Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. que el rol de administrador de autenticación con privilegios permita visualizar, bloquear y desbloquear usuario de MFA

    que el rol de administrador de autenticación con privilegios permita visualizar, bloquear y desbloquear usuarios de MFA

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Revoke MFA Sessions | PowerShell | Graph API

    Hello,
    Please make it possible to do "Revoke MFA Sessions" using PowerShell or Graph API.
    Thank you!

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Change the number of digits to identify an alternative phone

    My work phone and my personal phone both have the same last two digits (this is a 1:100 likelihood), hence I can not differentiate between them when asked for the last 2 digits. Please change the number of last digits required to identify a phone, I would suggest a minimum of 4. Alternatively and better, also allow the user to select which digits to use, maybe the FIRST 4 digits or a sequence from the middle of the number.
    Thanks

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Require specific Multi Factor Authentication method for App

    When using Conditional Access to give access to a specific application it will today per default use the user specified preferred Multi-factor Authentication method.

    We would like to be able to protect the access to some apps a little further to ensure that the user must unlock the phone and open the authenticator app.

    Add support for forcing the authentication method towards specific apps with Conditional Access

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow us to set up multifactor authentication method policies

    Sometimes I want to assign an authentication methods for a user without necessarily enable that method for the entire company. For example, we may want to require user to complete an awareness training before using a certain method. This becomes especially important for the upcoming passwordless authentication. Therefore it would be very useful to be able to create policy groups for different combinations of authentication methods.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Create custom AAD role for only editing MFA information

    Azure Active Directory (AAD) role to only updating the Strong Authentication information (such as Reset MFA, Revoke session token), but not for resetting users passwords.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. la aplicacion me pide un codigo qr y la pagina de office no me lo da

    la aplicación me pide un código QR y la web de office no me lo da

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. sign-in logs

    Provide a capability to filter on successful and failed MFA authentications for the user sign-in activity logs within the AzureAD Portal. As a consumer of an AzureAD directory of 120k plus user director using MFA, this is critical for reflecting usage and availability of your services.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Improve UX of MFA Enrollment Process when Requiring an Authenticator App

    We use a conditional access policy to enforce MFA enrollment for all users, including guest users, since the data that everyone is accessing is highly confidential. In addition, because SIM-stealing attacks are becoming more and more common, our MFA policy is configured to require an app rather than relying on codes provided by SMS or phone calls.

    With this combination of settings, we find guest users to be very disoriented, confused, and frustrated by the current MFA enrollment process. Since this process is often the user's first impression of our technology and Microsoft Azure, it's important for the user experience…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. xclude the carriers terminating via SIMBOX for successful authentication

    The issue of concern is the authentication calls arriving us local numbers (Simbox) which results in failed authentication process.
    We request you to urgently to exclude the carriers terminating via SIMBOX for successful authentication process for MFA Authentication connect requests.
    We note that the authentication from VPN login terminates via SIMBOX/Bypass routes and thus increase login failures as the #prompt may not be send back for authentification as well us it is fraudulent in nature.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. landline verf option.

    I am currently a victim of spoofing (piracy) for over 8 mos. anything I type or submit electronically is copied by the hackers. A Mutli factor authentication using a landline that I can register as my number might be helpful.. I can register my job number. corp security or even the police officer's number. either they provide my authentication or the spoofer attempts to pirate the number and caught with a back trace.I have over 15 email address attempting to access my account information because there is not a secure way to retrieve your old account without creating a new…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. IPv6 support for access to Azure Active Directory - login.microsoftonline.com - only IPv4 reachable

    Add support for IPv6 to Azure Active Directory to be reachable via IPv6 as well.

    MFA etc. should be supported via IPv6 only as well.
    login.microsoftonline.com and other URLs used.

    br,
    georg

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Calendar aware MFA Risk Score Trigger

    Went to Team Collaboratorium today and was suggested to post this here for the IDM team -- would love to have the Calendar integration that can tell MFA that you are traveling so it can expect logins from a foreign location for this user (traveling to Berlin, Germany, expect a login to occur from there) and ignore home base of USA...

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Microsoft authenticator UI needs some change for showing recovery options

    The current v7 android Microsoft Authenticator app has a UI setting which does not define the recovery options which can only be reached if you click learn more . Hence It would be better if we change the title from details to something more simple and intutive to the user like "Recovery Help" for pointing them to the guide as it currently points to. "Details" is not the best word to describe the recovery options guide in the UI . It would be great if you could consider changing the same.

    Related Github :- https://github.com/MicrosoftDocs/azure-docs/issues/49539

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Azure MFA: Fallback to verification code when app push times out

    Cloud Azure MFA should have a fallback feature like the on-prem MFA server so that an app-push MFA user is prompted to enter the code from their authenticator app app when the app-push times out.

    The #1 use case for this is users connecting a laptop to airplane wifi.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. MFA enablement after clicking on the App Icon

    I integrated an Application for SSO with Azure. I want to Invoke MFA after the user hits the Application Icon from myapss.microsoft.com? How is that possible? Please let me know

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. MFA status after enabling MFA for users who have registered MFA notification destinations in advance

    We are deploying Azure MFA by the following method, and we perform various controls depending on the status of MFA ([Forced] or [Enabled]).
    https://docs.microsoft.com/ja-jp/azure/active-directory/authentication/howto-mfa-userstates
    Even without enabling MFA, I understand that it is possible to directly access 「https://aka.ms/mfasetup」 and register the MFA notification destination in advance.
    However, if you enable MFA after registering the MFA notification destination, the status of MFA will not be changed to [Forced] even though MFA setup has been completed.

    The specifications are different from the status of each MFA status described in the Microsoft public documentation.
    Since the control is based on the…

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. OAuth password flow should support 2FA app passwords

    The password flow should support app passwords.
    Use case: I have a linux repository that has secure access enabled. The users are entering the username and password on CLI level. As we are shifting to TrustBuilder (IAM) solution. We have the possibility to connect with different OAuth providers. Azure is our user database with 2FA enabled. It would be nice if users can generate an app password in Azure and use this on CLI level (in the background this converted on TrustBuilder to an OAuth password flow to Azure). As there is no WEB interaction possible

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. mfa

    CA has the ability to grant access by enforcing MFA, we have a use case whereby in the large part our user estate is configured for push notifications, we have some systems whereby we do not want this method of MFA (this is for a number of reasons), some scenerios we would prefer to selectively pick verifications codes as the only method of MFA but leave push notifications for other services.

    It would be great to also incorporate this into NPS in the form of say a RADIUS attribute which would be able to toggle between what MFA method to…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base