Azure Active Directory

Welcome to the Azure Active Directory Forum.

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Merge office365 and live accounts that use the same email address

    I use both Azure/msdn and office 365
    I already had an msdn account mvdl@our-company.com ( Windows Live account) and our company recently migrated to Office 365 which resulted in a mvdl@our-company.com Office365 account.

    Wich is causing a lot of grieve when switching between asure web portal / msdn web portal / office 365 web portal

    Even when I have no portals open, I cant switch accounts. I need to explicity open the portal that I last logged in to. Log out, and then I can switch accounts.

    And having both office 365 portal and Azure portal open at the same…

    938 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      214 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

      Folks,

      Thanks for the questions and suggestions. And apologies for not sharing any update on this thread for so long. We’ve been working on this problem and have announced changes on our official team blog (see here: https://cloudblogs.microsoft.com/enterprisemobility/2016/09/15/cleaning-up-the-azure-ad-and-microsoft-account-overlap/).

      First, we are acutely aware of the UX pain this is causing and we are sorry for this. We are trying to undo a decade and a half of systems divergence. There are literally hundreds of different engineering teams across Microsoft involved in this effort. So this is taking time.

      Second, we can’t easily “merge” two accounts, or allow IT to “take over” personal Microsoft accounts. There are two main hurdles: (1) The terms of service are fundamentally different for the two account types and (2) they are based on different technologies with different stacks (different identifiers, SDKs, token formats, etc.). We’re working to converge the two stacks but again this…

    • Get user membership groups in the claims with AD B2C

      As it's possible in the standard AD by changing the API application manifest option "groupMembershipClaims" to "SecurityGroup", is it possible to return user membership group in the claims with AD B2C?

      Now, we can have only the default and custom attributes by adding a signin policy, but it's impossible to get user membership groups.

      394 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        34 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

        We definitely recognize the popularity of this feature, and we discuss it constantly during the planning phases. However there are certain technical limitations in the system that add a large amount of development cost. Because of the cost and the fact that there is a workaround available, other features get prioritized over this one.

        That being said, please keep voting for it. The popularity of the feature does help bring it up and makes us reconsider every time.

        Apologies for the delay.

        /Parakh


        Old message:
        We’re doing some research both on the specifics of this ask as well as what it would take to support this.
        Is the ask here to do the same thing that regular Azure AD does (see: https://blogs.technet.microsoft.com/enterprisemobility/2014/12/18/azure-active-directory-now-with-group-claims-and-application-roles/) or is are there different requirements around this for Azure AD B2C?

      • Fully customizable verification emails

        Currently, Azure AD B2C sends verification codes via emails to end users during sign-up and password reset flows. These emails have limited customization. Add support for full customization of the email body & content.

        378 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          44 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
        • Add support for nested groups in Azure AD (app access and provisioning, group-based licensing)

          A lot of organizations use nested groups in on-premise AD. Syncronizing these groups to Azure AD have no value today. But the group itself have value on-premise
          Creating new group in AD with only users and then synchronize it to Azure AD creates extra administration for administrators and confusion for end-users.

          Dynamic Groups in Azure AD as of today don’t have support for “Member Of” or similar hence don’t solve the problem.

          Adding nested groups to Azure AD would add a lot of value to Azure AD.

          280 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            33 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

            Currently, the following scenarios DO support nested groups:

            • The concept (you can add groups as members of other groups)
            • Group membership claims (when an app is configured to receive group membership claims in the token, nested groups the signed-in user is a member of are included)
            • Conditional access (when scoping a conditional access policy to a group)
            • Restricting access to self-serve password reset
            • Restricting which users can do Azure AD Join and device registration

            The following scenarios DO NOT supported nested groups:

            • App role assignment (assigning groups to an app is supported, but groups nested within the directly assigned group will not have access), both for access and for provisioning
            • Group-based licensing (assigning a license automatically to all members of a group)
            • Office 365 Groups

            All of the scenarios where nested groups aren’t supported are being looked at, but we do not yet have any timelines to share. We thank…

          • Customer-owned domains

            Run Azure AD B2C's sign-up & sign-in pages under a custom domain, for e.g., login.contoso.com, instead of login.microsoftonline.com.

            229 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)

              We’ll send you updates on this idea

              24 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

              Due to various technical limitations, the first iteration of the customer-owned domains functionality will not be available for a few more months. We will provide an update as soon as we can get a more specific ETA.

              If you are looking to use custom domains to use javascript, we are now looking to enable that experience by providing a new (non-customizable) domain. Please look for updates here: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/15493536-add-support-for-javascript-inside-the-custom-ui-br

              /Parakh

            • Authenticating wireless access points \ RADIUS through Azure AD

              I would like to see Authenticating wireless access points \ RADIUS servers through Azure AD , not having to store user accounts in local active directory

              213 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)

                We’ll send you updates on this idea

                30 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
              • Add Japan region to data residency location of Azure AD B2C

                Lots of Japanese customers would like to use Azure AD B2C. But they can not decide to adopt B2C because we do not have Japan region as data residency location.

                205 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  8 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                • Enable Self Service Password Reset from Windows 10 Sign In Screen

                  Azure AD self service password reset works great. The issue being if a user cannot log on they haven't a browser to access the portal easily.

                  Can the reset portal be integrated with a "Forgotten my password" link on the Sign In screen. Azure AD join integrates with web based services such as MFA so it hopefully the foundations are there.

                  203 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    36 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

                    We recognize that for users who can’t remember their password, it’s a challenge to log in let alone use a browser to reset your password. So we listened and came up with the self-service password reset from the lock screen feature.

                    How does it work?
                    By updating to RS3 and setting the MDM policy, the users of the Azure AD joined devices in your enterprise will see a “Forgot password” link on their lock screen. If they click it, it launches the SSPR flow directly from their lock screen.

