Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow users to self update MFA methods for "Other Organizations you belong to"

    Users that have a presence in multiple tenants need a way to self update their MFA methods for "other organizations you belong to" on the myworkaccount.microsoft.com/organizations. Currently there is only a link to "leave organization". Please add a link to "update MFA methods".

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Show additional information to the MFA Notification

    When a user receives an MFA notification, it would be nice to see the following communicated in the notification:
    - Login Location (City, State, Country)
    - Service being logged into (Office 365 Portal, SharePoint Online, OneDrive, Client Apps, etc.)
    - Device OS/Type (Windows 10/Laptop, iOS 13.5.1/iPhone, Android 10.0/Tablet)
    - Device Compliance (Yes/No)

    This would further help users determine if the request is legitimate.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. NPS extension for Azure MFA: Issue Access-Challenge response on App Notification methods

    When integrating NPS Azure MFA extension with Cisco ASA or FTD, the MFA verification methods for App Notification and Phone Call are difficult or challenging to use.

    This is because these verification methods do not force the NPS server to send an Access-Challenge method back to the ASA/FTD to give the user time to answer the phone or open and approve the app notification. Cisco ASA/FTD only allow 10 seconds for this to happen, and this value cannot be changed.

    If NPS could issue an Access-Challenge response that accepts null input, but just allows the user more time. It could…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Prompt for secondary authentication method when Phonenumber is pre-populated

    Take a look a this Github issue: https://github.com/MicrosoftDocs/azure-docs/issues/57279

    When I use My Staff to set the user's phone, strong auth method is registered.
    This statisfies the Indentity Protection en SSPR reset registration.
    I configured to register 2 methods, but the users is never prompted.

    1.Brand new user is created
    2. User is added to Administrative unit
    3. Manager sets phone number
    4. Add user to the identity protection and sspr registration policy
    5. User logs in, is prompted for MFA like expected (caused by Conditional Access)
    6. Users changes password (new user)
    7. User is NOT prompted to register second…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. RDP Client MFA Support

    Rework RDP client to support MFA contexts.
    - Implement MFA wait message for user
    - Implement support for OTP within RDP client and other MFA methods

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Impossible to reset password

    In certain cases it becomes impossible to reset password to account even though I can pass 2fa.

    This can mean loss of Win10 accounts and all user data... and their support basically says... we will get round to it some day.

    System is bugged.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Create user after MFA when signing up

    We want to include MFA during sign-up where the user is created after the MFA process. However, it seems that currently the user is always created before MFA process in either built-in policy or custom policy. Below is the ideal process for sign-up; note, there is only one identity provider.

    The user will be added into the tenant only if he/she finishes all following three steps.
    1. Scan the QR code and confirm on mobile


    1. Validate the mobile phone number (here custom policy calls external Rest API to check if the mobile phone number is already in the database. Some
    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Authenticator App fully displays UPN on accounts list

    When I register the Authenticator application to multiple tenants with the same name (for example, default tenant name), I can't know which passcode is for a tenant that I am trying to sign in.
    The reason is that UPN isn't fully displayed omitting by "..." after a certain length depending on the screen size.

    ex)
    UPN "testuser01contoso.com#EXT#testuser01@fabrikam.com"
    displayed UPN "testuser01contoso.com # EXT ..."

    Alternative improvement idea is to display a tenant id next to a tenant name.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. The Authentication methods usage & insights (preview) page is great, but not accurate

    The Authentication methods usage & insights (preview) page is great, but the MFA registration column is not accurate. I have users that have registered and their registration methods show, but they show as unregistered on the report.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Reduce the DIRECTORY steps to select MFA......simplify number of mouse clicks, use pull down menu to select MFA from main menu

    Reduce the DIRECTORY steps to select MFA......simplify the number of mouse clicks, use pull down menu to select MFA - New User / Existing User

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. MFA Account Throttling

    Currently per MS:
    • The user attempts to validate a phone number 5 times in one hour.
    • The user attempts to use the security questions gate 5 times in one hour.
    • The user attempts to reset a password for the same user account 5 times in one hour.

    Please implement a powershell option to clear this throttle-flag on a per-user basis. Telling a user to wait 24 hours is not a viable solution.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Display requesting device name in approve notificatins

    It's useful to display requesting device information such as OS, model name and name in Authenticator app approval when multi factor authentication is configured to approve via notification method.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. que el rol de administrador de autenticación con privilegios permita visualizar, bloquear y desbloquear usuario de MFA

    que el rol de administrador de autenticación con privilegios permita visualizar, bloquear y desbloquear usuarios de MFA

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Revoke MFA Sessions | PowerShell | Graph API

    Hello,
    Please make it possible to do "Revoke MFA Sessions" using PowerShell or Graph API.
    Thank you!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Change the number of digits to identify an alternative phone

    My work phone and my personal phone both have the same last two digits (this is a 1:100 likelihood), hence I can not differentiate between them when asked for the last 2 digits. Please change the number of last digits required to identify a phone, I would suggest a minimum of 4. Alternatively and better, also allow the user to select which digits to use, maybe the FIRST 4 digits or a sequence from the middle of the number.
    Thanks

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Require specific Multi Factor Authentication method for App

    When using Conditional Access to give access to a specific application it will today per default use the user specified preferred Multi-factor Authentication method.

    We would like to be able to protect the access to some apps a little further to ensure that the user must unlock the phone and open the authenticator app.

    Add support for forcing the authentication method towards specific apps with Conditional Access

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow us to set up multifactor authentication method policies

    Sometimes I want to assign an authentication methods for a user without necessarily enable that method for the entire company. For example, we may want to require user to complete an awareness training before using a certain method. This becomes especially important for the upcoming passwordless authentication. Therefore it would be very useful to be able to create policy groups for different combinations of authentication methods.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Create custom AAD role for only editing MFA information

    Azure Active Directory (AAD) role to only updating the Strong Authentication information (such as Reset MFA, Revoke session token), but not for resetting users passwords.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 16 17
  • Don't see your idea?

Feedback and Knowledge Base