Azure Active Directory

Welcome to the Azure Active Directory Forum.

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Forgot password link from Sign In Page

    Is there any way to fix the redirect problem? It is an error and I couldn't find a solution.

    I am using custom UI and Signin-signup policy. When I click the link, it redirects to home with an error.

    What is the solution for it?

    [I am using JWT web token for API. ]

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
    • Enable PIM role assignment by Group membership.

      It would be nice to enable PIM roles to be linked not only to direct assignment to users but also to groups. This enables integration with on-premise IAM solutions that have not been extended to support the Graph API calls to PIM for role management.

      2 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
      • Restrict Groups List on Claims Identity to Only Groups (not directory roles)

        Amend the http://schemas.microsoft.com/ws/2008/06/identity/claims/groups claim of the user identity so that it only includes groups, not directory roles as well. (Or add a further groupMembershipClaims value to the manifest to show "GroupsOnly" or similar, in addition to the current "All" | "SecurityGroup" | null option)

        Currently if a user is in either the Global Administrator or Limited Administrator role, the ID of this role appears in the list of groups as well. See details on StackOverflow here: https://stackoverflow.com/questions/45215615/phantom-group-membership-in-azure-ad

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
        • Enable Azure AD Domain Services in an Azure Resource Manager

          Azure AD Domain Services can currently only be enabled in a classic Azure virtual network. Enable Azure AD Domain Services in an Azure Resource Manager

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
          • Generate reports from Intune

            We would like to registry the possiility to generate reports from Intune on Azure Portal in accordance with groups's segmentation about the computers and devices like occcured on old MS Intune portal

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
            • Support WebSocket protocol in Azure AD Application Proxy

              It would be great if Azure Application Proxy supported the websockets protocol. We publish some collaborative applications through AADAP and we have a lot of access issues.

              9 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
              • Add Japan region to data residency location of Azure AD B2C

                Lots of Japanese customers would like to use Azure AD B2C. But they can not decide to adopt B2C because we do not have Japan region as data residency location.

                190 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  7 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                • AAD SSPR admin notifications issue with AAD PIM

                  AAD PIM is a bypass for AAD SSPR admin password reset notifications

                  Give us the option to specify who should get notified when a admin or eligible admin resets their password.

                  I confirmed the notification is not sent to eligible admins (not good)
                  I assume its also not sending the notification to current admins if a eligible admins resets his password.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
                  • Delete operations are blocked. This Domain Service instance has been hydrated to Azure Resource Manager /subscriptions/f0317579-888e-4c32-a9

                    Dears,

                    Could help me with this error. I had configured the domain service synchronized with my local AD via AD Sync .... I deactivated the synchronization and I want to deactivate and I only get this error.

                    Delete operations are blocked. This Domain Service instance has been hydrated to Azure Resource Manager /subscriptions/f0317579-888e-4c32-a9f0-2e0ff2b0f4b6/resourceGroups/VN-AZURE-BR_SUL/providers/Microsoft.AAD/domainServices/yourdomain.com

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                    • Add new app - screen keeps reloading

                      screen keeps reloading, unable to load screen. Would be nice if the screen worked, i'm using google chrome.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                      • Office iDFix tool - some column widths cannot be adjusted

                        When using the Office iDFix tool - columns cannot be adjusted to prepare an AD for Azure Sync, the result table can be flexible adjusted for nearly all columns but the first 2 from the left that is DN.

                        Especially the DN is very long and it is not helpful that you cannot adjust the width there.

                        also when clicking on DN the DN will be incorrectly sorted (not by OU / path / alphabetical)

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                        • Office iDFix Tool will not notify about incompatible displaynames

                          Problem:
                          there is a technet document about the known limitations for Group names (255 char long, no dots allowed etc) but idFix will not flag them as errornous if they violate these rules.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                          • Azure AD Connector - wrong error message "Mailnickname"

                            Azure idFix Check will not check every standard

                            Problem:
                            A security group that contains one or more "." will result in an error with "mailnickname" property in Azure AD Connector when syncing to Azure AD / Exchange online.

                            The Error message is irritating and wrong as not the property "Mailnickname" is wrong but the security group has an invalid display name which contains one or more dots "." characters.

                            Suggestion:
                            Implement a correct error message for this sync error.

                            There exist a support ticket for this issue.

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                            • Obj-Browse Method

                              Obj-Browse Method:

                              Use the Obj-Browse technique to go looking instances of one class and copy the entire instances, or specific properties, to the clipboard as an array of embedded pages.

                              simplest residences exposed as columns may be used as choice criteria. but, values of homes that aren't uncovered as columns, which includes embedded houses, may be lower back.

                              The Obj-Browse technique has the subsequent parameters

                              -page name: input the name of the vacation spot web page to incorporate seek outcomes. The gadget uses Code-Pega-list because the class of this web page.

                              -ObjClass: perceive a class to look. you could search…

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • conditional access os x

                                Conditional Access support for OS X

                                This is a HUGE limitation of Azure... OS X is one of the most prevalent OSes being used today.

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                                • Adding MFA to Skype

                                  It would be great to allow MFA on Skype for Business as I always get an error when it is active. However, I am able to access it when it is de-activated.

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                  • https

                                    I'm using Azure B2C directory and Azure functions. B2C is only allowing HTTPS callbacks. Which is a bit too strict. There is one usecase where it is not necessary:

                                    I have a single web page application and the token is returned using html anchors. (#hash). The connection to B2C is under https, so as the redirect directive when the authentication was finished.
                                    Then the next GET won't include the part of the URL after the #, so it will never leave the browser, only the app could read it (then redirect away from it).

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Domain Services - Ability to add non-Admin users to Remote Desktop Users group

                                      It appears I am unable to manage built-in security groups at all. I would need this capability for Domain Services to work for us.

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Retrieve / pass through the profile data from the identity provider's profile

                                        If attributes also available in Azure AD B2C are set in the identity provider's profile, copy them to the Azure AD B2C profile. E. g., the address set in the Google profile.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Supply information about required permissions on errors AAD Apps

                                          Your AAD App makes a call and get 403 Forbidden in return, with the message "Access is denied. Check credentials and try again". It can be really hard to know what permissions you are missing. It would be helpful if this could be returned in the error message-

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Graph API  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 46 47
                                          • Don't see your idea?

                                          Feedback and Knowledge Base