Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Provide Office Phone as a Multi-Factor Authentication (MFA) option

    Please add Office Phone and Extension as an option in the preview feature of MFA Registration process. It is very hard for us to require end-users to use their personal phone for MFA business needs. Here are references to this change that Microsoft is previewing... https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-registration-mfa-sspr-combined

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Provide Office Phone as a Multi-Factor Authentication option

    We had an issue with "Office Phone" (with extension) not being available anymore as a MFA method for end-users to select. Turns out that we had a "preview feature" enabled that no longer supports office phone in the MFA Registration process. This is a problem for us, as it is very hard for us to require end-users to use their personal phone for MFA business needs. Please add Office Phone and Extension as an option in the preview feature of MFA. Here are references to this change that Microsoft is previewing... https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-registration-mfa-sspr-combined

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. MFA enrollment date

    Would like to see when user originally enrolled in MFA. Date/time/ip address/

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. MFA

    Hi,
    It would be great to have an option, to use Azure MFA, which is part of ADFS 2019, while using Alternate Login ID, other than UPN. We can use Alternate Login ID, like mail, to sign in to o365 and use MFA that is configured on AZURE side. But if you want to do preauthentication for your onpremiss application, it is impossible to configure MFA, because only UPN is checked on ADFS during MFA request. If user are using Alternate Login ID, error is thrown that user has no MFA option configured.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. One time MFA bypass for conditional access

    I would like the ability to issue one time bypass for conditional access invoked MFA. This does not currently exist and having to disable and reenable users MFA for lost/misplaced tokens is a real pain.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. How to fix windows is not connecting to internet

    My wiindows is not working,not connecting to internet,not responding etc.These are the major issues of windows & if you are unable to fix these issue call 1855-345-8210 toll free number for fix these issue.
    https://www.outlooktechnicalhelpline.com/windows-is-not-connecting-to-internet/

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. MFA authenticator improvement

    It would be helpful to know which app was requesting the code or the approval. When the whole office suite is asking for it for example. On startup it can be Skype ondrive outlook teams SharePoint and more. Pretty annoying. Especially if the notification for the application on your PC hides behind the actual application you won't notice

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Always prompt for MFA for an Enterprise Application

    I'd like to mark a particular Enterprise Application as "critical" and always ask for MFA when a user is accessing it regardless of their logged in state.

    I.e. when accessing Payroll (SuccessFactors) or our Remote Access Tool - I want to ensure MFA is being asked for again (and again) every time the close that browser window/session/tab even if the user has a logged in session to O365 - any other enterprise app is fine and can be accessed if user is already logged in.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. MFA messes with login, Outlook and Skype. Waste of time and nerves. Make it WORK or KILL it !

    Disable this wrong second password mess and let us work !
    A simple code sent to a phone should be enough, those dumb lower case letters 16 characters secondary app passwords are the worst idea I ever had to endure.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure Policy - MFA Policies support for an internal MFA Server

    We would like to use the Azure MFA policies, however they assume the usage of Azure MFA, and within our company we are using an On-premise MFA server. We have now disabled the policies, based on a statement from the PG on supporting this feature:

    - You have disabled the default policies since you had no clear view on when it works.
    - We have checked the policy "Audit accounts with write permissions who are not MFA enabled on a subscription" and some of the users that had write permissions on the subscription were not enabled for MFA in Azure…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to up-vote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  11. on prem MFA

    Make the on prem country code list an editable list
    Currently no changes are allowed to the current static list of countries, making it hard to administer users are belong to countries not on the list (i.e Kosovo).
    A country code for the country of Kosovo to the list....

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. MFA notifications sent to mobile (SMS and App) on the same language as the user location in O365

    As per the current configuration design, it seems that users with MFA enabled on their accounts are receiving SMS and/or notifications sent via Authentication App on their mobiles, based on the Browser location settings.

    Example:
    If a user from Sweden travels to China, whenever accessing O365 portal via Mobile, the respective notification message will be sent in Chinese.

    To avoid this kind of issues, or even users on VPN we would like the respective message to be triggered in the language of the country associated with the user location setup in O365.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. MFA whitelist for NPS

    We need to be able to whitelist IPs so they are excluded from azure MFA when the users are connecting to RDS and NPS forwards requests to MFA.

    Scenario:
    We need to set up RDS environments where users who are connecting from the internet are provided with Multi-factor authentication, but with the possibility to bypass MFA when connecting from specific IP-addresses.

    The MFA-part is working, however, we need to be able to bypass MFA for specific IP-addresses which is impossible at the moment.

    This is business critical for our clients.

    Thank you

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow MFA via Email for external vendors

    The current MFA tools are tied to a device that a 3rd party would likely take with them if released from their employer, which poses a high potential for a security risk. If email based MFA was allowed for vendor access, then emails would be sent to a corporate mail server ensuring that the employee was still employed.

    I understand the argument that sending an email to the account you're trying to access is poor security posture, but if it is being send to a different domain, that risk should be mitigated and overall a better security mechanism.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Microsoft Flow needs to work in approval mail scenarios

    The "foreach" action in Flow runs synchronously, which is a problem when using approval emails -- the next approval email is not sent until the first is approved/rejected. Have to use LogicApps instead.

    0 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Secure MFA registration

    Assume that you enable MFA (e.g. through conditional access) only for external access, while MFA is not required for access from internal infrastructure; if a user only access services from internal where MFA is not required the account could be exposed for attacks from the Internet.

    An attacker that use credential stuffing or other password guessing techniques will upon successfully obtaining a users password be allowed to register MFA at the time when he/she meets the MFA requirement. In recent high profile attacks we have read about in the news, the technical breakdown says that the attacker logged in with…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Provide admin role ability to view / delete registered authenticator apps

    Ran into an issue where user is capped at (5) registered authenticator apps. Working with support, there is currently no way for an admin to see how many registered authenticator apps a user has nor is there a way for an admin to delete them.

    Need ability for an admin role to view/query/modify registered authenticator apps.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Support 3rd party MFA tokens with NPS Extension for Azure MFA

    The ability to use 3rd party MFA tokens with the NPS Extension for Azure MFA.
    It is very handy to use Azure MFA for VPN authentication but it is not always practical to use the Microsoft Authenticator app for MFA. There are often times where we need to give 3rd party contractors access to the VPN and providing them with a single hardware token is much easier to manage than having the Microsoft Authenticator app setup on a phone.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Conditional access validated prior to password

    Today, authentication validated the password before hitting the conditional access, therefore allow for password sprays to lock the accounts.

    Office 365 and Azure logins should take the password (as we do today), proceed with conditional access, even if the password is wrong, allowing conditional access to block password sprays. Then if the password is incorrect, deny the access or send for approval in the azure app or request the token, whatever is the preferred choice for MFA.

    Hope I was clear...

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow the creation of custom administrator roles in Azure Active Directory

    Allow the creation of custom administrator roles in Azure Active Directory. In our case we want to assign rights to our helpdesk to allow them to reset users MFA forcing them to proof up. The Authentication Administrator role allows for this but also grants too many other permissions that we don't want to give. Creating a custom role allowing for just MFA reset would resolve this

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base