Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Windows Server AD couldn't match Azure AD user

    Yesterday I tried to have on-premises AD take over my Azure AD user, by create a same user on local AD, use the same UserPrincipalName and ProxyAddress, and it worked.
    Today, I tried this on a brand new Windows Server, it failed several times. I got the email saying: The object has been updated in your Azure Active Directory, but with some modified properties, because the following attributes are associated with another object..
    I want to know why is that happened, and I want it's working.. Thanks in advance.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. Roaming User Profiles for Windows10 AzureAD joined only devices

    Now modern workplaces are moving to the Cloud much more Windows 10 devices are AzureAD joined only. When users share their devices they want to store and keep their personal user settings against all those devices.

    Enterprise State Roaming (ESR) and User Experience Virtualization (UE-V) are some solutions in this space. However they have some limitations using Windows 10 AzureAD only connected devices.

    Therefore it would be valueable if Roaming User Profile management will be added to Microsoft Device Management solution.

    One of our suggestions to reach this purpose is to combine the recently acquired FSLogix with Onedrive for this…

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  3. Remove "No account? Create one!" in branding settings

    We have branded the Azure AD login page that is used by all our end users to make them feel more at home. However, there's a choice on this branded login page saying "No account? Create one!" which creates confusion. Since we're running synchronized identities for most of our customers, this does not apply for them. Therefore, make it possible on the Azure AD Company branding settings page to:

    Show "No account? Create one!" on the signed in page? YES or NO

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  4. Make error messages more meaningful. A guest AD user was preventing domain deletion, however Azure portal listed enterprise app as the prblm

    Also the Tier2 tech was making suggestions that suggested he simply may be reading from a list of solutions rather than reading error messages and analyzing the issue at hand.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. Membership Request notification and response from MyApps portal

    There are a lot of great features for the MyApps portal for Group management detailed here: https://docs.microsoft.com/en-us/azure/active-directory/user-help/my-apps-portal-end-user-groups

    There is one glaring thing missing though, no way to be notified/respond to a group membership request. Almost the entire workflow is there for Group self-service and self-management, but when a user requests access to a group all the Owner gets is an email. It doesn't have a link to approve or even see more details. It would be great if the portal had notifications for them to respond, a single place to manage all requests.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. Removing different tenants/directories if I am the owner of the company

    Is it possible if you are company owner and you have employs to have access to remove the tenants or directories that are created under you / under your account

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  7. Show at the portal the quota that is being used by the tenant

    Please add at the portal the quota that is being used by the tenant to be able to request to Microsoft to increase the limit prior to have affectation and impact on the sync, b2b invites, app creations etc.

    Current limit is 1 million, and when reach we will need to create a ticket with MS to increase the limit.

    There's no way to know the value of the total currently in use.

    The advice from MS was to run a:

    Azure PS
    (Get-AzureADUser -All $true).Count
    (Get-AzureADGroup -All $true).Count
    (Get-AzureADContact -All $true).Count
    (Get-AzureADDevice -All $true).Count
    MSOL PS
    (Get-MsolUser -All -ReturnDeletedUsers).Count

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. Provide ability to unlink Azure from Office 365

    My company has an Office365 subscription and we use the AD to manage internal staff roles, system access, etc. We also have entirely separate external data centres running systems and services for external customers and financial partners. We are now engaging in a migration exercise to move our data centres to the cloud. I created an Azure account using my company email address (naturally), and it automatically pulled in all settings and staff and who knows what else from our Office365 AD. This has already caused many issues in just a few days. Through multiple calls and emails with MS…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  9. Consider providing Group settings to be accessed when creating a group in Active Directory

    When creating a group in AD the settings to deliver messages to a users inbox are turned off. When a group is created in the Office 365 Admin portal these setting seem to default to On. It would be helpful to have access to these settings in AD. This would facilitate creating a group with the proper settings while allowing users to recognize that there are setting that need to be considered for a new group.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add authentication logging for Azure Active Directory Domain Service

    Currently if I want to gain additional insight on why a user may be unable to login to our AADDS we have to file a support ticket.

    We are able to manage our AADDS with the classic AD management tools - a similar experience would be ideal for log review. Although we would still be happy to have access through the Azure portal as well.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  11. Get rid of all the security that will ultimately keep the computer owners out.

    Give the user the option to select security, not force it on them with complexity that will ultimately lock them out.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  12. smartlock - powershell commands

    It would be nice for administrators to see what accounts are currently locked or how much time to go if they were locked by smart lock out. Or even a way to unlock them?

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  13. Would this work with Ceridian Dayforce to automate user provisioning, changes to role based access base on job title?

    Would this work with Ceridian Dayforce to automate user provisioning, changes to role based access base on job title? We would like to automate the provisioning and changes to user account in AD based upon their job status, change title, manager, etc. in Ceridian Dayforce. Does this product integrate with Ceridian Dayforce?

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  14. Provide the ability to remove disabled subscriptions.

    If you have a subscription that entered disabled state, Let's say it was a sponsorship provided by Microsoft itself for training purposes, once it is disabled at the current moment you have to live with it forever. There is no way of removing it from your AAD directory. You have to filter it out so that you do not see it when browsing resources. That is dumb. We should be able to say we do not need this anymore, so remove it delete it whatever. "Hiding it" is not the right answer.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  15. This is not an idea but a feedback

    I find the idea of entering the OTP everytime I login ,very absurd. atleast you should not ask for OTP on the same system which I was logged

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow Custom Domains to have service principals in Azure AD

    Currently, if I want to use my own certificate for a custom domain in Azure CDN, I have to grant Azure CDN access to my KeyVault. That means anyone in the organization can potentially set up a custom domain using my KeyVault certificate. Instead, move the level of access policy down to the custom domain so that I can grant a specific custom domain access to the KeyVault and limit access that way.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add dynamic owners to a group in addition to dynamic members

    Currently, groups can be defined dynamically with rules. Please expand that capability to dynamically define owners as well. This will be especially useful for Microsoft Teams. When the current owner of a group leaves the company or role, the person who replaces him/her should automatically become the new owner of the group.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  18. Link user assignment to failed app login

    If an app in Azure AD requires user assignment and the user trying to login to the app is not assigned a role in the app, the user gets the generic AADSTS50105 error (The signed in user xxxxx is not assigned a role for the application xxxxx).

    Now, what if user self-service assignment has been allowed - would it be possible to include a link to the error page linking directly to the access panel where the user could request access to the application? Something like "Request access" - then the user could just click that and requrest assignment.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  19. 2 step verification - I am the Admin and my phone number changed

    You lost your phone or got a new phone number. If you've lost your phone or gotten a new number, you can either sign in using a different method or ask your administrator to clear your settings. We strongly recommend letting your administrator know if your phone was lost or stolen, so the appropriate updates can be made to your account. After your settings are cleared, you'll be prompted to register for two-step verification the next time you sign in. I cant get a verification code because the number that I am trying to update no longer exists and I…

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  20. azure ad app Required permissions dependency

    Presently when you create a azure ad app and app the api in Required permissions. It requires that app the api has be in specific order to use the KnownClient setting for Creating the service principal in Consumer Tenanat. Please make check the internal dependency of Required api before creating the service Principal.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base