Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add phone call language support for non-browser based apps (VPN) to Cloud Azure MFA

    Please provide a method to set a default phone call language per user when using hosted/cloud Azure MFA to protect non-browser based applications (ex. VPN). Have the ability to set the phone call language either per user or based on other user attributes. This is possible today in the on-premise MFA server and should also be possible when using Azure MFA in the cloud.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Conditional access validated prior to password

    Today, authentication validated the password before hitting the conditional access, therefore allow for password sprays to lock the accounts.

    Office 365 and Azure logins should take the password (as we do today), proceed with conditional access, even if the password is wrong, allowing conditional access to block password sprays. Then if the password is incorrect, deny the access or send for approval in the azure app or request the token, whatever is the preferred choice for MFA.

    Hope I was clear...

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow Applications to be Protected by MFA through CA

    Allow the following appliations to be protected by MFA through Conditional Access:

    • Office365 Shell WCSS-Client
    • Microsoft Office 365 Portal
    • O365 Suite UX

    These applications are related to the Office Portal.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. NPS extension for Azure MFA - Allow to use the Realm manipulation in Connection Request Policies

    NPS server cannot perform real manipulation to change the domain name from the user UPN before the AD authentication happens, even if the Connection Request Policies contains the appropriate rule. This is a limitation for us when consolidating companies through AD on premises and Azure AD, including Azure AD MFA. Actually, UPNs are different until the AD migration is complete and having a chance to manipulate the realm might help us to accelerate the integration.
    Having said that, it would be a nice feature to have the NPS server to NOT ignore the realm manipulation when the rule is active…

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Reports to find that how many users have skipped MFA because of IP White list option in MFA

    Reports to find that how many users have skipped MFA because of IP White list option in MFA

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable MFA when a delegated partner (CSP) accesses a customer tenant

    We have enabled MFA for users in the AAD tenant associated with our CSP enrollment. MFA works properly when we access the Partner Center portal; however, MFA does not work when we directly access a customer tenant, e.g., Azure Management Portal, using our CSP tenant credentials. For example, accessing https://portal.azure.com/ using our CSP credentials invokes MFA but accessing https://portal.azure.com/<customer_tenant> using the same credentials does not.

    According to Microsoft support, this is because MFA can only be triggered for users in the AAD tenant, not the partner's CSP tenant.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Show the Country and App/OS that triggered the MFA request via Authenticator app pop up

    If using the Microsoft Authenticator app with App Notifications for Azure MFA requests why can't we also have the Country and App or OS which has triggered the MFA request?

    This will help users from blindly always tapping Approve and also give them more info on what app has requested MFA.

    You can already see this info in the Azure AD sign in and audit logs so why can't it be pushed through to the app pop-ups too?

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. change default MFA method / configuratble default MFA method

    Hi,
    Currently when users enable MFA on their accounts, "OneWaySMS" method is the default option. This is a less secure and higher friction UX of the available options.

    It being the default method seems to contribute to it being the most common method used.

    Request the defaults to be reconsidered.
    - no default. Require the user to make an explicit choice
    - change the default to either PhoneAppNotification or PhoneAppOTP
    - make the default an admin configurable option

    thanks

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Make Trusted IPs a Standard Feature of MFA for Office 365 and MFA for Azure AD Admins

    Not being able to set Trusted IPs for MFA for our Office 365 users and Azure AD admins is the primary reason we have not implemented MFA.
    For admins, admin tasks are done almost exclusively while on our LAN. When we tried enabling MFA, it was too cumbersome to use when authenticating to each service in PowerShell.
    For Office 365 users, our biggest threat is compromised credentials being used by malicious actors from outside of our company. Requiring MFA to be used while on our LAN slows down the adoption of all but the most basic Office 365 services (in…

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Port Azure MFA Server (PhoneFactor) reports from "classic portal" to "new"/current portal and give "Security Reader" role access to them.

    Port Azure MFA Server (PhoneFactor) reports from "classic portal" to "new"/current portal and give "Security Reader" role access to them.

    The Azure MFA Server - Activity Report which is currently available in the "new"/current Azure portal and all of the MFA Server reports that are only available in the "Classic" are only consumable by "Global Admin" role members. This makes it difficult to utilize with the rest of the security protection model available to the "Security Reader" role members.
    It would be useful to get these reports moved to the "new"/current Azure portal and get them accessible to the "Security…

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add Windows Server 2016 support for Azure MFA server

    I hope that Microsoft will soon add for Windows Server 2016 for the Azure MFA server. Perhaps it should be added to Windows as a new role

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Provide MFA Reports via API or reporting services

    Currently we pull a daily user detail report from the MFA portal and add it to a spreadsheet we then visualise with Power BI. It allows us to monitor the success/failure rate across authentication methods. Linked to an AD extract it also allows us to report based on country.

    It would be useful if the report data could be obtained via API to automate the collection of this data

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow removal of Office Phone option in Azure MFA cloud portal

    We sync Office Phone so that its in the GAL for our o365 deployment, but we do not want that listed in the Azure MFA portal (aka.ms/mfasetup). We want only the primary and backup phone options that the user must enter themselves during enrollment.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Authenticator App

    Most organizations require their users to enroll with Intune before they can access their 365 email... why not enroll their device into the authenticator app automatically during the Intune enrollment. Or if they install the app from the intune store, it automatically enrolls the device into the authenticator app... QR code is a little clunky for average users, and at this point the device is managed and can be wiped at anytime by Intune admins

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. MFA

    Update the Multi Factor Authentication (MFA) Gui so we can see any account that is NOT enabled or enforced. Seems like a basic setting but I cannot find any resource to help identify these risks and it is troubling (and manual).

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. IPv6 Whitelisting option in Azure Multi-Factor Authentication

    The Azure Multi-Factor Authentication server software only allows IPv4 whitelisting. IPv6 whitelisting would be great for the future.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. allow for multi-byte (unicode) characters to be allowed when using the RADIUS authentication method in on-prem MFA

    Its currently not possible for users to authenticate via on-premises MFA if the given user has a unicode (multi-byte) character in their password like a £. This becomes inconvenient especially when MFA is being used as an authentication method for remote access and there aren't any other remote access methods available that don't use MFA.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add capability for MFA at user login to MacOS

    It would be great if Azure MFA had the capability to enforce multifactor authentication (MFA) at user login to MacOS - similar to how Duo works.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Extend Azure MFA with features that are only supported by the MFA server on-prem

    Extend Azure MFA with features that are only supported by the MFA server on-prem!

    Caching
    On-time bypass
    Customized text messages
    Token Support (I read it is planned)

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Enable One Time Passcode (OTP) option via alternate email address, as a verification option for Azure MFA (cloud).

    This will enable a way for those with no landline or mobile device to receive an OTP via their personal email account, in order to complete MFA challenge. Good option to have, as then we don't need hardware token support like OATH TOTP.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base