Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. MFA service account

    Recommendations in AAD recommends to register and require ALL users to be using MFA but, Microsoft doesn't filter out user accounts that are real accounts and accounts that are running as service accounts or shared accounts, so my suggestion in order to sort out what is service account that MFA can't be applied it needs to be changed as designation of accounts meaning, because user accounts can be marked as real user and service account can be marked as service account. I am possibly missing something, but I saw that possibility in Other OS. They're supposed to be a way…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow "large" backups of Microsoft Authenticator app

    I have 132 accounts set up in the Microsoft Authenticator app on my phone. When I try to enable backup, I get the message, "Your backup is too large. Cannot save to the cloud."

    I would very much like to be able to back this up so I can move it to another device. Also because I never want to go through the MFA registration of 132 accounts ever again!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. MFA unblock on same menu as MFA settings

    Put MFA unblock on same menu as MFA settings.

    In the MFA settings menu "Admin Center, AAD, Users, MutiFactor Authentication, select user and then click on ‘Manage User Settings", there is no setting to ‘unblock’ the user. To unblock user, you have to go to "Admin Center, AAD, Security, MFA, Block/Unblock Users"

    May I suggest that the unblock user setting also appear in the "Admin Center, AAD, Users, MutiFactor Authentication, select user and then click on ‘Manage User Settings" menu?

    And/or consider under "Admin Center, AAD, Security, MFA" that you point to the same menu where you can manage user…

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. it just shows 0 of 0 users for multi factor, yet users are all enrolled and using it.

    In active directory insights, it shows 0 of 0 users for multi factor, yet i have it turned on and implemented for all users.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Public API for Azure MFA cloud service

    With Azure MFA Server no longer supported for new installations as of mid-2019, RADIUS is no longer an option for Azure MFA authentication. I want to use a different (non-AzureAD) primary auth method and use Azure MFA only as a 2nd auth factor - but there is no SDK or public API access to Azure MFA cloud service. This would be very helpful now that Azure MFA server is being deprecated.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. please provide export for MFA

    Currently there is no way to track MFA status except for copying and pasting page by page the info from the MFA Status page(s) which is very tedious.

    It would be ideal if there was an export option to be able to create a worksheet to be used as a punch list for follow up.

    Also why is there no "Disabled" dropdown in addition to Any, Enabled, and Enforced?? This should be added

    Many other products have this option...this one should as well

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow user's MFA for common propogate to other domains

    You can reset your MFA options at https://aka.ms/mfaSetup.

    But the changes don't propagate to other AZ domains.

    So if the Admin only has Authenticator enabled in a custom domain and he changes phone or loses his phone. The Admin will be locked out forever. The custom domain never getd updated with the MFA phone updated in the Common domain, And the Admin can't self service to update the MFA phone either.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. We need to set Alert in Conditional Access Policy if someone successfully access from Outside India if policy violates.

    We have Conditional Access Policy to restrict users if someone access from Outside India MFA should be triggered. This policy is working fine but if someone successfully hack the user account and Successfully Login from Outside India, alert should be configured but alert configuration option is not available in Azure. Please add this option which will improve the user experience.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. MultiFactor on a Plane with WiFi

    Need a way to accommodate two-factor on a plane. While WiFi for your laptop/device is available, receiving a text or phone call is not possible. Trying to login to any Microsoft services does not seem possible.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. 2-Factor Authentication after Phone Reset.

    After I reset my phone to factory default, my Authenticator App can not add me up to my account any longer. What Can I do now?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Provide a prompt when using azure MFA with RDP

    Currently if you use Azure MFA and remote desktop with the NPS doing the authentication the user receives no prompt that the server is waiting for MFA to be approved on the devic. As per your own article on it the RDP connection will just sit at initiating remote connection until it fails so if the users phone is in another room they just call help desk asking why they cant login.

    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg#verify-configuration

    A simple "please approve the MFA prompt on your MFA device" notification on this screen would make it a 1000% more useful and cut down a heap…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. There seems to be no Azure AD role to manage OATH tokens

    Currently it seems only Global Admins can manage OATH tokens in Azure AD. Would be good if you could delegate that topic.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. mfa

    Shorten cooldown for MFA

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. an additonal solution to MFA Authentication is introduced in the event that neither the Authenticator App codes or Phone contact don't work

    Recently my previous Mobile device broke & fortunately I had a back up I could simply reinstate the new device. Nevertheless, when it came to the Authenticator App, this fell miserably on it's nose. The generated codes were no longer accepted & the Mobile did not receive the Authentication message being sent when I needed to log into the Azure Portal.
    Principally I was locked out. As a one man show, I do not have additional colleagues that have global Admin rights.
    I see this could be a problem in the future when more small businesses commit themselves to operating…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Change the message text to "Use a verification code from my mobile app or hardware token"

    Currently, when users configured Azure MFA for hardware token and phone number, they can choose MFA method when signing in azure portal.
    In the Azure AD logon page, users see following options.


    ・ Use a verification code from my mobile app

    ・ Text +XX XXXXXXXXX

    It's not intuitive for customers to choose "Use a verification code from my mobile app" even though they are using hardware token.
    So please change the message text to "Use a verification code from my mobile app or hardware token".
    I am support professional and I am receiving unnecessary support calls from users because the…

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Show Sign-in info (location, client, device-type, etc) in Authenticator app

    especially for users (e.g. admins) who receive a lot of MFA signin requests via their Authenticator App (sometimes at unexpected moments), it is crucial that they can quickly verify where the authentication request originated from (detailed location info) and more details on the device (client app, device-type, etc) so the user can make an informed decision if the MFA authentication request on his phone is legitimate or not.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Change B2C default setting for MFA phone number masking.

    B2C MFA service display user phone number as "--123456" by default. I feel it is unfamiliar because of inserted hyphen.

    I think it is better "+XX XXXXXXXX56" same as Azure AD MFA service does.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Create a migration scenario for migrating Azure MFA on-premise to Azure MFA to the cloud

    Imagine an organization of 10000 employees that uses Azure MFA on-premise and wants to migrate to the cloud. Does Microsoft really want that organization to re-enroll all their 10000 users?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. We would like to activate MFA at our designated time.

    At present, MFA is activated at the time when the administrator enables MFA per user.
    We would like to activate MFA at the administrator's designated time. We believe that this enables us to broaden our range of operation.
    It would be great if we could, for example, control by designating the time to parameter "RememberDevicesNotIssuedBefore".

    26 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base