Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure MFA server does not support E-Mail as an Authentication method, i.e. OTP getting delivered to EMail. This feature is required.

    Azure MFA does not support OTP over E-Mail, The support for the same is required for scenarios where Mobile is not allowed inside the premises due to security and has to be submitted outside at security desk. In such cases, OTP can be checked over E-MAil but that is not supported by MFA. Please suggest,

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Why My Gmail Not Receiving Emails? How to fix it?

    Get gmail related error solution for how to fix my gmail not receiving emails error via the customer service executives.Call 1855-345-8210 toll free number for help.
    For more info visit the given link:
    http://www.askhelpme.com/blog/gmail-not-receiving-emails

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Filtering on “MFA Auth Method” via the interface

    Filtering on “MFA Auth Method” via the interface, would be beneficial on the report we are looking at. Downloading the report is not really a good option as the report has over 250000 rows and last time we tried the download failed.

    The report doesn’t show us any data as we aren’t using MFA server, just Conditional Access policies.

    The report shows us the data, but doesn’t allow us to filter on MFA Auth Method.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Filtering on “MFA Auth Method” via the interface

    Filtering on “MFA Auth Method” via the interface, would be beneficial on the report we are looking at. Downloading the report is not really a good option as the report has over 250000 rows and last time we tried the download failed.

    The report doesn’t show us any data as we aren’t using MFA server, just Conditional Access policies.

    The report shows us the data, but doesn’t allow us to filter on MFA Auth Method.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Authenticator Backup for Android

    Hello,

    Could we get an update on the back up feature for the authenticator app please? Your article last year stated it was coming soon and the feature doesn't appear to have landed yet. This is effecting the take up of MFA as when people change their device they loose their 2FA tokens.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Update MFA number using Graph API

    I've seen various articles/requests for the ability to modify MFA number using the Graph API.

    All of these are dated early-mid 2018.

    I have not seen any progress or information that it is possible yet.

    What are the plans/roadmap for this feature? The need is becoming more important for us, and we've been waiting for this.

    Any information would be helpful.
    Thanks, Ricky

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow Helpdesk Systems to "Ping" users to verify identity

    When a user calls the helpdesk, the helpdesk teams need the ability to validate the identity of the user on the other end of the phone. The idea is that we would programmatically call an Azure MFA challenge response “on demand” as a part of the validation process. So, here’s the flow:


    1. User calls helpdesk to gain access to a system, change a password, etc.

    2. Helpdesk associate looks up the user in the Helpdesk System

    3. Helpdesk associate informs the user that their identity is about to be verified through a “ping” with MFA

    4. Helpdesk associate pushes a button in the…
    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Log IP of password reset requests and source IP of MFA triggers

    We recently experienced a user getting an MFA prompt as part of an attempted password reset request, but there is no logging of the IP or source of the request. Having IP data would allow for correlation of data with successful/failed logon attempts.

    It's actually amazing this isn't already a thing.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. integrate MFA configuration interface to a center place

    currently we have several interfaces for Azure MFA configuration:

    And each interface has it's own function, it would be great to integrate those interfaces into a center place such as Azure portal > Azure Active Directory > MFA blade for easier management.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. provide more specific error message for user MFA proof up

    when user is blocked for MFA and trying to proof up MFA in aka.ms/mfasetup, the returned error message is not so helpful - it just show "please check the phone number you specified or change your preferred option", along with a correlation ID and session ID. it would be better to return the specific failed reason so we could save a lot of time for troubleshooting.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. MFA, option to request setup only when outside the organisation/trusted IP scope

    I would like an option to select a group and not prompt them to setup MFA unless they are outside the trusted IP scope.

    Whilst on the trusted IP scope, the user shoudl have access to setup or continue onto office365

    Currently once MFA is enforced the user has no option but to set it up otherwise they cannot access office365 sharepoint homepage, if they cannot do it there and then it stops them from working

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. App permission to impersonate MFA

    There are some operations (via a daemon/service application) for which delegated permissions would be preferrable to application permissions e.g. sendmail. However, non-interactive access to Graph API requires excluding accounts from MFA, which is also undesirable.

    If there was an application permission to impersonate MFA then the daemon service would authenticate to the service principal e.g. using a certificate, then could authenticate as a specific account using credentials via the service principal. Hence it would not need to be exempted from MFA.

    Alternatively, the GetTokenAsync could accept cert plus credentials to achieve the same outcome.

    Where would this be useful? Using…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. MFA “Remember Me” should work with Guest accounts

    “Remember Me” works with Member accounts but not Guest accounts. Guest accounts don’t get the “don’t ask me again for x days” prompt. Remember me is an element of the overall MFA policy, and with CA policies lets me decide how to balance authentication assurance and risk with what the resulting user experience is. I typically don’t discriminate between member and guest accounts in my MFA and CA policies, and I am generally shooting for a typical online consumer banking like MFA experience for all of my users. Right now I can’t achieve that with my guest users.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. MFA for multi-tenants

    Many customers, specially in Education run multiple tenants for several reasons, including security and functionality, and is not feasible to join the tenants. These customers, use Microsoft MFA for tenant 1 and are forced to go to third party MFA to allow their ADFS to work with both tenants. By creating a dual tenant MFA solution it will enable the customer to stay with a single provider.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. mfa security info default

    If one enables the feature to combine MFA with SSPR, Azure MFA 'Security Info' UI 'Default Sign-in Method' (screencap attached) should not display phone as an option if SSPR's feature has disabled phone as a method as it's confusing to users when managing their 2fa methods. Simply remove from the UI to match what options are enforced to be consistent.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Request for registration of OATH token and connection to user:

    We would like you to allow end users to register OATH token by themselves as well as other multi-factor authentication notifications (i.e. telephone and SMS)

    If our request above is not permitted, please consider the following to reduce the time and effort of the administrator:
    - Registering OATH token information prior to registration of associated user information
    - Connecting the user and OATH token by GUI operation from Azure portal instead of importing CSV
    - No entering authentication code when activating OATH token

    62 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow for the default Microsoft Authenticator account named of “Azure AD” to be configurable.

    If a user goes to https://aka.ms/mfasetup and sets up their account preference then they do get an account named accordingly in their Authenticator app…
    However if a user doesn’t setup their account preferences and they log into the Outlook app on their phone for the first time and receive Intune app protection policies they end up with an Authenticator account named “Azure AD”.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

  19. Provide Office Phone as a Multi-Factor Authentication (MFA) option

    Please add Office Phone and Extension as an option in the preview feature of MFA Registration process. It is very hard for us to require end-users to use their personal phone for MFA business needs. Here are references to this change that Microsoft is previewing... https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-registration-mfa-sspr-combined

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Provide Office Phone as a Multi-Factor Authentication option

    We had an issue with "Office Phone" (with extension) not being available anymore as a MFA method for end-users to select. Turns out that we had a "preview feature" enabled that no longer supports office phone in the MFA Registration process. This is a problem for us, as it is very hard for us to require end-users to use their personal phone for MFA business needs. Please add Office Phone and Extension as an option in the preview feature of MFA. Here are references to this change that Microsoft is previewing... https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-registration-mfa-sspr-combined

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base