Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. AADDS: Make it possible to move Users synched from AAD to other OUs then "AADDC Users" OU

    Putting all Users/Serviceaccounts synched from On-Prem AD in one OU is a little bit confusing...

    18 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. My Apps portal getting crowded with Published Apps

    The Azure My Apps portal is getting crowded with Published Apps and there is no way to customize the look and feel. It would be nice if the portal allowed better oganization/customizations of the published apps where you could move around apps, hide apps, put apps into a folder structure, etc....

    18 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  3. The Password-based SSO Extension should inactivate the option of saving passwords in the browser.

    The Password-based SSO Extension "My Apps Secure Sign-in Extension" should inactivate the option of saving passwords in the browser.

    Currently, any user can just save the passwords in the browser. Edge is manageable but Chrome, FireFox and Internet Explorer as supported browsers for the extension should inactivate the password manager.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  4. All Admin to hide some Self-Service Group tiles (such as Delete) in MyApps portal

    Allow Admins to remove the Delete tile to prevent Group Owners from "Deleting" Azure AD Groups. We need to allow them to modify membership but not delete/edit/change ownership of the group that they have been granted owner access.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide a better end user message for "We received a bad request" or AADSTS50105 message when user doesn't have permission to an application

    When using SAML-based SSO within Azure via a built-in app, or a custom non-gallery application, the error message that end users receive when they are not in a group that provides access is confusing.

    Users could attempt to access the application if someone sends them the "User access URL", and the message that they receive is the following:

    "Sorry, but we’re having trouble signing you in.
    We received a bad request."

    In very, very small text at the bottom of the screen, it says:
    "Additional technical information:
    Correlation ID: XXXXX
    Timestamp: 2017-08-10
    AADSTS50105: The signed in user 'user.name@contoso.com'…

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. application panel

    App icons in the application panel of Azure AD:
    - Grant admin and or user possibility to put applications in folders or organize them in a smart way
    - Possiblity to "hide" and "unhide" icons.
    - Possibility to categorize them, for example: Enterprise applications, BU specific applications, etc

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks so much for the feedback! Customizations of the My Apps portal for both end users and admins are on our roadmap. This includes providing the ability to re-arrange and group apps and as well as using a customizable domain.

    We’ve also recently add a few new features to allow you to better manage the visibility of apps on My Apps. You can now hide specific third party applications and as well as the set of Office applications. Learn more about it here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-coreapps-hide-third-party-app

    Please keep sharing feedback and ideas!

  7. ServiceNow Enterprise App: Add funtionality to provision AAD Photo attribute to ServiceNow photo

    Currently many attributes can be provisioned in a ServiceNow Azure Enterprise app, but AD Photo is not an option. That would a great thing to be able to.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. Have one portal

    There are too many portals for administrators and end users. Users can be confused by the myapps.microsoft.com and portal.office.com/myapps pages. Each of these pages provides a different end user experiece. Administrative portals are a nightmare. Trying to provide temporary MFA code for a user involves going thorugh multiple portals to get to the appropriate area, and the user experience for this is still not clear.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  9. Delivery of One-Time Password (OTP) over SMS

    The new One-Time Password (OTP) functionality delivers the OTP to the external user using the email address originally configured for the user. Would it be possible to add functionality that will allow the OTP to be delivered optionally over an SMS message as well?

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  10. About guidance in Microsoft Azure sign-in page

    I wants input guidance for the information boxes in Microsoft Azure sign-in page.
    It is difficult to understand to input each information boxes in it.

    For example, like the following link, Please add of help page in Microsoft Azure sign-in page.

    Sample:
    Register your Azure AD subscription : Step 2 to 6
    https://technet.microsoft.com/en-us/library/dn832618.aspx

    Or, Please add input guidance for the information boxes on Microsoft Azure sign-in page.

