Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Intune Roles Assignments

    Intune currently doesn't allow a privilege account access the Intune portal without assigning an E3 license. We have L1 and L2 support that we want to be able to limit the access of the portal and do not want to grant them Global Admin access, but we also do not want to assign a second license for the privilege account for custom roles. Will there be an limited Intune Roles Assignments that doesnt require a license in the road map?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. option to prevent users to consent to third party tenants

    Admins can today block the users ability to grant consent to applications. However, this will not block users from consenting to being invited into third party tenants as guests.

    I suggest that Azure AD should get a “external access” feature where Azure AD admins can choose (per user/group) to either;
    - Allow users to access all external tenants as guests
    - Allow users to access selected external tenants as guests
    - Allow users to access selected external tenants and require admin approval for all other external tenants
    - Users are not alloed to access external tenants (but admins are allowed…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  3. Azure Profile field updates

    I want to be able to add fields into the Azure profile (to then sync into SharePoint, so we don't have to update it in both places)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure AD Password Policy

    Azure AD should provide more parameters to configure as per the users need.
    For example as per my organisation's Security policy, the minimum password length required is 12. But there is no way to configure this parameter from 8.
    The Azure AD platform should provide the ability for users to configure the below password policy at least.
    1. Password history
    2. Password complexity of temporary password generated by Azure
    3. Password length

    48 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow users to remove themselves from Azure accounts (duh)

    I'm an independent contract developer. I did work for a client many years ago during which they added my personal email to their corporate Azure account.

    Recently I tried to login again to Azure portal using my personal email and was caught in an infinite redirect loop that timed-out with "your account is locked".

    After ~3 weeks dealing with Azure support (who were completely useless) I self-diagnosed that the problem was my email was still attached to the client's account. I asked Azure support to remove the email, but they said I had to contact the client and ask them…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. Date in German group expiration e-mail has a wrong format

    See attached file. The E-Mail is in German except the date. Instead of "March 09, 2019" it should be "09. März 2019".

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow the Group Review Process owner to be changed through the GUI or Powershell

    The current Azure Group review process automatically sends out an email when the scheduled task to the review the group members is activated. This email contains the owner of the task as a contact for the "reviewer" to contact if they have questions, and this owner may no longer be the correct contact. It would be useful to be able to change the owner on reviews so that the reviewer can be referred to the help desk, instead of having to delete the review and re-create the review which changes the review schedule

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. Implement a windowed IDENTITY column definition

    Please implement a windowed identity column that automatically initializes and increments over a window in columns in a table.

    I would like the conceptual functionality of SelectedSubsetId below.

    CREATE TABLE dbo.SelectedSubset
    (

    ItemSetId INT NOT NULL FOREIGN KEY REFERENCES dbo.ItemSet(ItemSetId),
    
    SelectedSubsetId INT NOT NULL IDENTITY(1,1) OVER(PARTITION BY ItemSetId),
    PRIMARY KEY CLUSTERED (ItemSetId, SelectedSubsetId )

    )

    Where SelectedSubsetId would start at 1 and increment by 1 for each ItemSetId entered. Another table would would foreign key this primary key and add the item ids of the set

    CREATE TABLE dbo.SubsetItems
    (

    ItemSetId INT NOT NULL,
    
    SelectedSubsetId INT NOT NULL,
    ItemId INT
    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add dynamic owners to a group in addition to dynamic members

    Currently, groups can be defined dynamically with rules. Please expand that capability to dynamically define owners as well. This will be especially useful for Microsoft Teams. When the current owner of a group leaves the company or role, the person who replaces him/her should automatically become the new owner of the group.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  10. I downloaded and have used the app, but no icon appears on my pool home. Where is the app icon?

    NEED! Auto-download of an app, so settings can be changed at need.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure AD Smart Lockout unlock capability for admins

    I'm blown away by the lack of options once your account gets locked out by the Azure AD Smart Lockout feature. Not having the ability to monitor the account lockout duration or have the option to unlock an account using this feature is insane.

    55 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  12. Runescape Guide: Firecape

    I’m glad to introduce our guide encouraging you guys to get the Firecape by killing that red Hulk we all hate quickly from RSorder … THE TzTok-Jad in the Fire Caves.All the players desire this amazing cape because of the 4+ Strength and 11+ defensive stats, also if you want further access to Mor UI Rek this cape must be shown to the guards.

    The fire cape is the second best melee cape in the game after the infernal cape; to get the infernal cape you have to sacrifice your Fire cape, giving it to TzHaar-Ket-Keh (I know this hurts,…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  13. Regarding Password hash sync - Is it possible to enable password hash sync only for a group of our users?

    Is it possible to enable password hash sync only for a group of our users? As in larger environment we cannot implement directly on all users . if this feature is there we can test around and implement

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  14. Delivery of One-Time Password (OTP) over SMS

    The new One-Time Password (OTP) functionality delivers the OTP to the external user using the email address originally configured for the user. Would it be possible to add functionality that will allow the OTP to be delivered optionally over an SMS message as well?

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  15. Roaming User Profiles for Windows10 AzureAD joined only devices

    Now modern workplaces are moving to the Cloud much more Windows 10 devices are AzureAD joined only. When users share their devices they want to store and keep their personal user settings against all those devices.

    Enterprise State Roaming (ESR) and User Experience Virtualization (UE-V) are some solutions in this space. However they have some limitations using Windows 10 AzureAD only connected devices.

    Therefore it would be valueable if Roaming User Profile management will be added to Microsoft Device Management solution.

    One of our suggestions to reach this purpose is to combine the recently acquired FSLogix with Onedrive for this…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  16. Provide a feature to alert when the EA Account or Admins Log into Azure. This would help when any of the higher privileged accts are used

    Provide a feature to alert when the EA Account or Admins Log into Azure. This would help when any of the higher privileged accts are used. Right now there's no way to alert in this scenario other than the what actions these accts have done after the fact. We want to know when these accts login before they actually perform any actions so we can correlate it back to approved change control tickets.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  17. Link user assignment to failed app login

    If an app in Azure AD requires user assignment and the user trying to login to the app is not assigned a role in the app, the user gets the generic AADSTS50105 error (The signed in user xxxxx is not assigned a role for the application xxxxx).

    Now, what if user self-service assignment has been allowed - would it be possible to include a link to the error page linking directly to the access panel where the user could request access to the application? Something like "Request access" - then the user could just click that and requrest assignment.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  18. AADDS: Make it possible to move Users synched from AAD to other OUs then "AADDC Users" OU

    Putting all Users/Serviceaccounts synched from On-Prem AD in one OU is a little bit confusing...

    18 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add some directions that are worthwhile. I am thrown onto the same screen time after time without any direction about what to do next, i.e.,

    Even this “idea” area doesn’t allow thoughtful commentary. I got cut off of it, too. HORRIBLE APP!!!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  20. azure active directory

    please give azure active directory the ability to add columns and make it sortable

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base