Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. USE AUTHENTICATOR AS 2nd factor

    This is as classic a mind numbing and soul crushing experience as I have experienced in my 30 plus years of a Microsoft missionary . Have 4 or 5 hours to waste? look for documentation showing you how to set up logging into windows 10 on an AAD machine which triggers an authentication in the authenticator app - just admin its the most value added thing you could do and for some reason it doesn't exist - but you can do it for FREE with your Microsoft account - WHY??? PATENTLY RIDICULOUS

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. How to transfer google authenticator to new phone

    First of all, don’t remove Google Authenticator app from your old phone until you add tokens to your new phone. To move all your tokens from one phone to another you should log into each your account and disable 2FA. In process of disabling you will be asked to provide the OTPs generated by your current phone. As soon as you disable 2FA, you should re-enable it and add tokens to your new phone. You’ll find the instructions how to transfer Google Authenticator to a new device on our Blog

    http://myc4.proboards.com/thread/2874/transfer-google-authenticator-new-phone

    https://www.assistotalk.com/how-to-create-a-group-in-gmail-account/

    https://www.assistotalk.com/repair-ok-google-not-working-or-responding/

    https://www.assistotalk.com/gmail-attachment-not-uploading/

    https://www.assistotalk.com/fix-now-google-play-clash-of-clans-sign-in-disconnected/

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Your App authentication is not only useless but doesn't make sense. it's a complete waste of time!

    Make changing security phone numbers simple! Whatever you guys at Microsoft are doing it's broken and time consuming! You tell users to fix MFA go to profile but your links are not where you state they should be, which makes it more confusing to the user! This is a simple request that you all made difficult and confusing!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure MFA OATH Tokens

    when importing csv of oath tokens they show up in myapps.microsoft.com as Authenticator App. Would be good to enter custom name or last 4 digits of serial number.

    When you have testing and or users with multiple tokens no way to know which one you are deleting/changing

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. MFA Phone Numbers Verification or Encryption in DB

    It would be beneficial to be able to enforce that multiple users are not using the same phone number for MFA within the on-prem MFA server.

    Additionally due to privacy concerns, it would be beneficial if the phone number field were encrypted in the database such that admins are unable to retrieve them in clear text from the server.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Change Sign-ins from infected devices title to Sign-ins from suspicious IP

    Change Sign-ins from infected devices title to Sign-ins from suspicious IP. The title of this detection is inaccurate, it is actually when a sign in has been detected from a suspicious IP. Improved wording would be appreciated.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. MFA Limit the Amount of One-Time Bypasses Allowed

    It would be nice if it were possible to limit the amount of one-time bypasses a user can issue themselves within a 24 hour period. Because a user is able to login to the MFA User Portal using security questions when they do not have access to their primary MFA device, someone can essentially bypass MFA altogether by using security questions and issuing themselves a one-time bypass as many time as they want. This also violates PCI compliance in that it doesn't meet the criteria that "MFA should be implemented so that authentication mechanisms are independent of each other."

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Unique Sender

    We have been reported by our users that the MFA codes are being sent by totally different numbers. Although we know that this is an expected behaviour, it would be good to consider at least calling the senders in the same way, and if possible not Microsoft, but an agnostic name.

    It would also be good to be able to customise the message with a custom text to offer a better user experience.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. MFA Verification Method, "Call to phone", The user answers the call and presses #. This should be a configurable option to use different key

    Sometimes the users' local phone system reserves the "#" key for a special purpose on incoming calls. Meaning that the touch tone sound is not passed onto the caller, in this case the MFA incoming call. Currently, MFA doesn't allow changing this to use a different key. This should be configurable (to use a different key) in the same way that the voice message being played is configurable.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure MFA Server On Prem - Disallow Phone Extensions or Specific Phone Numbers

    PCI compliance puts services like soft-phones and VOIP as a risk for use with Multi-Factor. The reason being, if an employee has a soft-phone on a laptop that was stolen and their multi-factor is sent to the phone associated with that soft-phone, then both primary and secondary factors are on the same device, thus it is not true multi-factor.

    To mitigate this, it would be nice if we could disallow phone extensions and/or specific ranges of phone numbers (i.e. office phone numbers) from being used as valid options in the MFA server. Has anyone come across this scenario? If so,…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow AAD Guests to become members of mail-enabled security groups

    AAD Guests can be added to a security group in Azure, but Azure does not allow for the creation of a mail-enabled security (MES) group. An MES group can be created in the O365 admin portal or the EAC, but AAD guests are not listed as entities who could be added to the MES group. This makes it impossible to use groups to control access to SPO and O365 while also being able to communicate with the group via e-mail.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Move old MFA for Azure portal into AAD portal

    The current MFA Portal is terrible slow. Please move it into Azure AD Portal and make it faster. Currently on-prem MFA Server can be managed.

    I am sure this already is an idea, but I can't for my life find it.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Switch first and second faktor

    Make it possible to authenticate with OTP as first factor and if a strong authentication is needed the password works as second factor.
    Should be configured per App

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Management portal of MFA/conditional policies and automated management of users with conditional policies

    We have the MFA Conditional Policy in place but no good way to monitor and manage users. Manually running a powershell command to verify who is registered and who is not is an administrative headache.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. This SUCKS. I'm trying to get the authentication app to work on my Samsung Galaxy S8

    I've got the authentication installed, but when I want to set up the first account, it wants the QR code. When I try to get the QR code, it wants the verification code first. If I had the verification code, I wouldn't need all the rest of this ****! I'm sick of going in circles! I can't verify that its me unless you let me in to verify. The only choices its giving me is to use the authenticator app on my phone! Aaaargh!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Poder aplicar los dos pasos tanto en la PC (uso en el hogar) Lapto fuera del hogar.

    Que pueda aplicar los dos pasos cuando uso la PC en mi hogar, y aplicarla tambìen cuando uso la Lapto fuera del hogar. (estudios, oficina, viajando, etc)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. mfa

    sign-in log improvement for MFA info.
    It would be helpful to identify which application (defined in a conditional access policy) has triggered the MFA for a particular sign-in activity.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. This sucks!!! Very confusing and time consuming! What code do I use to get into the first log in?

    Why not just Keep It Simple Silly??? The is too time consuming to do on our own time, and it is frustrating for some of us!!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Adding Authenticator App Timeout

    Adding Authenticator app fail every time with timeout for new setup in new experience in Czech Republic.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow the user to unenroll from MFA

    After Two-Way auth is enabled (aka.ms/mfasetup) there is no turning back from the users perspective.
    The users should be given an option "Remove" from the attached screenshot, which is again at the aka.ms/mfasetup.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base