Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 3 Numbers option with Microsoft Accounts -> will this be coming to Azure MFA?

    Hello, with Microsoft Accounts that have MFA enabled, the authenticator app is sent three numbers, of which one was shown on the original authentication page, and you need to select the correct number in the app in order to then approve the sign-in. I'm wondering if this functionality will be coming to Azure MFA / Office 365 MFA. Any idea? Thanks in advance.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. I can't login. ID not recognized, if I'm new. Not possible to create new account.

    I can't login. ID not recognized, if I'm new. Not possible to create new account.
    Improve the logon procedure please.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Make Azure MFA work on ADFS when Alternate login ID enabled

    We just have tested the Azure MFA (cloud version) integration with ADFS. In ADFS we have the email as Alternate Login ID and our users are synced to Azure AD using the UPN value.

    Well, MFA works for all the users with the same UPN/email value, but for users with diferent UPN and email values, MFA fails. Basically ADFS tries to locate the user for Azure MFA using the Alternate login ID (the email) and as our users are synced to Azure AD using the UPN value, ADFS throws an exception telling that the user was not found in Azure…

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Text verification not working. On mobile device

    Text message received but when authentication page loses focus in order to read text verification code then regains focus to enter the code a new text verification code is sent.
    This results in having to open text message which results in another text message on refocus.
    We have a verification loop.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. NPS extension for Azure MFA - Allow to use the Realm manipulation in Connection Request Policies

    NPS server cannot perform real manipulation to change the domain name from the user UPN before the AD authentication happens, even if the Connection Request Policies contains the appropriate rule. This is a limitation for us when consolidating companies through AD on premises and Azure AD, including Azure AD MFA. Actually, UPNs are different until the AD migration is complete and having a chance to manipulate the realm might help us to accelerate the integration.
    Having said that, it would be a nice feature to have the NPS server to NOT ignore the realm manipulation when the rule is active…

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Get rid of it

    Confess. This was thought up to make it imposible for me to access my hpe mail. I have a severe reading disability. The instructions, after 5 readings are inconprehensible. I was given passwords containing characters which are indisticguishable. I could not copy them to the clipboard. I have no idea if they are correct. I'm supposed to remember God-knows how many charcters of a password I cannot read? It won't let me put in the email of an accont I can access, so I guess you can ignore this.

    This was nothing but a MS money making scam.

    I cannot…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. MFA, would it be feasible to make another option to send confirmations to an email address in addition to cell phones?

    For MFA, would it be feasible to make another option to send confirmations to an email address in addition to cell phones? I have users that work at sites where cell phones aren't permitted. Adding an email address for authentication would alleviate this issue.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure AD Reporting include Disabling MFA

    Need the ability to see when an admin disables MFA. Currently there is a specific log for Enabling Strong Authentication, but no log for Disabling Strong Authentication.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. sign into and unlock my PC with my phone with Windows Hello using your face

    Sign into and unlock my laptop, running Windows 10 Pro, with my phone, running Windows 10 Mobile, with Windows Hello using my face!
    Windows Hello is really very fast unlocking my Lumia 950 and it's Dynamic Locked with my laptop which also works fine with Bluetooth. Make the Authenticator App sign into and unlock my laptop and the laptop on work, that would be nice.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Improve MFA registration process when completed on a mobile device

    When you start MFA setup on a mobile device there are two main issues that can occur from our testing. You cannot capture the QR code on screen mobile device on your mobile devices camera, so the MS Authenticator app needs to be able to accept either a screenshot from your mobile device capturing the QR code, or accept the https:// URL and the Code provided by copying them, however the spaces in the Code when copied drop characters in the MS Authenticator app, so you need to remove the spaces, then add the missing digits for it to work.…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Give Users a way to choose which authentication method to sent the authentication code to during initial sign on.

    Give Users a way to choose which authentication method to sent the authentication code to during initial.

