Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. There should be an option to disable Office Phone as a verification option

    On the MFA settings portal, there is no way to separate office phone from cell phone when choosing the verification options that will be presented to users. The only option is "Phone call". However, when users go into the verification options on their user profile, they can choose to do MFA via "Office phone" or "Mobile phone".

    There needs to be a way to disable Office Phone as an option so that users cannot select it. It is not secure as a verification option.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. provide a radius service for azure active directory so vpn clients can use azure mfa

    provide a radius service for azure active directory so vpn clients can use azure mfa

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Azure Multi-Factor Authentication (MFA) - Microsoft Authenticator code reset options

    Provide us with the ability to ensure the MFA code reset password can be chopped up and sent to multiple individuals.

    I.e. the first half of the code gets sent to you and the second half gets sent to the IT Security Manager, System Admin or other Manager.

    Reason being is that I updated my work phone and needed to reset my Microsoft Authenticator code through the authentication web page. I followed the prompts to have it reset and the code was sent to my phone, from there I was able to scan the QR code on the screen and…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Please add Maldives to phone verification list.

    There is no option to select maldives whilr trying to do sms verification. I think this is a bug as all other Microsoft services has full support in maldives.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Currently there no visibility who approved the user the one time by pass from MFA User Portal and to skip the MFA step.

    Issue:-
    Currently there no visibility who approved the user the one time by pass from MFA User Portal and to skip the MFA step. Alos if Possible Please add info bar which will contain the reason of one time bypass, also How the user portal admin will verify the requested user is the real one.
    Impact:-
    The is Security loophole, there is possibility to missuse of account or this functionality with help of MFA User portal admin.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Email Notifications on MFA Initial Setup or Changes

    We would love to have customizable email notifications for users that establish their MFA profile or make any changes to their settings. We cannot find an easy way to trigger this currently, and it seems like basic security functionality.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Make the wizard fill the window for combined MFA and password reset registration experience in Office apps

    When an user opens an Office App (Outlook) and need to register for MFA and SSPR in the new registration Experience. The browser kiosk window is square, but the wizard is rectangular.
    Because if this, the Next buttons aren't visible without scrolling to the right site.
    Make the wizard fill the window.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Please update the MFA page to just redirect to AD Premium

    I still get customers and sellers saying that there is still an option for paying for MFA against an Azure Subscription. From what I understand this is no longer available, that you must purchase AD Premium. If I am correct, please remove the MFA page altogether or update it to reflect the new pricing model and put the old pricing model in the FAQ or something.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. One Step Instead of 2-Step Verification

    I won't use a 2 step verification. I don't have time to be kept bothering with it every time I need to sign in. It's too time consuming, If you could make a one step verification with face recognition or fingerprint, I would go for that,

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Provide support in ADAL4J library to authenticate MFA enabled user

    We are using ADAL4J library for Azure AD User Authentication, which enables a Native Client Application to do authentication using Username and Password without User Interaction. But for Multi Factor Authentication enabled Azure AD Users, Authentication is failing with AdalClaimsChallengeException with no API to provide the second factor.

    Please provide support for authenticating MFA enabled user using ADAL4J library.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Text messages only works intermittently

    Half the time I‘m asked for the verification code when signing in, I never got any text message. Usually after the first attempt I have to click “Sign in another way” and choose another text message and then most of the time it will work on the second attempt. (This morning it failed to send on the second attempt as well.)

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. MFA records date of modification

    It would be nice to have additional details like the following when you run powershell script get-msoluser -userprincipalname user@contoso.com | FL

    -Time/date it was enabled first
    -Time/date it was last modified

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Improve Azure MFA NPS extension logging

    We had an issue deploying the Azure MFA NPS extension recently as per this thread - https://social.msdn.microsoft.com/Forums/en-US/6fd88b14-8353-4eac-be42-501ce1986c11/troubleshooting-azure-mfa-extension-for-nps-issue?forum=windowsazureactiveauthentication.

    After a number of weeks trying to solve it, we ultimately had to move NPS to new servers as we could not find a solution. This was mainly because the logging from the extension is great when it is functioning relatively normally (successful logons, simple failures like missing certificates, ACCESS-REJECT messages received etc.), but for less well defined failure modes there seems to be a complete lack of useful logging.

    In the case of the above issue, we had verbose logging turned…

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Verification by call never succeeds on the first try

    Whenever I use the verification by phone call, it never registers when I press the '#' key. I need to hang up and have the system call me again. On the second try it works like a charm.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. provide a way to import OATH tokens into Azure MFA, assign them to users, and autoactivate them, in order to allow migration

    Need a way to import OATH tokens, assign them to users, and have them activated automatically, in order to allow migration from an existing system using the OATH tokens without having to manually activate each one individually.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Dont require a phone call every time I sign in. I do not always have phone service and its very inconvenient.

    Do not require a phone call every time I sign in. I do not always have phone service and its very inconvenient.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Generate alert MFA information updates

    Create the possibility of generating an alert for MFA information update, so admins can keep track of them.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Set MFA using Azure Active Directory Powershell Module

    Add support in Azure Active Directory PowerShell module to set Multi-Factor Authentication (MFA).

    Thanks

    100 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. protesta

    IL programma a cui mi riferisco è il Global Advanteg della DELOITTE che
    richiede un cod from Microsoft Authenticator App ma quest'ultima
    invia un codice di otto cifre quando ne vengono accettate solo sei

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow users with MFA to login via CLI (az login)

    az login currently does not work with Microsoft accounts or accounts that have two-factor authentication enabled, see: https://docs.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest#az-login

    Following the idea of Infrastructure-as-Code (IaC), we pro-grammatically use `az login` to set up our infrastructure. However, we would highly prefer using user account when running such scripts manually compared to service principals:
    a) Audit logs on Azure should show *who* (= real user) triggered infrastructural changes
    b) MFA-backed accounts are more secure

    See also: https://github.com/Azure/azure-cli/issues/6962

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base