Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Improve Bitlocker Recovery Key user experience

    Current UX requires user to scramble find another internet access to find the recovery key(if they know what this is), then you need to enter the device keys and enter the long recovery keys. This UX is extremely painful and aggravating especially you are rushing. Please improve the user experience design by either adding this to Microsoft Authenticator, or some other solutions(QR code?) or eliminate this bitlocker nightmare completely from end user.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. Smart Lockout For Full Azure users is mandatory

    We Implement Azure AD and Intune in our organization 600+ users some of them on hybrid and some of the Full AD join.

    RIght now from a security perspective, there is an issue with SmartLockout feature, users can't be locked according to Microsoft support, in case they try to sign in with a bad password to their computer, which is very bad in case someone from outside will try to access company resources.

    the answer was that it can be work only if we will disable user cache credentials and then in case of user don't have network access he…

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  3. Display list of connected domains when creating new user

    It would be nice to have a drop-down list of available domains when creating a new user in Azure AD just like we have at portal.office.com.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  4. Delivery of One-Time Password (OTP) over SMS

    The new One-Time Password (OTP) functionality delivers the OTP to the external user using the email address originally configured for the user. Would it be possible to add functionality that will allow the OTP to be delivered optionally over an SMS message as well?

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. AD Attribute Info (AKA Notes) for Groups should be sync to Cloud and Available to Exchange Online.

    The AD Attribute Info (AKA Notes) is currently synced for Users but not for Groups. The companies I have worked before made heave use of it and surprise no one else complain. Also, its a field available in the GUI. I would think all attributes exposed via the GUI should have been synced.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. exo_evo_migration@support.microsoft.com showing up in audit logs creating cloud accounts

    exoevomigration@support.microsoft.com showing up in audit logs creating cloud accounts

    This is a known background service syncing the O365 and Azure AD but does not show the initial actor in the Azure Logs only the exoevomigration@support.microsoft.com which requires searching the EXO logs to find the actor who initiated the action.

    Can the actor be added to the Azure event log details without having to search the O365 logs.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  7. Intune Roles Assignments

    Intune currently doesn't allow a privilege account access the Intune portal without assigning an E3 license. We have L1 and L2 support that we want to be able to limit the access of the portal and do not want to grant them Global Admin access, but we also do not want to assign a second license for the privilege account for custom roles. Will there be an limited Intune Roles Assignments that doesnt require a license in the road map?

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow the ability to search from IAM at the subscription level and see all downstream access.

    If I (or another) add user/identity access at a granular resource or resource group level I should be able to see that access when I search from the IAM blade at the subscription level.

    For customers with large support organizations that have many engineers that need different levels of access and having to keep track of who/what you gave access at what level is a bit unreasonable.

    I should be able to simply search from the top/subscription level and see what all access is granted to a user/identity so it can be removed when it is no longer needed.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  9. Synchronizing Managed Service Accounts from OnPremise to Azure ActiveDirectory

    I wish there is a way to synchronize managed service accounts(MSA) from onpremise to Azure Active Directory, There are many third party applications where we are using the MSA's auth for the apps on-premise . Now we have needs to connect to Azure SQL Database and they can't connect it using the existing auth. I think currently there is no way to sync the MSA's from onpremise to Azure Active Directory.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  10. Users flagged for risk azure - it would be great to know how the ordering is done

    Currently its unclear why certain users are at top with 1 or 2 risk alerts but someone is 9th or 20th with many alerts

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure AD Account Initials

    The initials circle that is generated in Azure AD and propagated to other workloads seems to parse the DisplayName attribute which does not always render the correct initials. For example, if the CX uses "BusinessUnit-FirstName LastName (Contractor)" as a naming convention then everyone gets the exact same "BC" initials. This has been a complaint for way too long and is easily resolved by using the FirstName and LastName attributes to generate the correct initials and fall-back to DisplayName only if they are not populated.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  12. your office 365 product ist to complicated. I wont buy it again. I need simple products. not hours of admin work.

    your office 365 product ist to complicated. I wont buy it again. I need simple products. not hours of admin work.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  13. Bug: Password policy for cloud user accounts should allow the full alphabet

    The password policy for cloud user accounts does not allow the three last letters of the alphabet.

    This bug does not seem to apply to passwords for accounts created by e.g. DirSync.

    BTW: I'm Danish, and the alphabet of our users goes from A to Å, with the three last letters being Æ, Ø and Å. Our users consider this a bug, just like English speaking users would consider it a bug if X, Y and Z were not allowed.

    I'm sure Spanish and German speaking users have the same issue with ñ (as in mañana) and ö (as in…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  14. Guest Access - Limited AzureAD contact information only via Role

    Add a method to allow Guest user to access only basic contact information of a select number of AzureAD user info without setting Restrict Guest User access to “no” and Restrict User access to azuread to “no”.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  15. make terms of use available fpr non guest accounts in azuread

    es wäre schön wenn man nutzungsbedingungen bei datei freigaben über sharepoint auch versenden kann, wenn ein user nicht als gast account angelegt wurde. aktuell muss man immer mit einem one time code die datei annehmen und kann keine nutzungsbedingungen anzeigen lassen

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  16. WHFB is not working with Server 2019 Domaincontrollers

    We had Windows Hello for Business working fine.
    We created a new ad forest with only servers 2019, now WHFB is not working anymore.

    "This option is temporarily unavailable. For now, please use a different method to sign in." and KRB Error: KDCERRCLIENTNAMEMISMATCH

    please fix

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add support native peering cross subscription cross AD with AD Service Principle

    We found Azure native peering supports cross subscription cross AD only at guess user level. But for AD Service Principle native peering does not have support for now. I think it is important since for application using Azure RESTAPI/SDK API to automate the peering, Service Principle is necessary. Hope Azure can add this capabitiliyt soon.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  18. Please expose non interactive logins logs to customers

    We look to setup alerts for security events. AAD Risk event "Impossible Login" though consumes non interactive login events that are not visible to customers so its not possible to create an event.

    If there are two interactive login's and the second deemed a risk event because of impossible travel we can create an event looking for the risk field in the sign-in logs but if the second event is a none interactive login you can't create an alert, we can't see this event.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  19. Provide an option to prevent guest access to your application but allow all members

    It would be nice to have an option for enterprise apps that when turned on or selected prevents guests in my tenant from accessing an Enterprise Application but allows all members to access the app.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  20. More logging, text files, historical data on AZ AD Sync

    Based on a recent problem we had, regarding AD Synch, we´ve noticed that there are no log files being generated locally and it´s very hard to find and keep track on what has happened during the syncs.

    We need more historical information, texte based, searchable, etc

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base