Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure MFA Server On Prem - Disallow Phone Extensions or Specific Phone Numbers

    PCI compliance puts services like soft-phones and VOIP as a risk for use with Multi-Factor. The reason being, if an employee has a soft-phone on a laptop that was stolen and their multi-factor is sent to the phone associated with that soft-phone, then both primary and secondary factors are on the same device, thus it is not true multi-factor.

    To mitigate this, it would be nice if we could disallow phone extensions and/or specific ranges of phone numbers (i.e. office phone numbers) from being used as valid options in the MFA server. Has anyone come across this scenario? If so,…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow AAD Guests to become members of mail-enabled security groups

    AAD Guests can be added to a security group in Azure, but Azure does not allow for the creation of a mail-enabled security (MES) group. An MES group can be created in the O365 admin portal or the EAC, but AAD guests are not listed as entities who could be added to the MES group. This makes it impossible to use groups to control access to SPO and O365 while also being able to communicate with the group via e-mail.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Move old MFA for Azure portal into AAD portal

    The current MFA Portal is terrible slow. Please move it into Azure AD Portal and make it faster. Currently on-prem MFA Server can be managed.

    I am sure this already is an idea, but I can't for my life find it.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Switch first and second faktor

    Make it possible to authenticate with OTP as first factor and if a strong authentication is needed the password works as second factor.
    Should be configured per App

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Management portal of MFA/conditional policies and automated management of users with conditional policies

    We have the MFA Conditional Policy in place but no good way to monitor and manage users. Manually running a powershell command to verify who is registered and who is not is an administrative headache.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. This SUCKS. I'm trying to get the authentication app to work on my Samsung Galaxy S8

    I've got the authentication installed, but when I want to set up the first account, it wants the QR code. When I try to get the QR code, it wants the verification code first. If I had the verification code, I wouldn't need all the rest of this ****! I'm sick of going in circles! I can't verify that its me unless you let me in to verify. The only choices its giving me is to use the authenticator app on my phone! Aaaargh!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Poder aplicar los dos pasos tanto en la PC (uso en el hogar) Lapto fuera del hogar.

    Que pueda aplicar los dos pasos cuando uso la PC en mi hogar, y aplicarla tambìen cuando uso la Lapto fuera del hogar. (estudios, oficina, viajando, etc)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. mfa

    sign-in log improvement for MFA info.
    It would be helpful to identify which application (defined in a conditional access policy) has triggered the MFA for a particular sign-in activity.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. This sucks!!! Very confusing and time consuming! What code do I use to get into the first log in?

    Why not just Keep It Simple Silly??? The is too time consuming to do on our own time, and it is frustrating for some of us!!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Adding Authenticator App Timeout

    Adding Authenticator app fail every time with timeout for new setup in new experience in Czech Republic.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow the user to unenroll from MFA

    After Two-Way auth is enabled (aka.ms/mfasetup) there is no turning back from the users perspective.
    The users should be given an option "Remove" from the attached screenshot, which is again at the aka.ms/mfasetup.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow Authenticator app in administrator password reset policy

    The default (and enforced) password reset policy for Administrative accounts does not allow the use of Authenticator (either codes or notifications), forcing instead the use of external email and either call/sms.

    From my perspective Authenticator seems a more secure choice than either of these two enforced methods.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Converged registration for self-service password reset and Azure Multi-Factor Authentication

    the new Converged registration for self-service password reset and Azure Multi-Factor Authentication needs to tell the user that the Administrator has set a minimum number of methods needed before the DONE button is available.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Hola. No me envía mensaje de comprobación ni llamadas y no es problema de señal

    No recibo mensaje ni llamada y no es problema de señal

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. authenticator app "work or school" account

    Why can't we use a work or school account along with iCloud account to back up the Microsoft Authenticator app? As a business, we'd like to improve the iOS device replacement process with a restore of the Microsoft Authenticator app. Most users do NOT have a personal Microsoft account, but DO have a work or school account.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. What ever this authenitcation system is it is not friendly to the user & I have lost alot of productivity constantly!

    Don't have it we already have bit locker which is also not working out very well and now this not user friendly at all I go through the entire 1st and second level of authentication and states successful and wants me to do it again and again and again- I have lost so much productivity as well as co-workers thank god it is a short week and I agree with other comments worse system ever. What do you expect from Microsoft and all its changes and patches. Apple any day Happy Thanksgiving!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enable Phone sign-in + Windows Hello

    Enabling phone sign-in with Authenticator apps (preview) seems to break Windows Hello for Business provisionning. The computer asks for more information instead of sending a notification to the Authenticator App. There is no way to validate and if you close the window WHfB provisionning fails.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Enable Phone sign-in + Windows Hello

    Enabling phone sign-in with Authenticator apps (preview) seems to break Windows Hello for Business. The computer asks for more information instead of sending a notification to the Authenticator App. There is no way to validate and if you close the window WHfB provisionning fails.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. We already have a production MFA 7.3 . Microsoft said when I upgrade from 7.3 to 8.x , users that are using the Authenticator app will need

    We already have a production MFA 7.3 .
    Microsoft said when I upgrade from 7.3 to 8.x , users that are using the Authenticator app
    will need to re-register , is this your experience ? As mobile app URL is now from Azure backend.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. YOUR SECURITY PROCESS DOES NOT HELP THOSE WITHOUT A I-PHONE

    YOUR SECURITY PROCESS DOES NOT HELP THOSE WITHOUT A I-PHONE.

    THOSE OF US LOG-ON AT HOME AND CANNOT DUE TO YOUR VALIDATION PROCESS REQUIRING AT DESK NUMBERS

    PEOPLE DO NOT RECEIVE OUR EMAILS DUE TO YOUR CHANGE

    YOUR Matthew CHANGE SUCKS

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base