    <Japanese>
    Azure サインアップ画面で、各入力項目に何を入力してよいかわかりにくいため、
    以下のようなヘルプページの設置、もしくはサインアップ画面上でのガイダンスの追加を希望します。

    サンプル:
    Azure AD サブスクリプションの登録:2~6番
    http://technet.microsoft.com/ja-jp/library/dn832618.aspx

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  11. Filters for Azure AD user overview

    Add customized filtering in the AzureAD user overview like on the new Office365 user overview. Filtering should include AD attributes like department, position, usage location etc.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  12. Stop referring to ”Your admin” as someone almighty

    Various Azure AD services have information pages that say “Please contact your admin” or “ Your admin has required that you setup this account for additional security verification”

    Usually there is some kind of helpdesk users turn to for help and its usually not a admin that mandates security requirements. It´s an organizational thing.

    Just rewrite them to “Please contact your helpdesk” and “You organization has required that you setup this account for additional security verification”

    The average user probably have no idea what an “admin” is. They have a hard time understanding the term “MFA” :)

    Please see examples…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  13. Would this work with Ceridian Dayforce to automate user provisioning, changes to role based access base on job title?

    Would this work with Ceridian Dayforce to automate user provisioning, changes to role based access base on job title? We would like to automate the provisioning and changes to user account in AD based upon their job status, change title, manager, etc. in Ceridian Dayforce. Does this product integrate with Ceridian Dayforce?

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  14. stop signing me out!

    When you put the new design into effect, i can no longer stay signed in. Please fix this! It gets really annoying to have to sign in every time i want to check my email on my own device

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  15. Correct behavior when Seamless SSO fails, so that the cursor is placed into password field.

    Currently when Seamless SSO fails (example: due to signing on with a different user account than current), the cursor is placed into the username field rather than password. This typically then ends up having the user starting to type their password in clear text into the username field. This is especially a problem when sharing your screen with others, shoulder surfing, etc.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add a default login domain to the Company Branding Page

    In education specifically, students in earlier grades can have difficulty with entering their full UPN.

    In our case, we have our primary domain - school.org for all staff and a student subdomain - students.school.org. If we were able to specify a default authentication domain like students.school.org within our company branding settings, this would allow students to sign in with the first half of the UPN only.

    We struggle with student logins to federated applications purely because of the domain portion of the UPN. Also, coming from using ADFS in the past, students never had to enter their full UPN in…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  17. Send notification to all Office 365 Group owners when one renews the Group

    The renewal notifications prior to Office 365 Group expiration are great! When there are multiple Group owners, all the owners receive the notifications. So far, so good. Now, if one of the owners decides to renew the Group, wouldn't it be nice if the other owners would receive a message that this particular Group has been renewed by person X?

    Saves time for the other owners, and, more importantly, when one or more owners believe the Group should expire, all the owners can at least have a discussion before the next expiration cycle.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow per-device credential management in iOS for WAAD accounts

    I currently have +10 Microsoft developed apps towards Azure and Office365 on my iPhone. I also employ MFA for my account. On average I have to perform the sign-in flow 4-6 times per week on my personal iPhone for the various apps. E.g. OneNote has updated, have to log in again. OneDrive needs to re-login with my LiveID and OrgID. I just re-authenticated in OneNote, but opening PowerBI immediately after repeats the login flow. I just MFA authenticated in the Groups app, but switching to OneNote starts another auth process.

    For a regular end-user this makes the use of the…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  19. Smart Lockout For Full Azure users is mandatory

    We Implement Azure AD and Intune in our organization 600+ users some of them on hybrid and some of the Full AD join.

    RIght now from a security perspective, there is an issue with SmartLockout feature, users can't be locked according to Microsoft support, in case they try to sign in with a bad password to their computer, which is very bad in case someone from outside will try to access company resources.

    the answer was that it can be work only if we will disable user cache credentials and then in case of user don't have network access he…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  20. Vector graphics as custom branding

    Azure Ad, Intune MDM and Company Portal are made to work on multiple devices, operating systems, resolutions and screen sizes. A single png as custom company branding is not. It looks bad (blurry, blocky, aliasing) when viewed on smaller devices, and if site scaling goes beyond 100% in the web browser.

    Please add the ability to use vector graphichs (SVG) when setting custom branding.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base