Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Send out an email when users gets assigned to application

    I have been migrating our 100s of applications to Azure from an OpenAM SSO solution.
    When a user gets added to an application in Azure. It would be a great idea that the users gets an email stating that they have been added.
    If users can get alerts that a new application has been added for access, that would help with end user confusion.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. Source of Authority in user overview page should show same info as Source in user profile

    In New Azure Portal it would be of more use if
    Azure Active Directory -> Users and Groups -> All users
    page column "Source of Authority" would show that same value as in
    Azure Active Directory -> Users and Groups -> All users -> <click a user>-> Profile and field Source

    Ps. This works better in Azure Classic Portal. Ds.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  3. Application Management In Access Panel

    There are some issues, with the way apps are presented to the users in the access panel, this would bring the access panel experience up to par with equivalent 3rd party application portal apps.


    1. Please allow the administrative removal of any O365 application from a group of users in their Access Panel Application, even if they are licensed for a O365 product we dont necessarily want to have it display on a users access panel. e.g. Delve - we dont want the user to not have Delve access but we dont necessarily want the app linked on their access panel.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks so much for the feedback! Customizations of the My Apps portal for both end users and admins are on our roadmap. This includes providing the ability to re-arrange and group apps and as well as using a customizable domain.

    We’ve also recently add a few new features to allow you to better manage the visibility of apps on My Apps. You can now hide specific third party applications and as well as the set of Office applications. Learn more about it here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-coreapps-hide-third-party-app

    Please keep sharing feedback and ideas!

  4. No photo available in myapps application panel

    The AAD Application panel is making use of the AAD thumbnailphoto attribute. In most environments this is a different photo as the O365 photo.

    It would be a good end user experience to provide AAD admins functionality to configure which photo can be used: O365 photo (can be set with Outlook web, Skype or Delve) or the AAD photo (which can be synced from AD on prem and is also current behavior).

    The other option would be to provide an option to sync O365 photo to AD on prem, which then would sync back to AAD. Less preferred in my…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide a better end user message for "We received a bad request" or AADSTS50105 message when user doesn't have permission to an application

    When using SAML-based SSO within Azure via a built-in app, or a custom non-gallery application, the error message that end users receive when they are not in a group that provides access is confusing.

    Users could attempt to access the application if someone sends them the "User access URL", and the message that they receive is the following:

    "Sorry, but we’re having trouble signing you in.
    We received a bad request."

    In very, very small text at the bottom of the screen, it says:
    "Additional technical information:
    Correlation ID: XXXXX
    Timestamp: 2017-08-10
    AADSTS50105: The signed in user 'user.name@contoso.com'…

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. application panel

    App icons in the application panel of Azure AD:
    - Grant admin and or user possibility to put applications in folders or organize them in a smart way
    - Possiblity to "hide" and "unhide" icons.
    - Possibility to categorize them, for example: Enterprise applications, BU specific applications, etc

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks so much for the feedback! Customizations of the My Apps portal for both end users and admins are on our roadmap. This includes providing the ability to re-arrange and group apps and as well as using a customizable domain.

    We’ve also recently add a few new features to allow you to better manage the visibility of apps on My Apps. You can now hide specific third party applications and as well as the set of Office applications. Learn more about it here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-coreapps-hide-third-party-app

    Please keep sharing feedback and ideas!

  7. My Apps portal getting crowded with Published Apps

    The Azure My Apps portal is getting crowded with Published Apps and there is no way to customize the look and feel. It would be nice if the portal allowed better oganization/customizations of the published apps where you could move around apps, hide apps, put apps into a folder structure, etc....

    18 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. Make knownClientApplications manifest property work across tenants

    As described in Vittorio's book (https://www.microsoftpressstore.com/articles/article.aspx?p=2473127), the 'knownClientApplications' property only works for API and client that are published in the same tenant directory.

    We offer a multi-tenant API that is consumed by app teams and ISVs that publish their APIs in a different tenant. Our and their applications are branded completely different.

    Forcing tenants that subscribe to the SaaS applications published by these teams to go through two consent flows is really ugly.

    Making the 'knownClientApplications' property work across tenants would solve this problem cleanly.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  9. Force Azure Active Directory Join Out of Box Experience

    The device is to be provisioned to a corporate user but will not be joined to the on-premises Active Directory. There should be a provisioning package option to force the user to join the device to Azure Active Directory rather than presenting other options that leave the machine in workgroup mode or given the option to join the on-premises domain.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  10. Have one portal

    There are too many portals for administrators and end users. Users can be confused by the myapps.microsoft.com and portal.office.com/myapps pages. Each of these pages provides a different end user experiece. Administrative portals are a nightmare. Trying to provide temporary MFA code for a user involves going thorugh multiple portals to get to the appropriate area, and the user experience for this is still not clear.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  11. Onboarding page for new users

    For end-user experience / security / easy enrollment / completeness of profile information, it would be nice if there is a onboarding page for new users.

