Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 230 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    63 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add an option to bypass service plan dependency check when assigning license to group

    The Azure portal does not allow assignment of an add-on license to a user group unless a base license with prerequisite service plans is also assigned to the group. Example: Audio Conferencing can only be assigned to a group if (e.g.) Office 365 E3 with the Microsoft Teams service plan enabled is added to the group at the same time.

    The problem is that most of our customers have a mix of Office licenses. In order to avoid service plan conflicts and unnecessary license usage, we would need to create a group for each possible combination of the addon and…

    40 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add ability to sort/filter by column in users and groups list

    The "All Users" and "All groups" views in the AAD portal should allow sorting and filtering on all columns.

    37 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  4. Implement a feature that allows password expiry notifications from Azure Active Directory

    Enable functionality where admins can turn on "Your password is about to expire" email notifications for Azure Active Directory users. Add configuration items to this so it can be configured to send an email to users at 5 different stages (eg. 14 days out, 7 days, 3 days, 2 days, 1 day) etc. It's 2017 already.

    33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  5. Restore Azure Active Directory Security groups

    Restore Azure Active Directory Security groups

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  6. Logon Hours

    Implement Logon Hours to restrict access to O365 Services

    18 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  7. Lifecycle management process for guest accounts

    I would like to see support for lifecycle management of guest accounts. E.g. based on the guest account login/access activity, the external user should receive an email to confirm that the guest account in our tenant is still needed. This sounds similar to "Access reviews" which is currently in preview but it doesn't consider user accounts as such. It would also be good to have a proper monitoring similar to what is available in PIM where you can see if roles have been activated.

    I can generally see that functionalities are there already in other places so it shouldn't be…

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  8. Ability to prevent subscription association to Azure AD tenant

    In terms of Azure governance many customers want to control or rather disable the ability to associate pay-as-you-go subscriptions to their Azure AD tenant, quite similar to controlling who can register applications to the tenant. This is especially evident in an Enterprise Enrollment scenario where consumption is driven by a monetary per-commitment. Often customers aren't even (made) aware of this "loop-hole".

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  9. MFA registration from trusted location

    Enable a feature like Okta has, which is to allow MFA registration only from trusted locations and do not allow registration from outside trusted locations.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add IPv6 support across all features

    Include, by default, support for IPv6 across the entire Azure stack.

    I can't believe that this is not standard. Some features, like conditional access are useless and feature breaking if you have a dual stack or IPv6 network.

    Normally, this would be a planning no no, and would get an automatic product rejection because of the lack of support of a mainstream networking protocol. But because of the size of our current investment in Microsoft, we are at your mercy.

    We will be warning all our connections of this lack of support and apparent lack of road map so that…

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  11. Sign In Branding: view, set, and modify with PowerShell.

    The information set in https://docs.microsoft.com/en-us/azure/active-directory/customize-branding is only editable via the web page. It's not possible to check or edit this via a script.

    This makes bulk changes for multi-national companies difficult to implement or verify.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. Reserved instances

    When a reservation instance is created from an Enterprise Agreement, only the creator can manage the resource, even if all other EA Managers are given the Reservation manager role, they cannot see it, therefore they cannot manage until manually given the Owner role over the RI.
    Making this default would ease several users.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add Last login stamp for Cloud Identity

    Add Last login stamp for Cloud Identity

    At present there is no Azure Attribute which tells about the last login Stamp for Cloud Identity. once the License is removed we will have to delete the object if not there will be lot many identity with no License

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  14. Ability to add corporate account to Azure Subscription created with MSDN account

    I'd like to link my MSDN account with my corporate account so I only have to sign in once to see all my Azure capabilities. I would give my corporate account portal permissions to federate (aka login to) and see my MSDN account. This way I don't have to keep switching accounts to work in the portal.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  15. Subscription Name change Log

    Hi,
    We have multiple subscriptions and many admins have owner access for most of the subscriptions.
    Recently, a subscription name changed and we couldn't see the audit logs for this activity in the Azure Portal. MS support informed that this log is not enabled for view for admins.
    If Audit logs enabled for such subscription settings in the azure portal itself for administrator view, it would be helpful for troubleshooting.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  16. search

    Currently the group search in azure active directory is done on the base of “Starts with”
    I'd like to have extended search capabilities, like "include" "end with" "exclude" and so on

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  17. Admin Consent Portal

    Allow users to request admin consent to an application and have that appear within the portal, as an administrator it's a challenge to source the application_id and approve the application for all users if required.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  18. Disable user role to list (entire) enterprise AD

    Currently all users migrated to O365 are able to log on to the portal and to list AD directory. I didn't find an option to disable this (view) yet.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

    There is a setting that allows you to prevent users from seeing other users in the directory. This setting is called ‘UsersPermissionToReadOtherUsersEnabled’ and can only be set by using the Microsoft Online powershell commandlets, specifically Set-MsolCompanySettings.

    More info here:
    https://docs.microsoft.com/en-us/powershell/msonline/v1/set-msolcompanysettings

    I’ll leave this item open since I’d be interested in hearing feedback in the comments section if this is the functionality you’re interested in and if so and there’s a lot of votes for this item, we can look at exposing it in the portal (vs requiring PowerShell).

    /Saca

  19. Real time alerting for Break Glass Admin accounts

    Maintaining a backup admin account which can be used in “break glass” scenarios is important but the account would not be enabled for MFA to avoid being locked out of the tenant in the event of MFA issues or service outages. Per guidance by Microsoft these types of accounts should be normally unused and monitored for any activity but there is no native mechanism for generating real time alerts in the event of activity.

    Being able to designate a couple accounts that immediately generate email and SMS alerts would be highly beneficial enhancement. Ideally this should be available as a…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow admins to unlock user accounts

    Admin SSPR allows password reset. User unlock in this same portal would be helpful.

    Thanks for your consideration -Zack

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 11 12
  • Don't see your idea?

Feedback and Knowledge Base