Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. MFA whitelist for NPS

    We need to be able to whitelist IPs so they are excluded from azure MFA when the users are connecting to RDS and NPS forwards requests to MFA.

    Scenario:
    We need to set up RDS environments where users who are connecting from the internet are provided with Multi-factor authentication, but with the possibility to bypass MFA when connecting from specific IP-addresses.

    The MFA-part is working, however, we need to be able to bypass MFA for specific IP-addresses which is impossible at the moment.

    This is business critical for our clients.

    Thank you

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow MFA via Email for external vendors

    The current MFA tools are tied to a device that a 3rd party would likely take with them if released from their employer, which poses a high potential for a security risk. If email based MFA was allowed for vendor access, then emails would be sent to a corporate mail server ensuring that the employee was still employed.

    I understand the argument that sending an email to the account you're trying to access is poor security posture, but if it is being send to a different domain, that risk should be mitigated and overall a better security mechanism.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide admin role ability to view / delete registered authenticator apps

    Ran into an issue where user is capped at (5) registered authenticator apps. Working with support, there is currently no way for an admin to see how many registered authenticator apps a user has nor is there a way for an admin to delete them.

    Need ability for an admin role to view/query/modify registered authenticator apps.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support 3rd party MFA tokens with NPS Extension for Azure MFA

    The ability to use 3rd party MFA tokens with the NPS Extension for Azure MFA.
    It is very handy to use Azure MFA for VPN authentication but it is not always practical to use the Microsoft Authenticator app for MFA. There are often times where we need to give 3rd party contractors access to the VPN and providing them with a single hardware token is much easier to manage than having the Microsoft Authenticator app setup on a phone.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Conditional access validated prior to password

    Today, authentication validated the password before hitting the conditional access, therefore allow for password sprays to lock the accounts.

    Office 365 and Azure logins should take the password (as we do today), proceed with conditional access, even if the password is wrong, allowing conditional access to block password sprays. Then if the password is incorrect, deny the access or send for approval in the azure app or request the token, whatever is the preferred choice for MFA.

    Hope I was clear...

    20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow the creation of custom administrator roles in Azure Active Directory

    Allow the creation of custom administrator roles in Azure Active Directory. In our case we want to assign rights to our helpdesk to allow them to reset users MFA forcing them to proof up. The Authentication Administrator role allows for this but also grants too many other permissions that we don't want to give. Creating a custom role allowing for just MFA reset would resolve this

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add sorting/filtering to Microsoft Authenticator mobile app

    As MFA use expands, users will start to have dozens of MFA accounts. The Authenticator App is great, but its interface is lacking searching, filtering, grouping features. At least ONE of these would be helpful. Currently, a user needs to scroll through many pages to find the entry. It's not sorted in any fashion except for manual dragging and dropping. Please add SOMETHING to help locate accounts faster.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow admin to change timeout for response time of each MFA method

    Now the response timeout for each MFA method (Ex. App push notification is 1 minute etc.) is NOT changeable.
    Customer would like to be able to change this timeout.
    Because when they use NPS extension they are able to set timeout to NPS server but it does effected by the timeout above.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. DUO MFA - Does Not Re-prompt for Authentication when used with Azure CA

    Azure keeps the DUO MFA session cookie active in the browser even when an application has timed out or has been closed and re-opened. When re-authenticing with the application the CA Policy does not call the DUO servers for new session cookie (DUO have confirmed this). I would like to control DUO Authentication session times as you can with the native Azure MFA.

    In addition, I would like to see the following in azure sign-in logs:


    • DUO MFA has been used

    • CA Policy was triggered when DUO MFA is used

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. There should be an option to disable Office Phone as a verification option

    On the MFA settings portal, there is no way to separate office phone from cell phone when choosing the verification options that will be presented to users. The only option is "Phone call". However, when users go into the verification options on their user profile, they can choose to do MFA via "Office phone" or "Mobile phone".

    There needs to be a way to disable Office Phone as an option so that users cannot select it. It is not secure as a verification option.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. provide a radius service for azure active directory so vpn clients can use azure mfa

    provide a radius service for azure active directory so vpn clients can use azure mfa

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Azure Multi-Factor Authentication (MFA) - Microsoft Authenticator code reset options

    Provide us with the ability to ensure the MFA code reset password can be chopped up and sent to multiple individuals.

    I.e. the first half of the code gets sent to you and the second half gets sent to the IT Security Manager, System Admin or other Manager.

    Reason being is that I updated my work phone and needed to reset my Microsoft Authenticator code through the authentication web page. I followed the prompts to have it reset and the code was sent to my phone, from there I was able to scan the QR code on the screen and…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Please add Maldives to phone verification list.

    There is no option to select maldives whilr trying to do sms verification. I think this is a bug as all other Microsoft services has full support in maldives.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Currently there no visibility who approved the user the one time by pass from MFA User Portal and to skip the MFA step.

    Issue:-
    Currently there no visibility who approved the user the one time by pass from MFA User Portal and to skip the MFA step. Alos if Possible Please add info bar which will contain the reason of one time bypass, also How the user portal admin will verify the requested user is the real one.
    Impact:-
    The is Security loophole, there is possibility to missuse of account or this functionality with help of MFA User portal admin.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Email Notifications on MFA Initial Setup or Changes

    We would love to have customizable email notifications for users that establish their MFA profile or make any changes to their settings. We cannot find an easy way to trigger this currently, and it seems like basic security functionality.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Make the wizard fill the window for combined MFA and password reset registration experience in Office apps

    When an user opens an Office App (Outlook) and need to register for MFA and SSPR in the new registration Experience. The browser kiosk window is square, but the wizard is rectangular.
    Because if this, the Next buttons aren't visible without scrolling to the right site.
    Make the wizard fill the window.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Please update the MFA page to just redirect to AD Premium

    I still get customers and sellers saying that there is still an option for paying for MFA against an Azure Subscription. From what I understand this is no longer available, that you must purchase AD Premium. If I am correct, please remove the MFA page altogether or update it to reflect the new pricing model and put the old pricing model in the FAQ or something.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. One Step Instead of 2-Step Verification

    I won't use a 2 step verification. I don't have time to be kept bothering with it every time I need to sign in. It's too time consuming, If you could make a one step verification with face recognition or fingerprint, I would go for that,

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Provide support in ADAL4J library to authenticate MFA enabled user

    We are using ADAL4J library for Azure AD User Authentication, which enables a Native Client Application to do authentication using Username and Password without User Interaction. But for Multi Factor Authentication enabled Azure AD Users, Authentication is failing with AdalClaimsChallengeException with no API to provide the second factor.

    Please provide support for authenticating MFA enabled user using ADAL4J library.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
1 2 5 7 9 16 17
  • Don't see your idea?

Feedback and Knowledge Base