                    What’s coming in the future?
                    We are actively working to bring the same SSPR from lock screen feature to the hybrid AADJ machines. We anticipate this feature will release with the Spring 2018 Windows 10 update.

                    For more information, please go to this post: https://cloudblogs.microsoft.com/enterprisemobility/2017/11/20/resetting-passwords-on-azure-ad-joined-devices-is-much-easier-with-the-latest-windows-update/.

                    Chen

                  • Add an Azure AD Identity Provider

                    AADB2C is great, but why not adding an Azure AD provider? We're developing an application where we can have customers with social identities as well as Azure AD identities, it would be great in the AADB2C login page to have an option like "Organization Account". In this way we can code against one single API and not be forced to use two different entry points.

                    200 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      27 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                      We are hoping to have a private preview for this feature within the next few weeks. The private preview will be for adding a custom OIDC provider (such as Azure AD) using built-in policies. It is currently possible to do so already through custom policies.

                      /Parakh

                    • Sync Azure Active Directory Down to On-Premises AD

                      It would be great to be able to sync Azure AD down to On-premise AD. I want to centrally manage my users, passwords, and groups from Azure AD. That way the on-premise server just acts as a medium for the local environment.

                      Here: http://msdn.microsoft.com/en-us/library/azure/dn798669.aspx

                      It says "coming soon" for cloud to on premise sync. It was last updated on September 5th 2014. I cant find any new information on if this is out.

                      185 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                      • AADB2C: Send email invitation for new user to sign up

                        I would like the ability to trigger an email invitation be sent to new users for our web application that I want to authenticate with AADB2C. In our multi-tenant design, each tenant will be responsible for adding their own users to their tenant. I would like the admin of the tenant to be able to send an email invitation to the new user and then that user can complete the sign-up process.

                        185 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          11 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                          Thank you for the feedback. We are strongly considering this for the future. Today we are focusing on customer facing apps with open self-service signup. /Jose Rojas

                        • B2C Fully Customizable Sign-In Page

                          Create a Sign In Policy by which we can provide our own template for the sign in page. It could work the same way as the Sign Up policy does.

                          185 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            36 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                          • Allow the User Admin role to Enable/Disable MFA for users

                            Managing MFA settings for users seems to fit the scope of the User Admin role. I don't think this activity should require Global Admin access.

                            179 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              26 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →

                              This feature is now on the roadmap. The MFA team is planning to adjust admin roles or create a new role that will allow delegation of MFA registration and credentials to an admin role.

                            • Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library

                              Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library, just like Azure AD and Active Directory Authentication Library has.

                              The Azure AD B2C page has been saying 'Get tokens using a username & password with the OAuth 2.0 Resource Owner Password Credentials Flow (coming soon)' since September 2015.
                              https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-reference-protocols/

                              176 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                35 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                                Just to provide an update, we are close to launching a private preview. We are in the final testing stages for this feature. We will have another update in the next few weeks with instructions on how to join the private preview.

                              • Remove requirement for onprem Exchange when using DirSync

                                as per : http://tinyurl.com/kqgjvqx

                                Currently for a small business who want password sync, but make the move to 365. they have to keep Exchange running on premise simply to be able to edit user attributes related to Exchange. - an active directory DLL, standalone app or simply support in the 365 portal would solve this for so many customers.

                                169 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                • Update UserType from portal

                                  Be able to see and change the userType from the portal.
                                  (This is only available in Powershell : example: change from Guest -> member, in order to see the directory as an external user.)

                                  Set-MsolUser -UserPrincipalName xxxhotmail.com#EXT#@xxxhotmail.onmicrosoft.com -UserType Member

                                  161 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    6 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

                                    Soon we’re going to start working on a first class experience in the Azure Portal that allows for a user invited to an Azure AD tenant via the “B2B Collaboration” feature to become a Member (vs their default Guest) and thus be able to be assigned as Azure AD Global Admins or Azure Subscription Co-Admins

                                    /Saca

                                  • Activate Office 365 ProPlus through Azure AD Connect SSO feature instead of ADFS

                                    Activate Office 365 ProPlus through Azure AD Connect SSO feature instead of ADFS.

                                    The only thing missing I think is the Office GPO 2016 template setting. Now there is only the ADFS option in "Microsoft Office Microsoft Office 2016/Subscription Activation"

                                    See my post below:
                                    https://answers.microsoft.com/en-us/msoffice/forum/msoffice_install-mso_winother/office-365-proplus-2016-activation-shared-computer/a5b571f2-da34-4dd6-a67a-5188d99adb6b

                                    161 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                    • 141 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        20 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                                        We are changing our plans slightly here. This will be enabled as a result of ‘shared domains’ this means that you will be able to start using your tenant as a subdomain of a ‘shared domain’, in the form of {tenant name}.b2clogin.com where b2clogin.com is the ‘shared domain’. You will be able to run Javascript when you are running on this shared domain. We are looking at having this in private preview in the fall and will message out again when we can start taking in users.

                                        /Sam

                                      • Make Azure AD Domain Services available in CSP subscription

                                        Currently Azure Active Directory Domain Services are not available for CSP subscriptions. Firstly because you can't deploy classic VNets in CSP subscriptions and this service is required to setup AADDS. Secondly because AAD is not available for CSP subscriptions to manage from Classic Portal and according to https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-faqs there is no Powershell cmdlet to turn on AADDS. This means you can't use AAD features like Kerberos authentication in CSP offerings.

                                        125 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          27 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                                        • SAML protocol support

                                          Azure AD B2C currently supports OpenID Connect and OAuth 2.0. Add SAML protocol support as well.

                                          119 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            9 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 66 67
                                          • Don't see your idea?

                                          Feedback and Knowledge Base