Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

We have a new log in experience integrated with Azure AD, and we strongly recommend you log in with your Azure AD (Office 365) account. If your UserVoice account is the same email address as your Azure AD account, your previous activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Merge office365 and live accounts that use the same email address

    I use both Azure/msdn and office 365
    I already had an msdn account mvdl@our-company.com ( Windows Live account) and our company recently migrated to Office 365 which resulted in a mvdl@our-company.com Office365 account.

    Wich is causing a lot of grieve when switching between asure web portal / msdn web portal / office 365 web portal

    Even when I have no portals open, I cant switch accounts. I need to explicity open the portal that I last logged in to. Log out, and then I can switch accounts.

    And having both office 365 portal and Azure portal open at the same…

    1,157 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    229 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

    Folks,

    Thanks for the questions and suggestions. And apologies for not sharing any update on this thread for so long. We’ve been working on this problem and have announced changes on our official team blog (see here: https://cloudblogs.microsoft.com/enterprisemobility/2016/09/15/cleaning-up-the-azure-ad-and-microsoft-account-overlap/).

    First, we are acutely aware of the UX pain this is causing and we are sorry for this. We are trying to undo a decade and a half of systems divergence. There are literally hundreds of different engineering teams across Microsoft involved in this effort. So this is taking time.

    Second, we can’t easily “merge” two accounts, or allow IT to “take over” personal Microsoft accounts. There are two main hurdles: (1) The terms of service are fundamentally different for the two account types and (2) they are based on different technologies with different stacks (different identifiers, SDKs, token formats, etc.). We’re working to converge the two stacks but again this…

  2. Allow different login branding customizations per-domain

    We have a number of subdomains in our tenant which are used for various purposes - clients, partners, staff etc.
    It would be great to be able to customise the login branding customisation settings on a per-domain basis rather than globally across the tenant.

    126 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  3. Fix Error AADSTS50020 when logged in user doesn't have permissions to selected Application.

    Currently if the logged in users doesnt exist in the Tenant Directory for a given application. The user is shown a very unhelpful page with the following:

    Sorry, but we’re having trouble signing you in.
    We received a bad request.

    The debug error is :
    AADSTS50020: User account 'some email address' from external identity provider 'https://sts.windows.net/someguid/'; is not supported for application 'https://someappurl'. The account needs to be added as an external user in the tenant. Please sign out and sign in again with an Azure Active Directory user account.

    125 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  33 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow more customization of the myapps.microsoft.com portal.

    Would be great if I could forward a subdomain to our myapps.microsoft.com portal. Instead of giving users a the microsoft.com URL, I want to give them one.theblaze.com.

    Second, would be great if there was a newsfeed widget at the top of the portal that could show an RSS feed of company news.

    83 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks so much for the feedback! Customizations of the My Apps portal for both end users and admins are on our roadmap. This includes providing the ability to re-arrange and group apps and as well as using a customizable domain.

    We are also looking to see if we can enable embedding other components like widgets. We’re still in process of validating options for this.
    Please keep sharing your feedback and ideas around this!

  5. Password expiry notification for Azure AD joined devices?

    It would be great if a Password Expiry notification could be implement for full Windows 10 Azure AD-joined clients in the same way as the domain joined clients receive them. A notification that pops up at bottom-right corner of the screen. At the moment I wasn't able to find any way of enabling that.
    We use Azure Directory Sync - no ADFS.

    75 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. Device-level authentication as primary authentication like ADFS 4.0 (Windows 2016) in Azure AD

    It would be AWESOME, if Azure Active Directory would provide device-level authentication as primary authentication like ADFS 4.0 (Windows 2016)

    We need this please!

    71 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support pin to taskbar in Enterprise State Roaming

    The taskbar settings work with Enterprise State Roaming, they roam between different computers, but not the pinned apps. When users work at different computers, the roaming of pinned apps would be the most valuable part of a roaming taskbar.

    38 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. Customizable Password Policy and Account Locking Features

    1. Configurable password requirements (e.g., complex passwords, password length, character limitations etc)
    2. Configurable number of attempts before Account is locked

    38 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

    Hey folks, thanks for the interest in this, and we have some good news to share. Configurable lockout is in development now (mostly done, actually) and we’re aiming for June or July public preview.

    For configurable password complexity, length, etc, we hear you. Longer passwords are in planning now, and we’re thinking about our approach to how we want to enable the other configurability features. I don’t have any more details to share on this for now, but we do have interest in building features.

  9. Create sample code for a customized landing page for Azure AD applications

    The MyApps portal isn't customizable enough (many requests to improve this). Why not create and share sample code so customers can imbed Azure AD applications into their OWN landing pages?

    29 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks so much for the feedback! Customizations of the My Apps portal for both end users and admins are on our roadmap. This includes providing the ability to re-arrange and group apps and as well as using a customizable domain.

