Azure Active Directory

Welcome to the Azure Active Directory Forum.

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Update UserType from portal

    Be able to see and change the userType from the portal.
    (This is only available in Powershell : example: change from Guest -> member, in order to see the directory as an external user.)

    Set-MsolUser -UserPrincipalName xxxhotmail.com#EXT#@xxxhotmail.onmicrosoft.com -UserType Member

    161 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      6 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

      Soon we’re going to start working on a first class experience in the Azure Portal that allows for a user invited to an Azure AD tenant via the “B2B Collaboration” feature to become a Member (vs their default Guest) and thus be able to be assigned as Azure AD Global Admins or Azure Subscription Co-Admins

      /Saca

    • RBAC for AAD

      The Azure teams have done an awesome job implementing RBAC. I would love to have this same functionality (granular permissions + custom roles) for AAD itself.
      Currently there's too many activities that only a global admin can do. RBAC would allow us to delegate appropriate activities without increasing our security attack surface.

      40 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        7 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
      • Dynamic Groups: Member of group

        Would be good to have the possibility to use membership in other groups as a condition in a dynamic group membership rule.

        Example:
        (user.objectId -memberOf group.objectId)
        (user.objectId -notMemberOf group.ObjectId)

        Use case 1 - Group Based Licensing.
        If the user is member of a group that gives them a E5 license, don't let them be member of a group that gives them E3.

        Use case 2 - Exceptions
        All users should have a MDM policy applied, accept those of a specific group.

        40 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          4 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
        • Disable user's ability to change password (via cloud/portals)

          We need to disable a user's ability to change their password. We need to manage password changes in our own application.

          NOTE: I am not referring to password resets (which we can easily disable). Rather I'm talking about preventing users from changing their password via a Microsoft portal when they know their existing password.

          We are looking for an equivalent of the (non Azure) AD powershell command Set-ADUser -CannotChangePassword.

          29 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            4 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
          • 20 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
            • Add PowerShell commands to manage "Users flagged for risk" in Azure AD

              I have quite a few users who have been tagged as "Users flagged for risk" in Azure AD. I'd like to be able to "Dismiss all events" for those users that were "Last updated" more than XX days ago. It seems I can only do this via the web GUI one user at a time. This stinks. This particular report had gone unwatched for a bit. PowerShell to the rescue please!

              13 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)

                We’ll send you updates on this idea

                2 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
              • Create User Roles in Azure Portal

                Microsoft done great work by providing predefined User Roles with the RBAC feature. But, sometimes (all the time), we may need to have a customized role (with customized rights). SCCM RBAC is the most nice example for that. I wish we can have the possibility to create custom roles in Azure, it will be just great and fantastic.

                12 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  under review  ·  1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                • Ability to add corporate account to Azure Subscription created with MSDN account

                  I'd like to link my MSDN account with my corporate account so I only have to sign in once to see all my Azure capabilities. I would give my corporate account portal permissions to federate (aka login to) and see my MSDN account. This way I don't have to keep switching accounts to work in the portal.

                  9 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                  • Add Microsoft Account Into AzureAD

                    Hi All.

                    The function I use most often is the creation of new users of the organization and the addition of MSA.
                    However, adding the MSA can not be done with the current AzureAD Portal.
                    included in the plan below?

                    | https://blogs.technet.microsoft.com/enterprisemobility/2017/09/18/marching-into-the-future-of-the-azure-ad-admin-experience-retiring-the-azure-classic-portal/

                    | At the moment, there are a few tasks that can still only be done in the classic Azure portal. Don’t worry, these capabilities will be added to our new admin experience in the next few weeks, well before November 30.

                    9 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      4 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

                      In the new Azure portal, you can invite users into your Azure AD tenant by specifying their email address. There are several in-line experiences where this can occur (when adding members to a group, when assigning users to an app, etc.), as well as under Users and groups > All users > New guest user: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-admin-add-users

                      If the invited email is a consumer identity (e.g. a non-work account), they can redeem the invitation using their Microsoft Account (MSA).

                      If you want to invite a user without sending the email invitation, you can use Azure AD PowerShell’s New-AzureADMSInvitation cmdlet to fully customize the invitation process (and skip sending the invite email): https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureadmsinvitation?view=azureadps-2.0

                      Does this sufficiently address your scenario? Let us know!

                      /Philippe Signoret

                    • We need visibility to whether a B2B invitation has been redeemed.

                      We need visibility to whether a B2B invitation has been redeemed. In the old portal you could tell because the UPN had the #EXT#
                      We use this on a regular basis.

                      7 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        3 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                      • Implement a way to manually initiate dynamic device group membership evaluations

                        Currently, there is no SLA/timeframe on when dynamic AAD device groups evaluate memberships.

