Azure Active Directory

Welcome to the Azure Active Directory Forum.

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure AD doesn't yet tell a cohesive story

    The EMS offering seems to me like a hodgepodge of products put together and while they COULD all work well together, they really don't. For example. Parts of MIM compliment Azure AD, parts compete with it, and parts just don't work (group management of AD groups to be used for app provisioning for example). ATA works on prem, even though it's part of EMS. Native auth to Azure AD works for Windows 10 clients only. Macs, even with Enterprise Connect, are left in the lurch. When you try to leverage Azure AD as an LDAPS source for mac, it still…

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • Make a App for AzureAD PIM to activate my roles

      Please Make a App for AzureAD PIM to activate my roles - so that the admin user that's only are using portal.office.com need to go into portal.azure.com to active the PIM roles (like global admin)

      5 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow users to use their email on sign in even though the adress is associated with an account

        When we invite external users to our Azure AD, we use an email that they provide. This works fine for a lot of cases. However, in some situations, the user gets a message like this:

        You have been invited to access <somedomain>
        To access applications in the <someorg> organization, you'll
        need to sign in with <yourEmail>. This email
        address is associated with an account named
        <someaccount>

        To get this to work, the user needs to use the account as login, and not the email we used to invited them. This is very confusing for the users, as some of them…

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
        • Improve Azure Authenticator App to require password or touch id validation before approving push request.

          Currently, if you receive a push notification to the Azure Authenticator app while the phone is locked, merely swiping the notification and selecting View allows access to approve (or deny) the request. Other authenticator apps (Google, Lastpass, etc.) require the device password or touch id (on iOS) before the request can be approved. This is a security flaw and needs to be fixed.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
          • Translation are bigger than window

            Some localized translations (for example Czech) are bigger than window to fit in. Some are also not so good at all. For example screen from branding.

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
            • Azure AD Connect "PasswordNeverExpires" Attribute not synced correctly

              Last tests done with version 1.1.443.0 of AAD Connect

              The User Attribute "PasswordNeverExpires" is not synced correctly from OnPremise to AAD (when doing an inital sync of an user account). Furthermore later changes of this Attribute are not synced correctly to the AAD.

              I had different/random results when testing with this. Sometimes the initial value was transfered correctly to the Cloud accounts but the a change was not synced. Sometimes directly the initial value was wrong (when syncing a user the first time).

              Kind Regards
              Robin K.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)

                We’ll send you updates on this idea

              • When installing the MIM Language packs on a second server, provide the option to just install the local files and not update the MIM Service

                When installing the language packs on second portal servers, it would be nice to have an option to skip the installer updating all the locals in the Service/Database as this has already been done during the initial install on the primary server, and slows down the time it takes to patch the environments.

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
                • Support Inheriting Roles in Nested Groups

                  Group 1
                  Has a Role from my Application
                  Has a Member called Group 2

                  Currently, roles in nested groups are not transitive. If I am a member of Group 2 above, I do not have the Role granted to Group 1, even though Group 2 is a member of Group 2.

                  I can't believe, this is not implemented, I wasted 3 hours trying to figure this out.

                  2 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
                  • Where can I see the IP address of my AD server

                    I need the IP address of the AD server

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                    • allow api windows.graph.net to query the AAD Tenant's trust relationships with Azure Subscriptions

                      allow api graph.windows.net or graph.microsoft.net to query the AAD Tenant's trust relationships with Azure Subscriptions. These trust relationships exist in the classic azure portal under Settings showing the Azure Subscription and the default AAD

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Graph API  ·  Flag idea as inappropriate…  ·  Admin →
                      • Admin status page of current sign-ins/logins/sesssions where sessions can be killed

                        Other services have a admin display that shows users currently logged in and allows the admin to kill the sessions (revoking creds, etc).

                        This is different than the current Azure AD Sign-ins screen that shows running status of who signed in and when, and whether the sign-in was successful.

                        Realize this is a big ask with many moving parts, but something I believe is warranted for security and compliance reasons.

                        -thanks
                        -e

                        2 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                        • merge social and local accounts with the same email address

                          Identify an attribute as a unique identifier (lets take email address here) When a user signs up with social or local account, check if the email address already exists, if yes log the user instead of creating a new account.

                          3 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                          • 1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Graph API  ·  Flag idea as inappropriate…  ·  Admin →
                            • In Azure AD B2C, add a policy to associate external logins with existing account when already signed in.

                              It would be nice to be able to associate different external identities to a single account, the same way it works with the asp.net MVC app template and Identity.

                              When the user has already registered a first login (local or with a provider), and he is signed in, he has the possibility to manage his logins by adding a local account and associating/dissociating external logins (facebook/google/linkedin).

                              4 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                              • 16 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • Allow Basic Accounts to Modify an Applications 'Users and Groups'

                                  Basic accounts are not able to see the fabled 'Users and Groups' tab in the classic portal. There doesn't seem to be a way to do this in the new portal for Basic users or I'm not aware of it. We need a simple UI to assign roles to users and groups.

                                  2 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Provision Exchange Online Mailbox (Enable-RemoteMailbox)

                                    In an hybrid exchange Scenario when you only assign a license for Exchange Online to a synchronized user to Provision his mailbox the corresponding onPRem AD attribues are not set.

                                    So These mailboxes cannot be managed from the onPrem Exchange Admin console.

                                    So it might be a good idea to have also "Exchange Online Provisioning" wihtin the AD connector and not only onPRem Exchanges.
                                    Connector should call the "Enable-RemoteMailbox" cmdlet which sets the appropriate Attribute onPrem and after synch and assign license users can use their mailbox.

                                    Btw: Please rename the "Exchange 2010" provisioning option to "Exchange 2010-2016", in every…

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Confirm user email address when "Require Verfication" is off

                                      While the recent enhancement to allow us to turn the "Verification Code" feature off for a SignUp policy is positive, it would be nice if the screen could present an additional field for the user to "confirm email address" to help prevent/reduce problems caused by typing errors. Essentially similar to how the user has to confirm the password already.

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                                        Great idea Dave! In the shorter term, we expect you should be able to achieve this via custom JS (there’s a separate UV for that). If we notice a lot of people doing this themselves or see this ask get a lot of traction, we’ll look into making it a built-in feature of the product.

                                        /Saca

                                      • Preserve semantic URIs in portal.microsoft.com

                                        Preserve semantic URIs in portal.microsoft.com: in https://manage.windowsazure.com/microsoft.onmicrosoft.com#Workspaces/ActiveDirectoryExtension/Directory/c4ed9159-2ddb-4a79-8388-f694afab28b8/RegisteredApp/b5cf593c-961c-451a-acd8-25106e05aab0/registeredAppConfigure

                                        wherein c4ed9159-2ddb-4a79-8388-f694afab28b8 is my tenant, and b5cf593c-961c-451a-acd8-25106e05aab0 is my app. So I can navigate to something by knowing its identifiers. I don't *think* that's possible in portal.azure.com.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Ability to export results from the Metaverse Search screen in sync engine

                                          Ability to export results from the Metaverse search screen in sync engine. This was an idea mentioned while I was out on client site. When one does queries the the "Metaverse Search" tab of the sync engine there is no way to save the results a csv or excel file. You could obviously query the backend SQL database but this isn't very customer friendly.

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 36 37
                                          • Don't see your idea?

                                          Feedback and Knowledge Base