    Alongside this, we are looking at ways to expose these capabilities through APIs that allow customers to create their own version that meets their needs.
    Please keep sharing feedback and ideas!

  10. Support roaming of network printers with Enterprise State Roaming

    It would be great if the connected network printers would also roam between different computers with Enterprise State Roaming.
    They roam with UE-V. But if you combine UE-V with Enterprise State Roaming (what is the recommended solution of Microsoft) you loose the possibility of roaming network printers.

    28 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support roaming of more settings in Edge browser with Enterprise State Roaming

    We're very happy that with Enterprise State Roaming we've got a solution to roam different settings from Edge browser, specially the favorites. But for a good end user experience it would be necessary that also the possibility to set a specific page as the homepage and other settings like the preferred search engine in the address bar would roam between different computers.

    28 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  12. Need to add categories of applications in the myapps portal

    Need to add categories of applications in the myapps portal - as you add a large amount of SSO apps, need to make it easier for user to navigate

    27 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks so much for the feedback! We know how important it is for users to have the ability to customize their app list and make it very easy to find their core applications.
    Customizations of the My Apps portal for both end users and admins are top priority on our roadmap. This includes providing the ability to re-arrange and group apps and provide users sets of categorized apps.

    Please keep sharing your feedback and ideas around this!

  13. Allow administrators to unlock locked-out users in Azure AD Domain Services

    If a users gets locked out of their account in Azure AD Domain services there is no way to unlock it. The user has to wait for 30 minutes.
    Try telling the CEO you can't unlock her account?

    26 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure AD Smart Lockout unlock capability for admins

    I'm blown away by the lack of options once your account gets locked out by the Azure AD Smart Lockout feature. Not having the ability to monitor the account lockout duration or have the option to unlock an account using this feature is insane.

    25 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  15. Support HTML support in Azure AD Branding

    My colleague and I receive several customer requests regarding enabling support HTML support in Azure AD Branding like Samuel D. (Mr.ADFS) provided for ADFS.

    Microsoft currently only support plaintext for the "sign in page text".

    Please support the following bold, italics, colours, etc. text and support href links?

    Top request is for bold text and links. We don't need advanced stuff like JavaScript injection like in ADFS.

    24 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  16. Azure AD Password Policy

    Azure AD should provide more parameters to configure as per the users need.
    For example as per my organisation's Security policy, the minimum password length required is 12. But there is no way to configure this parameter from 8.
    The Azure AD platform should provide the ability for users to configure the below password policy at least.
    1. Password history
    2. Password complexity of temporary password generated by Azure
    3. Password length

    16 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  17. Application Management In Access Panel

    There are some issues, with the way apps are presented to the users in the access panel, this would bring the access panel experience up to par with equivalent 3rd party application portal apps.

    1. Please allow the administrative removal of any O365 application from a group of users in their Access Panel Application, even if they are licensed for a O365 product we dont necessarily want to have it display on a users access panel. e.g. Delve - we dont want the user to not have Delve access but we dont necessarily want the app linked on their access…

    16 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks so much for the feedback! Customizations of the My Apps portal for both end users and admins are on our roadmap. This includes providing the ability to re-arrange and group apps and as well as using a customizable domain.

    We’ve also recently add a few new features to allow you to better manage the visibility of apps on My Apps. You can now hide specific third party applications and as well as the set of Office applications. Learn more about it here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-coreapps-hide-third-party-app

    Please keep sharing feedback and ideas!

  18. My Apps portal getting crowded with Published Apps

    The Azure My Apps portal is getting crowded with Published Apps and there is no way to customize the look and feel. It would be nice if the portal allowed better oganization/customizations of the published apps where you could move around apps, hide apps, put apps into a folder structure, etc....

    16 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  19. All Admin to hide some Self-Service Group tiles (such as Delete) in MyApps portal

    Allow Admins to remove the Delete tile to prevent Group Owners from "Deleting" Azure AD Groups. We need to allow them to modify membership but not delete/edit/change ownership of the group that they have been granted owner access.

    16 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  20. Provide a better end user message for "We received a bad request" or AADSTS50105 message when user doesn't have permission to an application

    When using SAML-based SSO within Azure via a built-in app, or a custom non-gallery application, the error message that end users receive when they are not in a group that provides access is confusing.

    Users could attempt to access the application if someone sends them the "User access URL", and the message that they receive is the following:

    "Sorry, but we’re having trouble signing you in.
    We received a bad request."

    In very, very small text at the bottom of the screen, it says:
    "Additional technical information:
    Correlation ID: XXXXX
    Timestamp: 2017-08-10
    AADSTS50105: The signed in user 'user.name@contoso.com'…

    13 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 8 9
  • Don't see your idea?

Feedback and Knowledge Base