Current UX requires user to scramble find another internet access to find the recovery key(if they know what this is), then you need to enter the device keys and enter the long recovery keys. This UX is extremely painful and aggravating especially you are rushing. Please improve the user experience design by either adding this to Microsoft Authenticator, or some other solutions(QR code?) or eliminate this bitlocker nightmare completely from end user.

It would be nice to have a drop-down list of available domains when creating a new user in Azure AD just like we have at portal.office.com.

The new One-Time Password (OTP) functionality delivers the OTP to the external user using the email address originally configured for the user. Would it be possible to add functionality that will allow the OTP to be delivered optionally over an SMS message as well?

The AD Attribute Info (AKA Notes) is currently synced for Users but not for Groups. The companies I have worked before made heave use of it and surprise no one else complain. Also, its a field available in the GUI. I would think all attributes exposed via the GUI should have been synced.

exoevomigration@support.microsoft.com showing up in audit logs creating cloud accounts

This is a known background service syncing the O365 and Azure AD but does not show the initial actor in the Azure Logs only the exoevomigration@support.microsoft.com which requires searching the EXO logs to find the actor who initiated the action.

Can the actor be added to the Azure event log details without having to search the O365 logs.

Intune currently doesn't allow a privilege account access the Intune portal without assigning an E3 license. We have L1 and L2 support that we want to be able to limit the access of the portal and do not want to grant them Global Admin access, but we also do not want to assign a second license for the privilege account for custom roles. Will there be an limited Intune Roles Assignments that doesnt require a license in the road map?

If I (or another) add user/identity access at a granular resource or resource group level I should be able to see that access when I search from the IAM blade at the subscription level.

For customers with large support organizations that have many engineers that need different levels of access and having to keep track of who/what you gave access at what level is a bit unreasonable.

I should be able to simply search from the top/subscription level and see what all access is granted to a user/identity so it can be removed when it is no longer needed.

I wish there is a way to synchronize managed service accounts(MSA) from onpremise to Azure Active Directory, There are many third party applications where we are using the MSA's auth for the apps on-premise . Now we have needs to connect to Azure SQL Database and they can't connect it using the existing auth. I think currently there is no way to sync the MSA's from onpremise to Azure Active Directory.

Currently its unclear why certain users are at top with 1 or 2 risk alerts but someone is 9th or 20th with many alerts

The initials circle that is generated in Azure AD and propagated to other workloads seems to parse the DisplayName attribute which does not always render the correct initials. For example, if the CX uses "BusinessUnit-FirstName LastName (Contractor)" as a naming convention then everyone gets the exact same "BC" initials. This has been a complaint for way too long and is easily resolved by using the FirstName and LastName attributes to generate the correct initials and fall-back to DisplayName only if they are not populated.

your office 365 product ist to complicated. I wont buy it again. I need simple products. not hours of admin work.

Add a method to allow Guest user to access only basic contact information of a select number of AzureAD user info without setting Restrict Guest User access to “no” and Restrict User access to azuread to “no”.

es wäre schön wenn man nutzungsbedingungen bei datei freigaben über sharepoint auch versenden kann, wenn ein user nicht als gast account angelegt wurde. aktuell muss man immer mit einem one time code die datei annehmen und kann keine nutzungsbedingungen anzeigen lassen

We had Windows Hello for Business working fine.
We created a new ad forest with only servers 2019, now WHFB is not working anymore.

"This option is temporarily unavailable. For now, please use a different method to sign in." and KRB Error: KDCERRCLIENTNAMEMISMATCH

please fix

We found Azure native peering supports cross subscription cross AD only at guess user level. But for AD Service Principle native peering does not have support for now. I think it is important since for application using Azure RESTAPI/SDK API to automate the peering, Service Principle is necessary. Hope Azure can add this capabitiliyt soon.

We look to setup alerts for security events. AAD Risk event "Impossible Login" though consumes non interactive login events that are not visible to customers so its not possible to create an event.

If there are two interactive login's and the second deemed a risk event because of impossible travel we can create an event looking for the risk field in the sign-in logs but if the second event is a none interactive login you can't create an alert, we can't see this event.

It would be nice to have an option for enterprise apps that when turned on or selected prevents guests in my tenant from accessing an Enterprise Application but allows all members to access the app.

Based on a recent problem we had, regarding AD Synch, we´ve noticed that there are no log files being generated locally and it´s very hard to find and keep track on what has happened during the syncs.

We need more historical information, texte based, searchable, etc