                        Here is the recommended troubleshooting steps for these groups not populating, straight from the Azure portal:
                        "Please allow time for the group to populate. Depending on the size of your tenant, the group may take up to 24 hours for populating for the first time or after a rule change."

                        If admins are using dynamic AAD device groups for any sort of application deployment or policy targeting, waiting up to 24 hours may not be reasonable. It would be very helpful if there was a way to…

                        7 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                        • DreamSpark and Cloud Solution Provider (CSP) subscriptions don’t have access to the classic portal, either.

                          DreamSpark and Cloud Solution Provider (CSP) subscriptions don’t have access to the classic portal, either. Is there a workaround for managing the Azure AD or providing a V1 vent to to the webapps created in the ARM portal. How can a CSP partner get the access to the classic portal?

                          6 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                          • Disable user role to list (entire) enterprise AD

                            Currently all users migrated to O365 are able to log on to the portal and to list AD directory. I didn't find an option to disable this (view) yet.

                            6 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              8 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

                              There is a setting that allows you to prevent users from seeing other users in the directory. This setting is called ‘UsersPermissionToReadOtherUsersEnabled’ and can only be set by using the Microsoft Online powershell commandlets, specifically Set-MsolCompanySettings.

                              More info here:
                              https://docs.microsoft.com/en-us/powershell/msonline/v1/set-msolcompanysettings

                              I’ll leave this item open since I’d be interested in hearing feedback in the comments section if this is the functionality you’re interested in and if so and there’s a lot of votes for this item, we can look at exposing it in the portal (vs requiring PowerShell).

                              /Saca

                            • Enable custom fields in Device Properties

                              Can the product team please look into the ability to add custom fields to Azure AD joined devices? So in Azure Active Directory -> Devices -> All Devices -> [device name] -> in the setting that come up with the "Name", "ID", "Enabled" etc... allow us to have the ability to enter a custom attributes.

                              One thing I can think of that would come to mind is an asset tag field. Or a "Custom 1" field where we can put an Asset Tag.

                              However multiple custom fields could serve other purposes, like date of purchase, warranty expiry etc.

                              5 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                              • Add B2B Users via both CSV or by searching via email

                                Love the new AAD Admin Portal. It's currently missing the capability that the classic Azure portal has to invite B2B (other AAD) users. In the new experience can we have the ability to not only bulk upload with CSV, but also be able to add one at a time with a simple email search?

                                5 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  2 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                • Improve Device Listing Page - Export, sort, filter

                                  The All Device listing in Azure Active Directory has good information but you can not export it, sort it or filter efficiently.

                                  Would really appreciate the typical 'Export' option.

                                  5 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Allow quick search and find of user

                                    When activating Freshdesk for users, I have to manually scroll through pages and pages, until I see the name on the list. But it would be great to have an option to quickly find the user from the list (something like a search bar or the use of Ctrl +F).

                                    4 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

                                      Great suggestion and we are working on making this experience and many others with regards to users, groups and apps in the portal when we release Azure AD in the new Azure Portal in a few months.

                                      /Brjann Brekkan

                                    • Access to Azure Active Directory (Office 365 paid subscription)

                                      Hi,

                                      If you create an "Access to Azure Active Directory" subscription from your Office 365 subscription when you are logged with the wrong global admin (Office 365) then you cannot change the Account Administrator (Azure) because the subscription cannot be transferred.

                                      The only workaround is to log on with a different global admin and create a new Azure subscription to the same Office 365 tenant.

                                      It is quite confusing and the documentation below should be amended or the procedure simplified so the Azure Account Administrator can be changed or the subscription transferred.

                                      https://technet.microsoft.com/en-us/library/dn832618.aspx
                                      https://azure.microsoft.com/en-us/documentation/articles/billing-subscription-transfer/
                                      https://azure.microsoft.com/en-gb/documentation/articles/billing-add-change-azure-subscription-administrator/

                                      Thanks

                                      4 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        2 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Make Azure AD a first class citizen of Azure

                                        Azure AD per say is yet a first class citizen w/i Azure. Azure ARM support is needed for pretty much all AD related features

                                        1) Creating updating Users, Roles, Groups, RBAC using ARM
                                        2) Creating Service Principals using ARM
                                        3) Creating automation RunAs service principals
                                        4) Creating Azure AD application
                                        5) AAD domain services
                                        6) MFA using ARM and Graph API
                                        ...

                                        Will AAD really become a shining example of a core-azure service someday?
                                        Looking forward to it...

                                        4 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Add Administrative Units to Azure AD Portal

                                          AU:s (Azure AD OUs) are only possible to administer in a convoluted way with Powershell today. Please make it possible to administer AU:s in the new modern Azure AD portal.

                                          4 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 6
                                          • Don't see your idea?

                                          Feedback and Knowledge Base