Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Please expose non interactive logins logs to customers

    We look to setup alerts for security events. AAD Risk event "Impossible Login" though consumes non interactive login events that are not visible to customers so its not possible to create an event.

    If there are two interactive login's and the second deemed a risk event because of impossible travel we can create an event looking for the risk field in the sign-in logs but if the second event is a none interactive login you can't create an alert, we can't see this event.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. exo_evo_migration@support.microsoft.com showing up in audit logs creating cloud accounts

    exo_evo_migration@support.microsoft.com showing up in audit logs creating cloud accounts

    This is a known background service syncing the O365 and Azure AD but does not show the initial actor in the Azure Logs only the exo_evo_migration@support.microsoft.com which requires searching the EXO logs to find the actor who initiated the action.

    Can the actor be added to the Azure event log details without having to search the O365 logs.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide ability to unlink Azure from Office 365

    My company has an Office365 subscription and we use the AD to manage internal staff roles, system access, etc. We also have entirely separate external data centres running systems and services for external customers and financial partners. We are now engaging in a migration exercise to move our data centres to the cloud. I created an Azure account using my company email address (naturally), and it automatically pulled in all settings and staff and who knows what else from our Office365 AD. This has already caused many issues in just a few days. Through multiple calls and emails with MS…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  4. This is not an idea but a feedback

    I find the idea of entering the OTP everytime I login ,very absurd. atleast you should not ask for OTP on the same system which I was logged

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. I work for BP Shipping. We do not have normal phone link. Why not use what's app?

    Use what's app for ship's who are sometimes 1 month away from land and normal mobile link un-available.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. Keeping guest account in the inviting AAD updated with changes made in the user's home AD

    We're collaborating with an external party on a project and have invited around a 100 users of theirs as guest users in our AAD. The external party recently migration to another email domain. The good news is that this change didn't impact their ability to SSO into SharePoint and other O365 products. The only downside we found is that the user name filed of the guest account in the inviting AAD still had the original email.

    In summary, users added pre-migration have the old email domain suffix and users added post-migration have the new email domain suffix. I would be…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  7. Introduce the functionality to add PDLs/DDLs into application's user and group assignment.Right now only security group could be added.

    Introduce the functionality to add PDLs/DDLs into application's user and group assignment.Right now only security group could be added.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. Stop use the function

    How can i stop use the function to log in my account! It's really inconvinience to me! tell me how stop use it that is my right.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  9. inconvinience; limited ;

    If international students come bake to their home country and take online courses how they receive their verify code from their US phone #?
    Now, I really want to know how I can stop use the verify code to log in my account. I am not stay with my cell-phone all the time. Each time I log in my account that I must find where my cell-phone is which really inconvenience for me. On the other hand, I don't believe that such any bored person would steal and log into a student's mailbox and blackboard unless their motivation is interstress…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  10. Disable Add subscription outside home directory

    Currently it is not possible to add a subscription to a directory that is not your home directory. However, the "Add" button is still shown and active under subscriptions when logged in to a non-home directory. Creating a subscription this way confusingly adds it to the user's home directory without regard for the directory where you wanted to add it. This should either be clarified when initiating the create subscription wizard, or the Add button should be removed/disabled when not in the home directory.
    Situation: User belongs to one directory and is added to another with sufficient permissions to create…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  11. WHFB is not working with Server 2019 Domaincontrollers

    We had Windows Hello for Business working fine.
    We created a new ad forest with only servers 2019, now WHFB is not working anymore.

    "This option is temporarily unavailable. For now, please use a different method to sign in." and KRB Error: KDC_ERR_CLIENT_NAME_MISMATCH

    please fix

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  12. Stop asking me to add security questions. I don't want them on my account. I'm not adding them. Stop trying to force it.

    Stop trying to force me to add security questions. I have too many possible answers. I just want to access my account quickly so I can get back to work. If I add them, I'll second guess what the answer is and possibly get it wrong and then be locked out of my account longer. It's happened before. Security questions are rubbish and you are affecting my ability to treat my patients in a negative fashion by slowing me down by hitting to decline 3 times to log into my work account and another two times to check me email.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  13. Azure AD Account Initials

    The initials circle that is generated in Azure AD and propagated to other workloads seems to parse the DisplayName attribute which does not always render the correct initials. For example, if the CX uses "BusinessUnit-FirstName LastName (Contractor)" as a naming convention then everyone gets the exact same "BC" initials. This has been a complaint for way too long and is easily resolved by using the FirstName and LastName attributes to generate the correct initials and fall-back to DisplayName only if they are not populated.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  14. AD Attribute Info (AKA Notes) for Groups should be sync to Cloud and Available to Exchange Online.

    The AD Attribute Info (AKA Notes) is currently synced for Users but not for Groups. The companies I have worked before made heave use of it and surprise no one else complain. Also, its a field available in the GUI. I would think all attributes exposed via the GUI should have been synced.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  15. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  16. option to prevent users to consent to third party tenants

    Admins can today block the users ability to grant consent to applications. However, this will not block users from consenting to being invited into third party tenants as guests.

    I suggest that Azure AD should get a “external access” feature where Azure AD admins can choose (per user/group) to either;
    - Allow users to access all external tenants as guests
    - Allow users to access selected external tenants as guests
    - Allow users to access selected external tenants and require admin approval for all other external tenants
    - Users are not alloed to access external tenants (but admins are allowed…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  17. Azure Profile field updates

    I want to be able to add fields into the Azure profile (to then sync into SharePoint, so we don't have to update it in both places)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow users to remove themselves from Azure accounts (duh)

    I'm an independent contract developer. I did work for a client many years ago during which they added my personal email to their corporate Azure account.

    Recently I tried to login again to Azure portal using my personal email and was caught in an infinite redirect loop that timed-out with "your account is locked".

    After ~3 weeks dealing with Azure support (who were completely useless) I self-diagnosed that the problem was my email was still attached to the client's account. I asked Azure support to remove the email, but they said I had to contact the client and ask them…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  19. Implement a windowed IDENTITY column definition

    Please implement a windowed identity column that automatically initializes and increments over a window in columns in a table.

    I would like the conceptual functionality of SelectedSubsetId below.

    CREATE TABLE dbo.SelectedSubset
    (
    ItemSetId INT NOT NULL FOREIGN KEY REFERENCES dbo.ItemSet(ItemSetId),
    SelectedSubsetId INT NOT NULL IDENTITY(1,1) OVER(PARTITION BY ItemSetId),
    PRIMARY KEY CLUSTERED (ItemSetId, SelectedSubsetId )
    )

    Where SelectedSubsetId would start at 1 and increment by 1 for each ItemSetId entered. Another table would would foreign key this primary key and add the item ids of the set

    CREATE TABLE dbo.SubsetItems
    (
    ItemSetId INT NOT NULL,
    SelectedSubsetId INT NOT NULL,
    ItemId INT…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  20. I downloaded and have used the app, but no icon appears on my pool home. Where is the app icon?

    NEED! Auto-download of an app, so settings can be changed at need.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base