Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Display list of connected domains when creating new user

    It would be nice to have a drop-down list of available domains when creating a new user in Azure AD just like we have at portal.office.com.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. I work for BP Shipping. We do not have normal phone link. Why not use what's app?

    Use what's app for ship's who are sometimes 1 month away from land and normal mobile link un-available.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  3. Keeping guest account in the inviting AAD updated with changes made in the user's home AD

    We're collaborating with an external party on a project and have invited around a 100 users of theirs as guest users in our AAD. The external party recently migration to another email domain. The good news is that this change didn't impact their ability to SSO into SharePoint and other O365 products. The only downside we found is that the user name filed of the guest account in the inviting AAD still had the original email.

    In summary, users added pre-migration have the old email domain suffix and users added post-migration have the new email domain suffix. I would be…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  4. Introduce the functionality to add PDLs/DDLs into application's user and group assignment.Right now only security group could be added.

    Introduce the functionality to add PDLs/DDLs into application's user and group assignment.Right now only security group could be added.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. Stop use the function

    How can i stop use the function to log in my account! It's really inconvinience to me! tell me how stop use it that is my right.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. inconvinience; limited ;

    If international students come bake to their home country and take online courses how they receive their verify code from their US phone #?
    Now, I really want to know how I can stop use the verify code to log in my account. I am not stay with my cell-phone all the time. Each time I log in my account that I must find where my cell-phone is which really inconvenience for me. On the other hand, I don't believe that such any bored person would steal and log into a student's mailbox and blackboard unless their motivation is interstress…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  7. Disable Add subscription outside home directory

    Currently it is not possible to add a subscription to a directory that is not your home directory. However, the "Add" button is still shown and active under subscriptions when logged in to a non-home directory. Creating a subscription this way confusingly adds it to the user's home directory without regard for the directory where you wanted to add it. This should either be clarified when initiating the create subscription wizard, or the Add button should be removed/disabled when not in the home directory.
    Situation: User belongs to one directory and is added to another with sufficient permissions to create…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. WHFB is not working with Server 2019 Domaincontrollers

    We had Windows Hello for Business working fine.
    We created a new ad forest with only servers 2019, now WHFB is not working anymore.

    "This option is temporarily unavailable. For now, please use a different method to sign in." and KRB Error: KDC_ERR_CLIENT_NAME_MISMATCH

    please fix

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  9. smartlock - powershell commands

    It would be nice for administrators to see what accounts are currently locked or how much time to go if they were locked by smart lock out. Or even a way to unlock them?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  10. azure ad app Required permissions dependency

    Presently when you create a azure ad app and app the api in Required permissions. It requires that app the api has be in specific order to use the KnownClient setting for Creating the service principal in Consumer Tenanat. Please make check the internal dependency of Required api before creating the service Principal.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  11. Stop asking me to add security questions. I don't want them on my account. I'm not adding them. Stop trying to force it.

    Stop trying to force me to add security questions. I have too many possible answers. I just want to access my account quickly so I can get back to work. If I add them, I'll second guess what the answer is and possibly get it wrong and then be locked out of my account longer. It's happened before. Security questions are rubbish and you are affecting my ability to treat my patients in a negative fashion by slowing me down by hitting to decline 3 times to log into my work account and another two times to check me email.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  12. Azure AD Account Initials

    The initials circle that is generated in Azure AD and propagated to other workloads seems to parse the DisplayName attribute which does not always render the correct initials. For example, if the CX uses "BusinessUnit-FirstName LastName (Contractor)" as a naming convention then everyone gets the exact same "BC" initials. This has been a complaint for way too long and is easily resolved by using the FirstName and LastName attributes to generate the correct initials and fall-back to DisplayName only if they are not populated.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  13. AD Attribute Info (AKA Notes) for Groups should be sync to Cloud and Available to Exchange Online.

    The AD Attribute Info (AKA Notes) is currently synced for Users but not for Groups. The companies I have worked before made heave use of it and surprise no one else complain. Also, its a field available in the GUI. I would think all attributes exposed via the GUI should have been synced.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  14. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  15. Intune Roles Assignments

    Intune currently doesn't allow a privilege account access the Intune portal without assigning an E3 license. We have L1 and L2 support that we want to be able to limit the access of the portal and do not want to grant them Global Admin access, but we also do not want to assign a second license for the privilege account for custom roles. Will there be an limited Intune Roles Assignments that doesnt require a license in the road map?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  16. option to prevent users to consent to third party tenants

    Admins can today block the users ability to grant consent to applications. However, this will not block users from consenting to being invited into third party tenants as guests.

    I suggest that Azure AD should get a “external access” feature where Azure AD admins can choose (per user/group) to either;
    - Allow users to access all external tenants as guests
    - Allow users to access selected external tenants as guests
    - Allow users to access selected external tenants and require admin approval for all other external tenants
    - Users are not alloed to access external tenants (but admins are allowed…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  17. Azure Profile field updates

    I want to be able to add fields into the Azure profile (to then sync into SharePoint, so we don't have to update it in both places)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  18. Azure AD Password Policy

    Azure AD should provide more parameters to configure as per the users need.
    For example as per my organisation's Security policy, the minimum password length required is 12. But there is no way to configure this parameter from 8.
    The Azure AD platform should provide the ability for users to configure the below password policy at least.
    1. Password history
    2. Password complexity of temporary password generated by Azure
    3. Password length

    44 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow users to remove themselves from Azure accounts (duh)

    I'm an independent contract developer. I did work for a client many years ago during which they added my personal email to their corporate Azure account.

    Recently I tried to login again to Azure portal using my personal email and was caught in an infinite redirect loop that timed-out with "your account is locked".

    After ~3 weeks dealing with Azure support (who were completely useless) I self-diagnosed that the problem was my email was still attached to the client's account. I asked Azure support to remove the email, but they said I had to contact the client and ask them…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  20. Date in German group expiration e-mail has a wrong format

    See attached file. The E-Mail is in German except the date. Instead of "March 09, 2019" it should be "09. März 2019".

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base