Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Get 'low license count' notification

    It would be beneficial to get a notification when license count gets to x number. We are syncing our users with DirSync and apply licenses based on group membership. When users get synced and we have no licenses, I have zero idea until someone comes to me that they cannot get logged in to O365.

    14 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      3 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
    • bitlocker recovery

      Delegate permission to view the Bitlocker recovery key to other roles than Global admins (e.g. Device administrators). Our clients guys are responsible for managing the devices, and they will support the end users.
      Or provide RBAC for Azure AD to build customer roles.

      12 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
      • Implement a way to manually initiate dynamic device group membership evaluations

        Currently, there is no SLA/timeframe on when dynamic AAD device groups evaluate memberships.

        Here is the recommended troubleshooting steps for these groups not populating, straight from the Azure portal:
        "Please allow time for the group to populate. Depending on the size of your tenant, the group may take up to 24 hours for populating for the first time or after a rule change."

        If admins are using dynamic AAD device groups for any sort of application deployment or policy targeting, waiting up to 24 hours may not be reasonable. It would be very helpful if there was a way to…

        12 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
        • GA for - Assign licenses to users by group membership in Azure Active Directory

          We would like to have our Tenant added to Public Preview for Assign licenses to users by group membership in Azure Active Directory Service.
          OR
          It would be great if we can know the Estimated date for this Service to be Generally Available.

          11 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            2 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
          • Enable "Owner" attribute for Group Object on Azure AD Connect Sync

            Currently, the group owner on Azure AD Portal is mapped to "Owner" attribute while the Office 365 Admin Portal is mapped to "ManagedBy". For a group which is synced from local AD to the AAD via AAD Connect, there is no way to update the "Owner" attribute on Azure AD.

            The AAD Connect does not support "Owner" attribute for sync and we can't assign "Owner" on Azure AD as it is a synced object.

            So to resolve this issue, the "Owner" attribute should be supported as an attribute for sync on the Azure AD Connect.

            11 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
            • Ability to add corporate account to Azure Subscription created with MSDN account

              I'd like to link my MSDN account with my corporate account so I only have to sign in once to see all my Azure capabilities. I would give my corporate account portal permissions to federate (aka login to) and see my MSDN account. This way I don't have to keep switching accounts to work in the portal.

              9 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
              • Add IPv6 support across all features

                Include, by default, support for IPv6 across the entire Azure stack.

                I can't believe that this is not standard. Some features, like conditional access are useless and feature breaking if you have a dual stack or IPv6 network.

                Normally, this would be a planning no no, and would get an automatic product rejection because of the lack of support of a mainstream networking protocol. But because of the size of our current investment in Microsoft, we are at your mercy.

                We will be warning all our connections of this lack of support and apparent lack of road map so that…

                6 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                • MFA registration from trusted location

                  Enable a feature like Okta has, which is to allow MFA registration only from trusted locations and do not allow registration from outside trusted locations.

                  6 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    2 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                  • Dynamic Group Membership - Devices groups and exclusion

                    It would be great to be able to create rules for devices group membership that allow to exclude a list or a group of devices.

                    i.e. (device.managementType -eq "PC") -notin (device.Group -eq "WhatEverGroup")

                    6 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                    • Admin Consent Portal

                      Allow users to request admin consent to an application and have that appear within the portal, as an administrator it's a challenge to source the application_id and approve the application for all users if required.

                      6 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                      • Disable user role to list (entire) enterprise AD

                        Currently all users migrated to O365 are able to log on to the portal and to list AD directory. I didn't find an option to disable this (view) yet.

                        6 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          8 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

                          There is a setting that allows you to prevent users from seeing other users in the directory. This setting is called ‘UsersPermissionToReadOtherUsersEnabled’ and can only be set by using the Microsoft Online powershell commandlets, specifically Set-MsolCompanySettings.

                          More info here:
                          https://docs.microsoft.com/en-us/powershell/msonline/v1/set-msolcompanysettings

                          I’ll leave this item open since I’d be interested in hearing feedback in the comments section if this is the functionality you’re interested in and if so and there’s a lot of votes for this item, we can look at exposing it in the portal (vs requiring PowerShell).

                          /Saca

                        • DreamSpark and Cloud Solution Provider (CSP) subscriptions don’t have access to the classic portal, either.

                          DreamSpark and Cloud Solution Provider (CSP) subscriptions don’t have access to the classic portal, either. Is there a workaround for managing the Azure AD or providing a V1 vent to to the webapps created in the ARM portal. How can a CSP partner get the access to the classic portal?

                          6 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                          • Add ability to sort/filter by column in users and groups list

                            The "All Users" and "All groups" views in the AAD portal should allow sorting and filtering on all columns.

                            5 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                            • Access to Azure Active Directory (Office 365 paid subscription)

                              Hi,

                              If you create an "Access to Azure Active Directory" subscription from your Office 365 subscription when you are logged with the wrong global admin (Office 365) then you cannot change the Account Administrator (Azure) because the subscription cannot be transferred.

                              The only workaround is to log on with a different global admin and create a new Azure subscription to the same Office 365 tenant.

                              It is quite confusing and the documentation below should be amended or the procedure simplified so the Azure Account Administrator can be changed or the subscription transferred.

                              https://technet.microsoft.com/en-us/library/dn832618.aspx
                              https://azure.microsoft.com/en-us/documentation/articles/billing-subscription-transfer/
                              https://azure.microsoft.com/en-gb/documentation/articles/billing-add-change-azure-subscription-administrator/

                              Thanks

                              5 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                2 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                              • Logon Hours

                                Implement Logon Hours to restrict access to O365 Services

                                4 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                • Integrate Azure and Office 365 Health, Reporting, Audit, and Activity information fully with OMS/Log Analytics

                                  Bring all the analytics and monitoring from all Microsoft cloud services Azure and Office 365 into OMS/Log Analytics please!

                                  4 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Lifecycle management process for guest accounts

                                    I would like to see support for lifecycle management of guest accounts. E.g. based on the guest account login/access activity, the external user should receive an email to confirm that the guest account in our tenant is still needed. This sounds similar to "Access reviews" which is currently in preview but it doesn't consider user accounts as such. It would also be good to have a proper monitoring similar to what is available in PIM where you can see if roles have been activated.

                                    I can generally see that functionalities are there already in other places so it shouldn't be…

                                    4 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Show clear and verbose information on licensing conflicts

                                      Currently a licensing conflict is just labeled as a licensing conflict and there is no information at all as to which other licensing product is causing the conflict.

                                      It would be VERY helpful if the admin portal would give details as to the EXACT products that are causing the licensing conflict,

                                      4 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Under all the Security alerts, I would like to have to the ability to mark at it as working on by me.

                                        Under all the Security alerts, I would like to have to the ability to mark at it as working on by me.
                                        For Example I can right click on an alert or under the context menu and mark it as being worked on. This will allow my Co-workers the ability to move onto the next alert. This alleviate duplicate work among my team mates.

                                        Thank you

                                        4 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Bitlocker sync status

                                          Is there a way to let a device sync to Azure Active Directory every hour or so if Bitlocker is still active? You can already see the decryption key and when it is registered. However, we have to have prove that the device was encrypted at the moment it was stolen.

                                          Thank you in advance!
                                          Roy

                                          4 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 8 9
                                          • Don't see your idea?

                                          Feedback and Knowledge Base