Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable "Owner" attribute for Group Object on Azure AD Connect Sync

    Currently, the group owner on Azure AD Portal is mapped to "Owner" attribute while the Office 365 Admin Portal is mapped to "ManagedBy". For a group which is synced from local AD to the AAD via AAD Connect, there is no way to update the "Owner" attribute on Azure AD.

    The AAD Connect does not support "Owner" attribute for sync and we can't assign "Owner" on Azure AD as it is a synced object.

    So to resolve this issue, the "Owner" attribute should be supported as an attribute for sync on the Azure AD Connect.

    23 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
    • Implement a way to manually initiate dynamic device group membership evaluations

      Currently, there is no SLA/timeframe on when dynamic AAD device groups evaluate memberships.

      Here is the recommended troubleshooting steps for these groups not populating, straight from the Azure portal:
      "Please allow time for the group to populate. Depending on the size of your tenant, the group may take up to 24 hours for populating for the first time or after a rule change."

      If admins are using dynamic AAD device groups for any sort of application deployment or policy targeting, waiting up to 24 hours may not be reasonable. It would be very helpful if there was a way to…

      14 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

        Thank you for your feedback. This is something we are considering, but there is no timeline now. If it matters to you, keep voting to help us prioritize.

        In the interim, we’ve added the ability to view the processing status for the dynamic membership rule of a group in the Azure Admin portal. This is not providing an SLA for the rule evaluation, however, it does provide information including that the processing is complete.

      • Logon Hours

        Implement Logon Hours to restrict access to O365 Services

        10 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
        • Lifecycle management process for guest accounts

          I would like to see support for lifecycle management of guest accounts. E.g. based on the guest account login/access activity, the external user should receive an email to confirm that the guest account in our tenant is still needed. This sounds similar to "Access reviews" which is currently in preview but it doesn't consider user accounts as such. It would also be good to have a proper monitoring similar to what is available in PIM where you can see if roles have been activated.

          I can generally see that functionalities are there already in other places so it shouldn't be…

          10 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
          • Dynamic Group Membership - Devices groups and exclusion

            It would be great to be able to create rules for devices group membership that allow to exclude a list or a group of devices.

            i.e. (device.managementType -eq "PC") -notin (device.Group -eq "WhatEverGroup")

            10 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
            • Add IPv6 support across all features

              Include, by default, support for IPv6 across the entire Azure stack.

              I can't believe that this is not standard. Some features, like conditional access are useless and feature breaking if you have a dual stack or IPv6 network.

              Normally, this would be a planning no no, and would get an automatic product rejection because of the lack of support of a mainstream networking protocol. But because of the size of our current investment in Microsoft, we are at your mercy.

              We will be warning all our connections of this lack of support and apparent lack of road map so that…

              9 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
              • Ability to add corporate account to Azure Subscription created with MSDN account

                I'd like to link my MSDN account with my corporate account so I only have to sign in once to see all my Azure capabilities. I would give my corporate account portal permissions to federate (aka login to) and see my MSDN account. This way I don't have to keep switching accounts to work in the portal.

                9 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                • Add ability to sort/filter by column in users and groups list

                  The "All Users" and "All groups" views in the AAD portal should allow sorting and filtering on all columns.

                  8 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    2 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                  • MFA registration from trusted location

                    Enable a feature like Okta has, which is to allow MFA registration only from trusted locations and do not allow registration from outside trusted locations.

                    8 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      2 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                    • search

                      Currently the group search in azure active directory is done on the base of “Starts with”
                      I'd like to have extended search capabilities, like "include" "end with" "exclude" and so on

                      8 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                      • Sign In Branding: view, set, and modify with PowerShell.

                        The information set in https://docs.microsoft.com/en-us/azure/active-directory/customize-branding is only editable via the web page. It's not possible to check or edit this via a script.

                        This makes bulk changes for multi-national companies difficult to implement or verify.

                        7 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                        • Admin Consent Portal

                          Allow users to request admin consent to an application and have that appear within the portal, as an administrator it's a challenge to source the application_id and approve the application for all users if required.

                          7 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                          • Disable user role to list (entire) enterprise AD

                            Currently all users migrated to O365 are able to log on to the portal and to list AD directory. I didn't find an option to disable this (view) yet.

                            7 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              8 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

                              There is a setting that allows you to prevent users from seeing other users in the directory. This setting is called ‘UsersPermissionToReadOtherUsersEnabled’ and can only be set by using the Microsoft Online powershell commandlets, specifically Set-MsolCompanySettings.

                              More info here:
                              https://docs.microsoft.com/en-us/powershell/msonline/v1/set-msolcompanysettings

                              I’ll leave this item open since I’d be interested in hearing feedback in the comments section if this is the functionality you’re interested in and if so and there’s a lot of votes for this item, we can look at exposing it in the portal (vs requiring PowerShell).

                              /Saca

                            • Azure AD Group expiration should allow exclude groups rather than include groups

                              Currently the Azure AD group expiration is set to All/Include some/None. So if I dont want to include all, I have to constantly go and add new groups to the include list.
                              Having the ability to exclude would be much more admin friendly.

                              6 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                              • Subscription Name change Log

                                Hi,
                                We have multiple subscriptions and many admins have owner access for most of the subscriptions.
                                Recently, a subscription name changed and we couldn't see the audit logs for this activity in the Azure Portal. MS support informed that this log is not enabled for view for admins.
                                If Audit logs enabled for such subscription settings in the azure portal itself for administrator view, it would be helpful for troubleshooting.

                                6 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                • Add Last login stamp for Cloud Identity

                                  Add Last login stamp for Cloud Identity

                                  At present there is no Azure Attribute which tells about the last login Stamp for Cloud Identity. once the License is removed we will have to delete the object if not there will be lot many identity with no License

                                  6 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                  • DreamSpark and Cloud Solution Provider (CSP) subscriptions don’t have access to the classic portal, either.

                                    DreamSpark and Cloud Solution Provider (CSP) subscriptions don’t have access to the classic portal, either. Is there a workaround for managing the Azure AD or providing a V1 vent to to the webapps created in the ARM portal. How can a CSP partner get the access to the classic portal?

                                    6 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Integrate Azure and Office 365 Health, Reporting, Audit, and Activity information fully with OMS/Log Analytics

                                      Bring all the analytics and monitoring from all Microsoft cloud services Azure and Office 365 into OMS/Log Analytics please!

                                      5 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Allow admins to unlock user accounts

                                        Admin SSPR allows password reset. User unlock in this same portal would be helpful.

                                        Thanks for your consideration -Zack

                                        5 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          2 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Bitlocker sync status

                                          Is there a way to let a device sync to Azure Active Directory every hour or so if Bitlocker is still active? You can already see the decryption key and when it is registered. However, we have to have prove that the device was encrypted at the moment it was stolen.

                                          Thank you in advance!
                                          Roy

                                          5 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 9 10
                                          • Don't see your idea?

                                          Feedback and Knowledge Base