Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add the ability to disable users that haven't logging in after x amount of days.

    Add the ability to disable users that haven't logged in after x number of days.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. Bug: Password policy for cloud user accounts should allow the full alphabet

    The password policy for cloud user accounts does not allow the three last letters of the alphabet.

    This bug does not seem to apply to passwords for accounts created by e.g. DirSync.

    BTW: I'm Danish, and the alphabet of our users goes from A to Å, with the three last letters being Æ, Ø and Å. Our users consider this a bug, just like English speaking users would consider it a bug if X, Y and Z were not allowed.

    I'm sure Spanish and German speaking users have the same issue with ñ (as in mañana) and ö (as in…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  3. Az.Compute Update-AzVM/VMSS should accept userAssignedIdentities dictionary as parameter

    When assigning a user assigned identity to a VM/VMSS, the Az.Compute module command Update-AzVM/VMSS accepts the array IdentityIds but not the new parameter UserAssignedIdentities dictionary. Instead the command converts the IdentityIds array into the UserAssignedIdentities dictionary.

    This is an inconvenience because a VM/VMSS can have up to 1000 identities. When updating the VM/VMSS, it is much more succinct to use a dictionary because then the user only needs to include the individual user assigned identities they want to add/remove. It also matches the pattern that already exists when they look at the identity information on the VM/VMSS.

    With the IdentityIds…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  4. make terms of use available fpr non guest accounts in azuread

    es wäre schön wenn man nutzungsbedingungen bei datei freigaben über sharepoint auch versenden kann, wenn ein user nicht als gast account angelegt wurde. aktuell muss man immer mit einem one time code die datei annehmen und kann keine nutzungsbedingungen anzeigen lassen

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. Is there a way to eliminate the 'Pick an account' prompt for single-sign on applications?

    When enabling SSO for applications, we don't want Azure to prompt users to 'Pick an account' when first launching the application. Is there a way to improve the user experience of not having an additional prompt to get access to their SAS application?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow the ability to search from IAM at the subscription level and see all downstream access.

    If I (or another) add user/identity access at a granular resource or resource group level I should be able to see that access when I search from the IAM blade at the subscription level.

    For customers with large support organizations that have many engineers that need different levels of access and having to keep track of who/what you gave access at what level is a bit unreasonable.

    I should be able to simply search from the top/subscription level and see what all access is granted to a user/identity so it can be removed when it is no longer needed.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add support native peering cross subscription cross AD with AD Service Principle

    We found Azure native peering supports cross subscription cross AD only at guess user level. But for AD Service Principle native peering does not have support for now. I think it is important since for application using Azure RESTAPI/SDK API to automate the peering, Service Principle is necessary. Hope Azure can add this capabitiliyt soon.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. Provide an option to prevent guest access to your application but allow all members

    It would be nice to have an option for enterprise apps that when turned on or selected prevents guests in my tenant from accessing an Enterprise Application but allows all members to access the app.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  9. More logging, text files, historical data on AZ AD Sync

    Based on a recent problem we had, regarding AD Synch, we´ve noticed that there are no log files being generated locally and it´s very hard to find and keep track on what has happened during the syncs.

    We need more historical information, texte based, searchable, etc

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  10. Windows Server AD couldn't match Azure AD user

    Yesterday I tried to have on-premises AD take over my Azure AD user, by create a same user on local AD, use the same UserPrincipalName and ProxyAddress, and it worked.
    Today, I tried this on a brand new Windows Server, it failed several times. I got the email saying: The object has been updated in your Azure Active Directory, but with some modified properties, because the following attributes are associated with another object..
    I want to know why is that happened, and I want it's working.. Thanks in advance.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  11. Users flagged for risk azure - it would be great to know how the ordering is done

    Currently its unclear why certain users are at top with 1 or 2 risk alerts but someone is 9th or 20th with many alerts

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  12. Make error messages more meaningful. A guest AD user was preventing domain deletion, however Azure portal listed enterprise app as the prblm

    Also the Tier2 tech was making suggestions that suggested he simply may be reading from a list of solutions rather than reading error messages and analyzing the issue at hand.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  14. Membership Request notification and response from MyApps portal

    There are a lot of great features for the MyApps portal for Group management detailed here: https://docs.microsoft.com/en-us/azure/active-directory/user-help/my-apps-portal-end-user-groups

    There is one glaring thing missing though, no way to be notified/respond to a group membership request. Almost the entire workflow is there for Group self-service and self-management, but when a user requests access to a group all the Owner gets is an email. It doesn't have a link to approve or even see more details. It would be great if the portal had notifications for them to respond, a single place to manage all requests.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  15. Removing different tenants/directories if I am the owner of the company

    Is it possible if you are company owner and you have employs to have access to remove the tenants or directories that are created under you / under your account

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  16. Show at the portal the quota that is being used by the tenant

    Please add at the portal the quota that is being used by the tenant to be able to request to Microsoft to increase the limit prior to have affectation and impact on the sync, b2b invites, app creations etc.

    Current limit is 1 million, and when reach we will need to create a ticket with MS to increase the limit.

    There's no way to know the value of the total currently in use.

    The advice from MS was to run a:

    Azure PS
    (Get-AzureADUser -All $true).Count
    (Get-AzureADGroup -All $true).Count
    (Get-AzureADContact -All $true).Count
    (Get-AzureADDevice -All $true).Count
    MSOL PS
    (Get-MsolUser -All -ReturnDeletedUsers).Count

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  17. Consider providing Group settings to be accessed when creating a group in Active Directory

    When creating a group in AD the settings to deliver messages to a users inbox are turned off. When a group is created in the Office 365 Admin portal these setting seem to default to On. It would be helpful to have access to these settings in AD. This would facilitate creating a group with the proper settings while allowing users to recognize that there are setting that need to be considered for a new group.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add authentication logging for Azure Active Directory Domain Service

    Currently if I want to gain additional insight on why a user may be unable to login to our AADDS we have to file a support ticket.

    We are able to manage our AADDS with the classic AD management tools - a similar experience would be ideal for log review. Although we would still be happy to have access through the Azure portal as well.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  19. Get rid of all the security that will ultimately keep the computer owners out.

    Give the user the option to select security, not force it on them with complexity that will ultimately lock them out.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  20. Provide the ability to remove disabled subscriptions.

    If you have a subscription that entered disabled state, Let's say it was a sponsorship provided by Microsoft itself for training purposes, once it is disabled at the current moment you have to live with it forever. There is no way of removing it from your AAD directory. You have to filter it out so that you do not see it when browsing resources. That is dumb. We should be able to say we do not need this anymore, so remove it delete it whatever. "Hiding it" is not the right answer.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base