Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Does Microsoft Azure support follow SLA?

    Hi there, I raised a ticket 118020217581898 at least 3 days ago, but no one response so far. I am not sure if Microsoft AZure follow SLA or not. According to my understanding, for Severity B, the response time is 4 hours. If Microsoft can not provide service following b y SLA, why are we paying big money for annual subscription? The service you provide does NOT deserve your reputation. Consider this as formal complaint for your record.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. Azure AD Portal - Ability to search devices using "OWNER" on Search devices window

    [Azure Active Directory] - [Devices] - [All devices] - [Search devices]

    Currently, only "NAME" can be used when searching.
    Please add in the Search devices window the function to search by more criteria (ex: OWNER, etc).

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support to show contents on AD Login Page coming from CMS like Sitecore

    I am talking about content published from a CMS like SiteCore like
    News or announcement item which can come up as a fragment on the AD Login page.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  4. Make knownClientApplications manifest property work across tenants

    As described in Vittorio's book (https://www.microsoftpressstore.com/articles/article.aspx?p=2473127), the 'knownClientApplications' property only works for API and client that are published in the same tenant directory.

    We offer a multi-tenant API that is consumed by app teams and ISVs that publish their APIs in a different tenant. Our and their applications are branded completely different.

    Forcing tenants that subscribe to the SaaS applications published by these teams to go through two consent flows is really ugly.

    Making the 'knownClientApplications' property work across tenants would solve this problem cleanly.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. Force Azure Active Directory Join Out of Box Experience

    The device is to be provisioned to a corporate user but will not be joined to the on-premises Active Directory. There should be a provisioning package option to force the user to join the device to Azure Active Directory rather than presenting other options that leave the machine in workgroup mode or given the option to join the on-premises domain.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable redirecting back to the app after password change

    We are using Azure Active Directory for authentication of our ASP.NET MVC app. We have a Change Password link (not reset password) and have set it to https://account.activedirectory.windowsazure.com/ChangePassword.aspx so the user can change it.

    After they change their password or click cancel, instead of redirecting back to the application, it goes to https://account.activedirectory.windowsazure.com/profile/default.aspx

    Is it possible to pass in a redirect URL eg:

    https://account.activedirectory.windowsazure.com/ChangePassword.aspx?redirect_uri=https://localhost:44324/

    and redirect the user back to our application?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  7. SaaS Application experience

    Plugin for SaaS application (logging onto Facebook, for example) presents to install plugin. There are issues on that page, and it may not be intuitive for users.
    Also plugin on Apple Mac OSX with Firefox 45.x version did not work, even after plugin installed successfully.

    Attached is a screenshot of the issues on the page, they include:
    1: Formatting on page background shows the HTML code which it shouldn't. Looks unproffesional.
    2: when resizing the window, the context page does not re-center on the page.
    3: Report a problem Link is broken.
    4: Tip is not very intuitive for end…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. "We don't recognize this domain name"

    Sometimes, when I try sign in, I get this error.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  9. Remove confusion with which Microsoft Account and work account has the subscription

    I am having a difficult time figuring out which e-mail address I log in with for the Azure portal and which Microsoft Account is connected to it and my MSDN Subscription benefits. When I log in, it seems like 3 different Azure Active Directory "domains" are connected to my MSDN Subscription, but I don't understand how they all got connected together.

    I thought I had set up 2 different MSDN benefits and 2 separate Azure benefit subscriptions with 2 different e-mail logins, but that doesn't seem to be the case anymore. I don't know what happened and it is very…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow AD users to login using their mail or mailNickname instead of userPrincipalName

    Using the Microsoftonline.com login page when triggering a PromptBehavior of Auto or Always using the AcquireToken method in the ADAL library. It would be useful if users we have registered in our AD could use any email to login with. And not be forced to create a Microsoft or AD account.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  11. Organize member list view for groups

    Is there a way to organize the members within a hybrid or cloud only group? I have a few groups who have more than one page of users who I would like to view in a chronological order similar to how users populate in Azure Active Directory.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  12. Bug: Password policy for cloud user accounts should allow the full alphabet

    The password policy for cloud user accounts does not allow the three last letters of the alphabet.

    This bug does not seem to apply to passwords for accounts created by e.g. DirSync.

    BTW: I'm Danish, and the alphabet of our users goes from A to Å, with the three last letters being Æ, Ø and Å. Our users consider this a bug, just like English speaking users would consider it a bug if X, Y and Z were not allowed.

    I'm sure Spanish and German speaking users have the same issue with ñ (as in mañana) and ö (as in…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  13. Let Azure AD retry failed exports with 429 response code as soon as the Retry-After has passed

    We have implemented our own SCIM (2.0) Service with a rate limiting feature.

    The Azure AD user provisioning application does not recognize 429 responses from our services when requests are sent to rapidly and just logs failures. These failures will be retried 40 minutes later, but this is a very long delay making an intial sync take way longer than needed. (especialy when the retries run into the rate limit again and again)

    I suggest to retry requests that received a 429 response soon after the Retry-After header value ( has passed) to optimize the duration of a sync cycle.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  14. Az.Compute Update-AzVM/VMSS should accept userAssignedIdentities dictionary as parameter

    When assigning a user assigned identity to a VM/VMSS, the Az.Compute module command Update-AzVM/VMSS accepts the array IdentityIds but not the new parameter UserAssignedIdentities dictionary. Instead the command converts the IdentityIds array into the UserAssignedIdentities dictionary.

    This is an inconvenience because a VM/VMSS can have up to 1000 identities. When updating the VM/VMSS, it is much more succinct to use a dictionary because then the user only needs to include the individual user assigned identities they want to add/remove. It also matches the pattern that already exists when they look at the identity information on the VM/VMSS.

    With the IdentityIds…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  15. make terms of use available fpr non guest accounts in azuread

    es wäre schön wenn man nutzungsbedingungen bei datei freigaben über sharepoint auch versenden kann, wenn ein user nicht als gast account angelegt wurde. aktuell muss man immer mit einem one time code die datei annehmen und kann keine nutzungsbedingungen anzeigen lassen

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  16. Is there a way to eliminate the 'Pick an account' prompt for single-sign on applications?

    When enabling SSO for applications, we don't want Azure to prompt users to 'Pick an account' when first launching the application. Is there a way to improve the user experience of not having an additional prompt to get access to their SAS application?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow the ability to search from IAM at the subscription level and see all downstream access.

    If I (or another) add user/identity access at a granular resource or resource group level I should be able to see that access when I search from the IAM blade at the subscription level.

    For customers with large support organizations that have many engineers that need different levels of access and having to keep track of who/what you gave access at what level is a bit unreasonable.

    I should be able to simply search from the top/subscription level and see what all access is granted to a user/identity so it can be removed when it is no longer needed.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add support native peering cross subscription cross AD with AD Service Principle

    We found Azure native peering supports cross subscription cross AD only at guess user level. But for AD Service Principle native peering does not have support for now. I think it is important since for application using Azure RESTAPI/SDK API to automate the peering, Service Principle is necessary. Hope Azure can add this capabitiliyt soon.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  19. Provide an option to prevent guest access to your application but allow all members

    It would be nice to have an option for enterprise apps that when turned on or selected prevents guests in my tenant from accessing an Enterprise Application but allows all members to access the app.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  20. More logging, text files, historical data on AZ AD Sync

    Based on a recent problem we had, regarding AD Synch, we´ve noticed that there are no log files being generated locally and it´s very hard to find and keep track on what has happened during the syncs.

    We need more historical information, texte based, searchable, etc

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base