Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. MFA “Remember Me” should work with Guest accounts

    “Remember Me” works with Member accounts but not Guest accounts. Guest accounts don’t get the “don’t ask me again for x days” prompt. Remember me is an element of the overall MFA policy, and with CA policies lets me decide how to balance authentication assurance and risk with what the resulting user experience is. I typically don’t discriminate between member and guest accounts in my MFA and CA policies, and I am generally shooting for a typical online consumer banking like MFA experience for all of my users. Right now I can’t achieve that with my guest users.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. MFA for multi-tenants

    Many customers, specially in Education run multiple tenants for several reasons, including security and functionality, and is not feasible to join the tenants. These customers, use Microsoft MFA for tenant 1 and are forced to go to third party MFA to allow their ADFS to work with both tenants. By creating a dual tenant MFA solution it will enable the customer to stay with a single provider.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. mfa security info default

    If one enables the feature to combine MFA with SSPR, Azure MFA 'Security Info' UI 'Default Sign-in Method' (screencap attached) should not display phone as an option if SSPR's feature has disabled phone as a method as it's confusing to users when managing their 2fa methods. Simply remove from the UI to match what options are enforced to be consistent.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Request for registration of OATH token and connection to user:

    We would like you to allow end users to register OATH token by themselves as well as other multi-factor authentication notifications (i.e. telephone and SMS)

    If our request above is not permitted, please consider the following to reduce the time and effort of the administrator:
    - Registering OATH token information prior to registration of associated user information
    - Connecting the user and OATH token by GUI operation from Azure portal instead of importing CSV
    - No entering authentication code when activating OATH token

    51 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow for the default Microsoft Authenticator account named of “Azure AD” to be configurable.

    If a user goes to https://aka.ms/mfasetup and sets up their account preference then they do get an account named accordingly in their Authenticator app…
    However if a user doesn’t setup their account preferences and they log into the Outlook app on their phone for the first time and receive Intune app protection policies they end up with an Authenticator account named “Azure AD”.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

  6. Provide Office Phone as a Multi-Factor Authentication (MFA) option

    Please add Office Phone and Extension as an option in the preview feature of MFA Registration process. It is very hard for us to require end-users to use their personal phone for MFA business needs. Here are references to this change that Microsoft is previewing... https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-registration-mfa-sspr-combined

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Provide Office Phone as a Multi-Factor Authentication option

    We had an issue with "Office Phone" (with extension) not being available anymore as a MFA method for end-users to select. Turns out that we had a "preview feature" enabled that no longer supports office phone in the MFA Registration process. This is a problem for us, as it is very hard for us to require end-users to use their personal phone for MFA business needs. Please add Office Phone and Extension as an option in the preview feature of MFA. Here are references to this change that Microsoft is previewing... https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-registration-mfa-sspr-combined

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. MFA enrollment date

    Would like to see when user originally enrolled in MFA. Date/time/ip address/

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. MFA

    Hi,
    It would be great to have an option, to use Azure MFA, which is part of ADFS 2019, while using Alternate Login ID, other than UPN. We can use Alternate Login ID, like mail, to sign in to o365 and use MFA that is configured on AZURE side. But if you want to do preauthentication for your onpremiss application, it is impossible to configure MFA, because only UPN is checked on ADFS during MFA request. If user are using Alternate Login ID, error is thrown that user has no MFA option configured.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. One time MFA bypass for conditional access

    I would like the ability to issue one time bypass for conditional access invoked MFA. This does not currently exist and having to disable and reenable users MFA for lost/misplaced tokens is a real pain.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. How to fix windows is not connecting to internet

    My wiindows is not working,not connecting to internet,not responding etc.These are the major issues of windows & if you are unable to fix these issue call 1855-345-8210 toll free number for fix these issue.
    https://www.outlooktechnicalhelpline.com/windows-is-not-connecting-to-internet/

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. MFA authenticator improvement

    It would be helpful to know which app was requesting the code or the approval. When the whole office suite is asking for it for example. On startup it can be Skype ondrive outlook teams SharePoint and more. Pretty annoying. Especially if the notification for the application on your PC hides behind the actual application you won't notice

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Always prompt for MFA for an Enterprise Application

    I'd like to mark a particular Enterprise Application as "critical" and always ask for MFA when a user is accessing it regardless of their logged in state.

    I.e. when accessing Payroll (SuccessFactors) or our Remote Access Tool - I want to ensure MFA is being asked for again (and again) every time the close that browser window/session/tab even if the user has a logged in session to O365 - any other enterprise app is fine and can be accessed if user is already logged in.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. MFA messes with login, Outlook and Skype. Waste of time and nerves. Make it WORK or KILL it !

    Disable this wrong second password mess and let us work !
    A simple code sent to a phone should be enough, those dumb lower case letters 16 characters secondary app passwords are the worst idea I ever had to endure.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure Policy - MFA Policies support for an internal MFA Server

    We would like to use the Azure MFA policies, however they assume the usage of Azure MFA, and within our company we are using an On-premise MFA server. We have now disabled the policies, based on a statement from the PG on supporting this feature:

    - You have disabled the default policies since you had no clear view on when it works.
    - We have checked the policy "Audit accounts with write permissions who are not MFA enabled on a subscription" and some of the users that had write permissions on the subscription were not enabled for MFA in Azure…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to up-vote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  16. on prem MFA

    Make the on prem country code list an editable list
    Currently no changes are allowed to the current static list of countries, making it hard to administer users are belong to countries not on the list (i.e Kosovo).
    A country code for the country of Kosovo to the list....

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. MFA notifications sent to mobile (SMS and App) on the same language as the user location in O365

    As per the current configuration design, it seems that users with MFA enabled on their accounts are receiving SMS and/or notifications sent via Authentication App on their mobiles, based on the Browser location settings.

    Example:
    If a user from Sweden travels to China, whenever accessing O365 portal via Mobile, the respective notification message will be sent in Chinese.

    To avoid this kind of issues, or even users on VPN we would like the respective message to be triggered in the language of the country associated with the user location setup in O365.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. MFA whitelist for NPS

    We need to be able to whitelist IPs so they are excluded from azure MFA when the users are connecting to RDS and NPS forwards requests to MFA.

    Scenario:
    We need to set up RDS environments where users who are connecting from the internet are provided with Multi-factor authentication, but with the possibility to bypass MFA when connecting from specific IP-addresses.

    The MFA-part is working, however, we need to be able to bypass MFA for specific IP-addresses which is impossible at the moment.

    This is business critical for our clients.

    Thank you

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow MFA via Email for external vendors

    The current MFA tools are tied to a device that a 3rd party would likely take with them if released from their employer, which poses a high potential for a security risk. If email based MFA was allowed for vendor access, then emails would be sent to a corporate mail server ensuring that the employee was still employed.

    I understand the argument that sending an email to the account you're trying to access is poor security posture, but if it is being send to a different domain, that risk should be mitigated and overall a better security mechanism.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Microsoft Flow needs to work in approval mail scenarios

    The "foreach" action in Flow runs synchronously, which is a problem when using approval emails -- the next approval email is not sent until the first is approved/rejected. Have to use LogicApps instead.

    0 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base