    The users gets his or her personal account and temporary password with which he or she can login to the onboarding page. Login to other services is also possible but results in a redirect to the onboarding page.

    On the onboarding page the user must reset the temporary password to it's own password (with customizable info about password requirements), fullfils the secret questions, can register to MFA and SSPR, can review, adjust and supplement…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  12. All Admin to hide some Self-Service Group tiles (such as Delete) in MyApps portal

    Allow Admins to remove the Delete tile to prevent Group Owners from "Deleting" Azure AD Groups. We need to allow them to modify membership but not delete/edit/change ownership of the group that they have been granted owner access.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  13. Seperate O365 Global Admin from Azure Global Admin

    We have need to separate admin roles between O365 - we have administrators for Office 365 who are not Active Directory administrators. These roles need to be separated.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  14. Password expiry notification for Azure AD joined devices?

    It would be great if a Password Expiry notification could be implement for full Windows 10 Azure AD-joined clients in the same way as the domain joined clients receive them. A notification that pops up at bottom-right corner of the screen. At the moment I wasn't able to find any way of enabling that.
    We use Azure Directory Sync - no ADFS.

    88 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow per-device credential management in iOS for WAAD accounts

    I currently have +10 Microsoft developed apps towards Azure and Office365 on my iPhone. I also employ MFA for my account. On average I have to perform the sign-in flow 4-6 times per week on my personal iPhone for the various apps. E.g. OneNote has updated, have to log in again. OneDrive needs to re-login with my LiveID and OrgID. I just re-authenticated in OneNote, but opening PowerBI immediately after repeats the login flow. I just MFA authenticated in the Groups app, but switching to OneNote starts another auth process.

    For a regular end-user this makes the use of the…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  16. Wait Until Submission to Display Errors

    Wait Until Submission to Display Errors

    Example: as soon as I begin typing into and email field, an error is displayed right away to indicate it is not a valid email value. This is very annoying for users.

    It would be better to wait to display errors until the user clicks one of the "submit" buttons (Send verification email, create etc).

    Or at the very least, wait until the field loses focus.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enable redirecting back to the app after password change

    We are using Azure Active Directory for authentication of our ASP.NET MVC app. We have a Change Password link (not reset password) and have set it to https://account.activedirectory.windowsazure.com/ChangePassword.aspx so the user can change it.

    After they change their password or click cancel, instead of redirecting back to the application, it goes to https://account.activedirectory.windowsazure.com/profile/default.aspx

    Is it possible to pass in a redirect URL eg:

    https://account.activedirectory.windowsazure.com/ChangePassword.aspx?redirect_uri=https://localhost:44324/

    and redirect the user back to our application?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  18. Username is incorrect when logging into the Azure portal

    Recently, when I log into Azure my user id is incorrectly generated and stored in the browser. This occurs when I am logged into Azure and my connection times out. I have access to two subscriptions and it looks the like incorrect user ID is being generated by the subscription that I've been added as a co-admin on.

    Attaching a screenshot of the issue. Let me know if you need more data to help debug.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow more customization of the myapps.microsoft.com portal.

    Would be great if I could forward a subdomain to our myapps.microsoft.com portal. Instead of giving users a the microsoft.com URL, I want to give them one.theblaze.com.

    Second, would be great if there was a newsfeed widget at the top of the portal that could show an RSS feed of company news.

    120 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    30 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks so much for the feedback! Customizations of the My Apps portal for both end users and admins are on our roadmap. This includes providing the ability to re-arrange and group apps and as well as using a customizable domain.

    We are also looking to see if we can enable embedding other components like widgets. We’re still in process of validating options for this.
    Please keep sharing your feedback and ideas around this!

  20. SaaS Application experience

    Plugin for SaaS application (logging onto Facebook, for example) presents to install plugin. There are issues on that page, and it may not be intuitive for users.
    Also plugin on Apple Mac OSX with Firefox 45.x version did not work, even after plugin installed successfully.

    Attached is a screenshot of the issues on the page, they include:
    1: Formatting on page background shows the HTML code which it shouldn't. Looks unproffesional.
    2: when resizing the window, the context page does not re-center on the page.
    3: Report a problem Link is broken.
    4: Tip is not very intuitive for end…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base