Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Synchronizing Managed Service Accounts from OnPremise to Azure ActiveDirectory

    I wish there is a way to synchronize managed service accounts(MSA) from onpremise to Azure Active Directory, There are many third party applications where we are using the MSA's auth for the apps on-premise . Now we have needs to connect to Azure SQL Database and they can't connect it using the existing auth. I think currently there is no way to sync the MSA's from onpremise to Azure Active Directory.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. Please expose non interactive logins logs to customers

    We look to setup alerts for security events. AAD Risk event "Impossible Login" though consumes non interactive login events that are not visible to customers so its not possible to create an event.

    If there are two interactive login's and the second deemed a risk event because of impossible travel we can create an event looking for the risk field in the sign-in logs but if the second event is a none interactive login you can't create an alert, we can't see this event.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  3. exo_evo_migration@support.microsoft.com showing up in audit logs creating cloud accounts

    exoevomigration@support.microsoft.com showing up in audit logs creating cloud accounts

    This is a known background service syncing the O365 and Azure AD but does not show the initial actor in the Azure Logs only the exoevomigration@support.microsoft.com which requires searching the EXO logs to find the actor who initiated the action.

    Can the actor be added to the Azure event log details without having to search the O365 logs.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  4. Provide ability to unlink Azure from Office 365

    My company has an Office365 subscription and we use the AD to manage internal staff roles, system access, etc. We also have entirely separate external data centres running systems and services for external customers and financial partners. We are now engaging in a migration exercise to move our data centres to the cloud. I created an Azure account using my company email address (naturally), and it automatically pulled in all settings and staff and who knows what else from our Office365 AD. This has already caused many issues in just a few days. Through multiple calls and emails with MS…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. This is not an idea but a feedback

    I find the idea of entering the OTP everytime I login ,very absurd. atleast you should not ask for OTP on the same system which I was logged

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. Smart Lockout For Full Azure users is mandatory

    We Implement Azure AD and Intune in our organization 600+ users some of them on hybrid and some of the Full AD join.

    RIght now from a security perspective, there is an issue with SmartLockout feature, users can't be locked according to Microsoft support, in case they try to sign in with a bad password to their computer, which is very bad in case someone from outside will try to access company resources.

    the answer was that it can be work only if we will disable user cache credentials and then in case of user don't have network access he…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  7. Display list of connected domains when creating new user

    It would be nice to have a drop-down list of available domains when creating a new user in Azure AD just like we have at portal.office.com.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. I work for BP Shipping. We do not have normal phone link. Why not use what's app?

    Use what's app for ship's who are sometimes 1 month away from land and normal mobile link un-available.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  9. Keeping guest account in the inviting AAD updated with changes made in the user's home AD

    We're collaborating with an external party on a project and have invited around a 100 users of theirs as guest users in our AAD. The external party recently migration to another email domain. The good news is that this change didn't impact their ability to SSO into SharePoint and other O365 products. The only downside we found is that the user name filed of the guest account in the inviting AAD still had the original email.

    In summary, users added pre-migration have the old email domain suffix and users added post-migration have the new email domain suffix. I would be…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  10. Introduce the functionality to add PDLs/DDLs into application's user and group assignment.Right now only security group could be added.

    Introduce the functionality to add PDLs/DDLs into application's user and group assignment.Right now only security group could be added.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  11. Stop use the function

    How can i stop use the function to log in my account! It's really inconvinience to me! tell me how stop use it that is my right.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  12. inconvinience; limited ;

    If international students come bake to their home country and take online courses how they receive their verify code from their US phone #?
    Now, I really want to know how I can stop use the verify code to log in my account. I am not stay with my cell-phone all the time. Each time I log in my account that I must find where my cell-phone is which really inconvenience for me. On the other hand, I don't believe that such any bored person would steal and log into a student's mailbox and blackboard unless their motivation is interstress…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  13. Disable Add subscription outside home directory

    Currently it is not possible to add a subscription to a directory that is not your home directory. However, the "Add" button is still shown and active under subscriptions when logged in to a non-home directory. Creating a subscription this way confusingly adds it to the user's home directory without regard for the directory where you wanted to add it. This should either be clarified when initiating the create subscription wizard, or the Add button should be removed/disabled when not in the home directory.
    Situation: User belongs to one directory and is added to another with sufficient permissions to create…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  14. WHFB is not working with Server 2019 Domaincontrollers

    We had Windows Hello for Business working fine.
    We created a new ad forest with only servers 2019, now WHFB is not working anymore.

    "This option is temporarily unavailable. For now, please use a different method to sign in." and KRB Error: KDCERRCLIENTNAMEMISMATCH

    please fix

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  15. smartlock - powershell commands

    It would be nice for administrators to see what accounts are currently locked or how much time to go if they were locked by smart lock out. Or even a way to unlock them?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  16. azure ad app Required permissions dependency

    Presently when you create a azure ad app and app the api in Required permissions. It requires that app the api has be in specific order to use the KnownClient setting for Creating the service principal in Consumer Tenanat. Please make check the internal dependency of Required api before creating the service Principal.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  17. Stop asking me to add security questions. I don't want them on my account. I'm not adding them. Stop trying to force it.

    Stop trying to force me to add security questions. I have too many possible answers. I just want to access my account quickly so I can get back to work. If I add them, I'll second guess what the answer is and possibly get it wrong and then be locked out of my account longer. It's happened before. Security questions are rubbish and you are affecting my ability to treat my patients in a negative fashion by slowing me down by hitting to decline 3 times to log into my work account and another two times to check me email.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  18. Azure AD Account Initials

    The initials circle that is generated in Azure AD and propagated to other workloads seems to parse the DisplayName attribute which does not always render the correct initials. For example, if the CX uses "BusinessUnit-FirstName LastName (Contractor)" as a naming convention then everyone gets the exact same "BC" initials. This has been a complaint for way too long and is easily resolved by using the FirstName and LastName attributes to generate the correct initials and fall-back to DisplayName only if they are not populated.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  19. AD Attribute Info (AKA Notes) for Groups should be sync to Cloud and Available to Exchange Online.

    The AD Attribute Info (AKA Notes) is currently synced for Users but not for Groups. The companies I have worked before made heave use of it and surprise no one else complain. Also, its a field available in the GUI. I would think all attributes exposed via the GUI should have been synced.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  20. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base