    We need to be able to authenticate from a work place where cell phone usage is illegal from work. But when we leave work or can not come to work we can not authenticate from work or go in to change the Authentication number and Alternate Authentication number. There is a real need to be able to choose the authentication number to send the authentication code to during sign on.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. See recent MFA events, source IP, & requested app

    On the mobile app, display source IP and requested app in the prompt, as well as show recent requests in a list sortable by timestamp

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Delegate Azure MFA One-Time Bypass to other roles used by Servicedesk engineers

    Include Azure MFA One-Time Bypass in Role User Account Administrator or Privileged Role Admin or Password Helpdesk Admin

    31 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Enable per user MFA bypass for Azure MFA (Cloud) make this both temporary and permenant based on settings

    Currently per user bypass is not capable in Azure MFA (Cloud only) this can be done using the Azure MFA on premise server. This functionality make Azure MFA more usable for a end user community that often loses or forget cell phones and need temporary bypass. Also using Azure MFA with NPS/Radius there is no way to allow services accounts that do network equipment monitoring to avoid Azure MFA if we want to enable MFA to access critical network infrastructure or VPN using radius this would help this scenario too

    61 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow Azure AD Sync to Prepopulate the Authentication Phone Number from an Onpremise AD Object, and prevent users from entering their own.

    Allowing a User to set their own mobile number in MFA, completely negates the purpose of the Technology, in an Azure AD Connect environment.

    For a Secure environment, The Administrator would set the Mobile Number as the source of Truth in Active Directory, and it should prevent a potential attacker, from changing the mobile number as they see fit.

    If a user, who has not registered for Azure MFA yet, credentials are compromised, then an attacker could supply their own Authentication Number, and Azure MFA becomes ineffective.

    We should have the ability to set the Authentication Number in AD, and…

    150 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add otpauth protocol support to Microsoft Authenticator

    The Microsoft Authenticator app cannot add accounts directly from URLs using the otpauth URL schema. All otpauth:// links are intercepted by Google Authenticator only, this prevents the user from adding his accounts from third party sites directly with the click of a button in the mobile browser.
    Check out https://daplie.github.io/browser-authenticator/ to see the links in action (unfortunately they are not actually creating a clickable link, but the otpauth:// URL is generated and it works with Google Authenticator when linked properly).

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Better MFA solution for Remote Desktop access to servers

    Currently, requiring MFA for RDP access to domain servers requires going through a RD Gateway (AFAIK). It would be great to be able to require MFA at the server level and have such servers connect to Azure MFA for the second factor without having to go through a RD Gateway. Maybe proxy the Azure auth connection through an on-premises server... The RD Gateway method is slow and clunky.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. precedence and priority for conditional access controls. When compliance, MFA, and Hybrid Azure AD join are all checked

    Hello All,
    One of my questions, that I’ve never been able to get answered, it’s not in the Microsoft documentation, is the question of precedence and priority for conditional access controls. When compliance, MFA, and Hybrid Azure AD join are all checked – how does Intune determine which one is to be applied? If MFA is checked, will it always be presented to the user, or will it not be used when a device is compliant? What logic is used? Sadly the documentation is lacking for this.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Multi-factor authentication only for first connections on a device like with the free outlook mails

    Multi Factor authentication is rubish in Office 365.

    First why is it different from the one for free mails like Outlook.com ?
    They are really good and far more secure than the one in place with 365.

    Why do I need a code for every connections from a computer wich is trusted ?

    And why can't I see the connections that are used like in outlook.com ?

    I should be able to accept connections but also to reject old connections or app password.

    Now I think multi factor for 365 is rubbish and unusable

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow only some users to create app passwords

    App passwords are a bad idea. They are ugly enough that users are going to write them down on a post it and leave it on their desk. (Which is worse for security)
    I don't want some of my users to be able to create App passwords, like external partners who have internal accounts. But it looks like this is only a global setting.

    It would be nice if I could be more granular with this control.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base