remote Desktop Web Access.

                                      Now we use MS TMG (with RSA SecurID 2-factor authentication) to publish RDWeb and RD Gateway to Internet. We need a replacement for MS TMG and RSA 2-factor authentication.
                                      We want to publish our on-prem RDWeb sever to Internet via Azure AD Application Proxy. This solution should support Azure Multifactor authentication and RD Gateway.

                                      31 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                      • AADB2C: add an Azure AD provider

                                        AADB2C is great, but why not adding an Azure AD provider? We're developing an application where we can have customers with social identities as well as Azure AD identities, it would be great in the AADB2C login page to have an option like "Organization Account". In this way we can code against one single API and not be forced to use two different entry points.

                                        28 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Add support for AAD authentication between 1st party apps (e.g. PowerQuery) and Azure Web Apps

                                          There's currently no way to access a Web API hosted as an Azure Web App and secured with AAD through 1st party apps such as PowerQuery.

                                          27 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 22 23
                                          • Don't see your idea?

                                          Feedback and Knowledge Base