Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Implement a way to manually initiate dynamic device group membership evaluations

    Currently, there is no SLA/timeframe on when dynamic AAD device groups evaluate memberships.

    Here is the recommended troubleshooting steps for these groups not populating, straight from the Azure portal:
    "Please allow time for the group to populate. Depending on the size of your tenant, the group may take up to 24 hours for populating for the first time or after a rule change."

    If admins are using dynamic AAD device groups for any sort of application deployment or policy targeting, waiting up to 24 hours may not be reasonable. It would be very helpful if there was a way to…

    10 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
    • Ability to add corporate account to Azure Subscription created with MSDN account

      I'd like to link my MSDN account with my corporate account so I only have to sign in once to see all my Azure capabilities. I would give my corporate account portal permissions to federate (aka login to) and see my MSDN account. This way I don't have to keep switching accounts to work in the portal.

      9 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
      • Enable "Owner" attribute for Group Object on Azure AD Connect Sync

        Currently, the group owner on Azure AD Portal is mapped to "Owner" attribute while the Office 365 Admin Portal is mapped to "ManagedBy". For a group which is synced from local AD to the AAD via AAD Connect, there is no way to update the "Owner" attribute on Azure AD.

        The AAD Connect does not support "Owner" attribute for sync and we can't assign "Owner" on Azure AD as it is a synced object.

        So to resolve this issue, the "Owner" attribute should be supported as an attribute for sync on the Azure AD Connect.

        6 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
        • Disable user role to list (entire) enterprise AD

          Currently all users migrated to O365 are able to log on to the portal and to list AD directory. I didn't find an option to disable this (view) yet.

          6 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            8 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

            There is a setting that allows you to prevent users from seeing other users in the directory. This setting is called ‘UsersPermissionToReadOtherUsersEnabled’ and can only be set by using the Microsoft Online powershell commandlets, specifically Set-MsolCompanySettings.

            More info here:
            https://docs.microsoft.com/en-us/powershell/msonline/v1/set-msolcompanysettings

            I’ll leave this item open since I’d be interested in hearing feedback in the comments section if this is the functionality you’re interested in and if so and there’s a lot of votes for this item, we can look at exposing it in the portal (vs requiring PowerShell).

            /Saca

          • DreamSpark and Cloud Solution Provider (CSP) subscriptions don’t have access to the classic portal, either.

            DreamSpark and Cloud Solution Provider (CSP) subscriptions don’t have access to the classic portal, either. Is there a workaround for managing the Azure AD or providing a V1 vent to to the webapps created in the ARM portal. How can a CSP partner get the access to the classic portal?

            6 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
            • Make Azure AD a first class citizen of Azure

              Azure AD per say is yet a first class citizen w/i Azure. Azure ARM support is needed for pretty much all AD related features

              1) Creating updating Users, Roles, Groups, RBAC using ARM
              2) Creating Service Principals using ARM
              3) Creating automation RunAs service principals
              4) Creating Azure AD application
              5) AAD domain services
              6) MFA using ARM and Graph API
              ...

              Will AAD really become a shining example of a core-azure service someday?
              Looking forward to it...

              4 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
              • Access to Azure Active Directory (Office 365 paid subscription)

                Hi,

                If you create an "Access to Azure Active Directory" subscription from your Office 365 subscription when you are logged with the wrong global admin (Office 365) then you cannot change the Account Administrator (Azure) because the subscription cannot be transferred.

                The only workaround is to log on with a different global admin and create a new Azure subscription to the same Office 365 tenant.

                It is quite confusing and the documentation below should be amended or the procedure simplified so the Azure Account Administrator can be changed or the subscription transferred.

                https://technet.microsoft.com/en-us/library/dn832618.aspx
                https://azure.microsoft.com/en-us/documentation/articles/billing-subscription-transfer/
                https://azure.microsoft.com/en-gb/documentation/articles/billing-add-change-azure-subscription-administrator/

                Thanks

                4 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  2 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                • Allow quick search and find of user

                  When activating Freshdesk for users, I have to manually scroll through pages and pages, until I see the name on the list. But it would be great to have an option to quickly find the user from the list (something like a search bar or the use of Ctrl +F).

                  4 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

                    Great suggestion and we are working on making this experience and many others with regards to users, groups and apps in the portal when we release Azure AD in the new Azure Portal in a few months.

                    /Brjann Brekkan

                  • bitlocker recovery

                    Delegate permission to view the Bitlocker recovery key to other roles than Global admins (e.g. Device administrators). Our clients guys are responsible for managing the devices, and they will support the end users.
                    Or provide RBAC for Azure AD to build customer roles.

                    3 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                    • MFA registration from trusted location

                      Enable a feature like Okta has, which is to allow MFA registration only from trusted locations and do not allow registration from outside trusted locations.

                      3 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                      • Dynamic Group Membership - Devices groups and exclusion

                        It would be great to be able to create rules for devices group membership that allow to exclude a list or a group of devices.

                        i.e. (device.managementType -eq "PC") -notin (device.Group -eq "WhatEverGroup")

                        3 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                        • Bitlocker sync status

                          Is there a way to let a device sync to Azure Active Directory every hour or so if Bitlocker is still active? You can already see the decryption key and when it is registered. However, we have to have prove that the device was encrypted at the moment it was stolen.

                          Thank you in advance!
                          Roy

                          3 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                          • Allow creation of SAML Roles in portal

                            Currently to create new roles for a SAML app, I have to either hope the application provider has given me an app manifest, or create them using powershell. It would be much easier for simple apps to create the roles using the portal.

                            3 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                            • Admin status page of current sign-ins/logins/sesssions where sessions can be killed

                              Other services have a admin display that shows users currently logged in and allows the admin to kill the sessions (revoking creds, etc).

                              This is different than the current Azure AD Sign-ins screen that shows running status of who signed in and when, and whether the sign-in was successful.

                              Realize this is a big ask with many moving parts, but something I believe is warranted for security and compliance reasons.

                              -thanks
                              -e

                              3 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                              • Provide the ability in the Portal to provision a ServicePrincipal for an application created via the Ibiza Portal

                                See the blog post by Vittorio Bertocci at http://www.cloudidentity.com/blog/2016/10/04/provision-an-app-created-on-portal-azure-com-in-your-own-tenant/. Minimally, take the form provided here and execute the submit from where the text "Log on to the app to create a local instance" is displayed today.

                                3 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                • In Application -> Users allow to sort on all columns.

                                  Currently you can only sort on Display Name. Sorting on other columns (ex: Access) would make management much easier. For instance finding out who has or does not have access to the application is currently impossible.

                                  3 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Multiple User/Group Delete in Azure AD

                                    Hi.

                                    For testing/dev/learning purposes it would be an welcome feature to enable multiple Azure AD User/Group delete.

                                    3 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Directory role "Dynamics 365 service administrator" not available in AAD portal

                                      For some reason, this role is only shown in the Office 365 admin portal. This should be visible in the AAD portal as well. Please fix.

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Sign In Branding: view, set, and modify with PowerShell.

                                        The information set in https://docs.microsoft.com/en-us/azure/active-directory/customize-branding is only editable via the web page. It's not possible to check or edit this via a script.

                                        This makes bulk changes for multi-national companies difficult to implement or verify.

                                        2 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Logon Hours

                                          Implement Logon Hours to restrict access to O365 Services

                                          2 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 6 7
                                          • Don't see your idea?

                                          Feedback and Knowledge Base