Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow the Forgot my password link to be changed to my own SSPR solution

    Allow me to customize the Forgot my password link on the Azure AD sign in page so I can send users to our existing SSPR solution.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  3. Membership Request notification and response from MyApps portal

    There are a lot of great features for the MyApps portal for Group management detailed here: https://docs.microsoft.com/en-us/azure/active-directory/user-help/my-apps-portal-end-user-groups

    There is one glaring thing missing though, no way to be notified/respond to a group membership request. Almost the entire workflow is there for Group self-service and self-management, but when a user requests access to a group all the Owner gets is an email. It doesn't have a link to approve or even see more details. It would be great if the portal had notifications for them to respond, a single place to manage all requests.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  4. Removing different tenants/directories if I am the owner of the company

    Is it possible if you are company owner and you have employs to have access to remove the tenants or directories that are created under you / under your account

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow the thumbnailPhoto attribute to be synced multiple times between Azure AD and Exchange Online

    Currently, "The thumbnailPhoto attribute is synced only one time between Azure AD and Exchange Online. Any later changes to the attribute from the on-premises environment are not synced to the Exchange Online mailbox." Please remove this subsequent limitation so that updated photos propagate.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. Show at the portal the quota that is being used by the tenant

    Please add at the portal the quota that is being used by the tenant to be able to request to Microsoft to increase the limit prior to have affectation and impact on the sync, b2b invites, app creations etc.

    Current limit is 1 million, and when reach we will need to create a ticket with MS to increase the limit.

    There's no way to know the value of the total currently in use.

    The advice from MS was to run a:

    Azure PS
    (Get-AzureADUser -All $true).Count
    (Get-AzureADGroup -All $true).Count
    (Get-AzureADContact -All $true).Count
    (Get-AzureADDevice -All $true).Count
    MSOL PS
    (Get-MsolUser -All -ReturnDeletedUsers).Count

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  7. there should be an option to search the users or sort them in the azure active directory group members

    when we create a group on azure active directory we add members in it but when the number increases and we need to track a user . it becomes a very tedious task as we dont have the option to search the user or sort them .

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. Consider providing Group settings to be accessed when creating a group in Active Directory

    When creating a group in AD the settings to deliver messages to a users inbox are turned off. When a group is created in the Office 365 Admin portal these setting seem to default to On. It would be helpful to have access to these settings in AD. This would facilitate creating a group with the proper settings while allowing users to recognize that there are setting that need to be considered for a new group.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add authentication logging for Azure Active Directory Domain Service

    Currently if I want to gain additional insight on why a user may be unable to login to our AADDS we have to file a support ticket.

    We are able to manage our AADDS with the classic AD management tools - a similar experience would be ideal for log review. Although we would still be happy to have access through the Azure portal as well.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  10. Get rid of all the security that will ultimately keep the computer owners out.

    Give the user the option to select security, not force it on them with complexity that will ultimately lock them out.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  11. Provide the ability to remove disabled subscriptions.

    If you have a subscription that entered disabled state, Let's say it was a sponsorship provided by Microsoft itself for training purposes, once it is disabled at the current moment you have to live with it forever. There is no way of removing it from your AAD directory. You have to filter it out so that you do not see it when browsing resources. That is dumb. We should be able to say we do not need this anymore, so remove it delete it whatever. "Hiding it" is not the right answer.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  12. Home phone attribute does not get syncronized in Azure AD but it does in O365, need this attribute to be synced with Azure AD too

    Home phone attribute does not get syncronized in Azure AD but it does in O365, need this attribute to be synced with Azure AD too

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  13. Guest Access - Limited AzureAD contact information only via Role

    Add a method to allow Guest user to access only basic contact information of a select number of AzureAD user info without setting Restrict Guest User access to “no” and Restrict User access to azuread to “no”.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow Custom Domains to have service principals in Azure AD

    Currently, if I want to use my own certificate for a custom domain in Azure CDN, I have to grant Azure CDN access to my KeyVault. That means anyone in the organization can potentially set up a custom domain using my KeyVault certificate. Instead, move the level of access policy down to the custom domain so that I can grant a specific custom domain access to the KeyVault and limit access that way.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  15. Synchronizing Managed Service Accounts from OnPremise to Azure ActiveDirectory

    I wish there is a way to synchronize managed service accounts(MSA) from onpremise to Azure Active Directory, There are many third party applications where we are using the MSA's auth for the apps on-premise . Now we have needs to connect to Azure SQL Database and they can't connect it using the existing auth. I think currently there is no way to sync the MSA's from onpremise to Azure Active Directory.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  16. Please expose non interactive logins logs to customers

    We look to setup alerts for security events. AAD Risk event "Impossible Login" though consumes non interactive login events that are not visible to customers so its not possible to create an event.

    If there are two interactive login's and the second deemed a risk event because of impossible travel we can create an event looking for the risk field in the sign-in logs but if the second event is a none interactive login you can't create an alert, we can't see this event.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  17. exo_evo_migration@support.microsoft.com showing up in audit logs creating cloud accounts

    exo_evo_migration@support.microsoft.com showing up in audit logs creating cloud accounts

    This is a known background service syncing the O365 and Azure AD but does not show the initial actor in the Azure Logs only the exo_evo_migration@support.microsoft.com which requires searching the EXO logs to find the actor who initiated the action.

    Can the actor be added to the Azure event log details without having to search the O365 logs.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provide ability to unlink Azure from Office 365

    My company has an Office365 subscription and we use the AD to manage internal staff roles, system access, etc. We also have entirely separate external data centres running systems and services for external customers and financial partners. We are now engaging in a migration exercise to move our data centres to the cloud. I created an Azure account using my company email address (naturally), and it automatically pulled in all settings and staff and who knows what else from our Office365 AD. This has already caused many issues in just a few days. Through multiple calls and emails with MS…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  19. This is not an idea but a feedback

    I find the idea of entering the OTP everytime I login ,very absurd. atleast you should not ask for OTP on the same system which I was logged

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  20. Smart Lockout For Full Azure users is mandatory

    We Implement Azure AD and Intune in our organization 600+ users some of them on hybrid and some of the Full AD join.

    RIght now from a security perspective, there is an issue with SmartLockout feature, users can't be locked according to Microsoft support, in case they try to sign in with a bad password to their computer, which is very bad in case someone from outside will try to access company resources.

    the answer was that it can be work only if we will disable user cache credentials and then in case of user don't have network access he…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base