Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Authenticate to Web Application using Windows Authentication. Works on IIS but not on ASEv2 Azure Active Directory Sign-In for Mobile Device

    Thank you for your time Fahd. As discussed over the call with our Escalation team, to summarize the call based on your scenario which has been verified by our back end team specific to this Procura application integrated with Azure and when attempted to access on Android Mobile devices facing an issue. However, the same application works as expected when it has been hosted on an IIS server. This typically draws our team to a conclusion considering the past similar scenarios where few customers have tried choosing IWA (Integrated Windows Authentication) for accessing the Applications integrated with Azure and not…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. 2fa breaks SMTP/IMAP clients (even with the app password)

    I used to access my company emails with a mail client which now keeps asking for a password.

    If I access via web it asks for the second factor every time I try to open my emails.

    It's impossible for me to do my job.

    Thanks microsoft.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. PAP authentication and special characters in passwords

    We are experiencing an issue where users with certain special characters in their passwords are being denied access.
    My research shows that this is most likely due to a limitation in NPS using PAP, where the deciphered password is treated as ASCII and not UTF-8, misrepresenting characters such as £, Æ, Ø, and Å.

    If ms-chap-v2 had supported SMS or code authentication, this would not be an issue.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Enable connection from android when my Azure account is federated with Google

    Whenever I try to connect from Power BI mobile app (or any other Microsoft app for android) I get the following message immediately after validating my account Id.
    This account, like 3000 others in our company, is in domain "@veolia.com", which is federated to Google on our tenant.
    Users on root domain "@veolia0.onmicrosoft.com" don't encounter this problem.

    Error message follows :
    --- start of message
    Error: disalloweduseragent
    Google can't sign you in safely inside this app. You can use
    Google sign-in by visiting this app's website in a browser like
    Safari or Chrome.
    Learn more
    Request Details
    access
    type=online …

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. MFA partnership with V-Key

    V-Key (https://www.v-key.com/) is a MFA solution working with Singapore Govt and few international banks in APAC. We would like to be Microsoft's MFA partner. How do I take this forward?

    Below program from Microsoft Azure Active Directory is where we would like to partner:
    Custom controls (preview)
    Custom controls are a capability of the Azure Active Directory Premium P1 edition

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Provide MFA support for the new AZ modules

    We are currently and successfully using the ‘StrongAuthenticationRequirement’ object to enforce MFA via PowerShell with MSOline modules. We are reviewing our code base in prelude to upgrading to the new PowerShell AZ modules and we came across what we think is no support for MFA in the new PowerShell AZ modules. Security being such a fundamental requirement in this day and age we are hoping it’s the case that we have just missed something.

    Note: We are well aware that there are things we can now do to ease the upgrade namely coexistence between MSOnline & AZ modules and also…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow the ability to import and assign MFA hard tokens to be delegated

    right now, only a global admin can import and assign mfa hard tokens. It'd be great to be able to delegate that ability to helpdesk or security team members. It really seems like something the existing Authentication Administrator role should be able to do

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. MFA Office Phone calling should identify extensions by comma

    Users are typically set in AD with a comma preceding their extension for their Office phones. This is so that users can click on someone's phone number using their cell phone to dial numbers automatically.
    Having to change to " x" breaks this functionality that and in turn when calling from a shared company number, random users become associated with the caller ID.
    In short Azure should be able to work with commas to be able to identify and dial Office phone extensions to prevent breaking other systems.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Combined security information registration (Preview) language issue

    The Combined Security Information Registration outlined in the follow documentation is not functioning as described.

    https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined

    The Language is not pulling from the browser. In my scenario if I set this up using French language and have my German users attempt the process they are receiving the security questions in French and not German. The documentation outlines the language settings are of the computer accessing the page. This is not what I am experiencing.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Change the recommended account type from "Other" to "Work or School" account in certain circumstances when installing the Authenticator app

    When the Global Administrator chooses to combine MFA and SSPR setup and not allow the authenticator app choice of 'approve or deny', but only allows authentication by 'code', the user's choice of three accounts: Personal, Work or School, and other -- the web page suggests the user setup their account as 'other'.

    In other words, on the "Keep you account secure" page (as you're setting up the authenticator app in this scenario) asks the user to select "other" instead of "Work or School". It seems that removing the choice of "approve / deny" for the tenant for security reasons, shouldn't…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Need to restrict MFA type by user group

    Use a group policy to restrict the MFA type (i.e. app only) allowed.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Is there way we can add Authentication contact info via power shell

    is there way we can we can add Authentication contact info via power shell Like
    Phone,Alternate phone,Email & Alternate email via power shell ?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Converged MFA/SSPR does not activate Office Phone as MFA method without setting to default

    When using the new Converged MFA/SSPR registration it does not activate the Office Phone as an authentication method unless i set it to primary. Also, this experience does not show the extension information from AD as the previous enrollment page shows.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow organizations to randomly send an MFA request to test/train the user

    Some organizations are testing their users by an anti-phishing campaign. The idea is simple: the organization randomly sends a phishing email to the user. If the user clicks on the link, the user is informed about the campaign and how to prevent this from happening again. If the user clicks on a link for the second time, the user is required to complete a training on this topic.

    I would like to see this for MFA as well. MFA blocks 99.9 % of all the malicious authentication requests, but that's when we assume that the user is completely aware of…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow per user exceptions to Azure AD MFA

    I have several service accounts that need to work with NPS Radius MFA and O365 MFA. I would like these accounts to automatically be successful not requiring MFA prompt so they will work for service accounts

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Radius fail Open

    When using AUTHN Azure MFA with on premise Windows Server NPS, currently if the cloud service is unreachable users are blocked from completing MFA validation until service is restored or AUTHN/AUTHZ registry settings are removed.
    Ideally would have ability to set that if no response from Azure MFA in x seconds allow user to be authenticated with single factor.
    Other MFA vendors have this capability.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Pre-set End user’s phone number

    IT Admin expected that they are able to pre-set MFA phone number for end users so as to restrict the end user to only use compliance phone.
    IT Admin also expected that they could have full control to set the authentication method for users .

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. We need three methods: (1) Dial a phone number (2) SIP URI Dial (3) SmartPhone App to multi-factor authenticate via Phone Factor

    We need three methods: (1) Dial a phone number (2) SIP URI Dial (3) SmartPhone App to multi-factor authenticate via Phone Factor. Today methods 1 and 3 are supported. As systems move to VoIP, SIP URI will become the standard way to dial a hardware/software based phone.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Token activation Verification code cannot start with a 0

    When activating a OATH Token a verification code can not start with a zero, the 0 is removed automatically and activation fails

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow user admins to see and/or set MFA methods of user in Authentication methods menu in Azure AD

    currently with MFA+SSPR combined; when an admin goes to look up a user > Authentication methods in Azure AD. They can see and set only the users phone.

    It should atleast show:
    - if the user if enrolled in MFA cloud
    - if so, what is their default method
    - allow the admin to change the default method for the user or set the user's default method to get the user started. for example, allow the admin to set a brand new user to have default mfa method of phone call, and then the user can go change settings themselves…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base