It is very important to have the MAC address added to the Azure AD user sign in report to know which devices are connecting.
In order to audit whether a permitted device is accessing a user account we need to be able to uniquely identify the devices connecting to the user account. By adding the MAC address of the device connecting to the tenant we can isolate all devices that are accessing the data. This is different from the devices that are listed in the tenant as installations. A non-authorized user could be accessing a user account if the password has been jeopardized by adding the email credentials to any email client or by accessing the portal directly. Adding the MAC address to the Azure Active Directory User login report would enable a more complete audit.
In order to audit whether a permitted device is accessing a user account we need to be able to uniquely identify the devices connecting to the user account. By adding the MAC address of the device connecting to the tenant we can isolate all devices that are accessing the data. This is different from the devices that are listed in the tenant as installations. A non-authorized user could be accessing a user account if the password has been jeopardized by adding the email credentials to any email client or by accessing the portal directly. Adding the MAC address to the…6 votes
We use MFA for the Azure portal, but enabling this carries the MFA functionality to the entire Microsoft suite. This means not only portal.office.com, but all of our applications that use Azure AD, Skype, Exchange OWA, even Yammer! I opened a ticket and was essentially told MFA is all or nothing at this point.6 votes
DreamSpark and Cloud Solution Provider (CSP) subscriptions don’t have access to the classic portal, either.
DreamSpark and Cloud Solution Provider (CSP) subscriptions don’t have access to the classic portal, either. Is there a workaround for managing the Azure AD or providing a V1 vent to to the webapps created in the ARM portal. How can a CSP partner get the access to the classic portal?6 votes
The 10000 byte file size is not quite large enough for our 240x240 logo5 votes
Initiate Manual Sync with Intune and AAD. Sometimes it takes 30 minutes or more for devices to sync between Intune and AAD. After adding a new device into Intune, it would be nice not to have to wait up to 30 minutes to add the same device into an AAD security group.5 votes
Integrate Azure and Office 365 Health, Reporting, Audit, and Activity information fully with OMS/Log Analytics
Bring all the analytics and monitoring from all Microsoft cloud services Azure and Office 365 into OMS/Log Analytics please!5 votes
Is there a way to let a device sync to Azure Active Directory every hour or so if Bitlocker is still active? You can already see the decryption key and when it is registered. However, we have to have prove that the device was encrypted at the moment it was stolen.
Thank you in advance!
Currently to create new roles for a SAML app, I have to either hope the application provider has given me an app manifest, or create them using powershell. It would be much easier for simple apps to create the roles using the portal.5 votes
Azure AD per say is yet a first class citizen w/i Azure. Azure ARM support is needed for pretty much all AD related features
1) Creating updating Users, Roles, Groups, RBAC using ARM
2) Creating Service Principals using ARM
3) Creating automation RunAs service principals
4) Creating Azure AD application
5) AAD domain services
6) MFA using ARM and Graph API
Will AAD really become a shining example of a core-azure service someday?
Looking forward to it...5 votes
Other services have a admin display that shows users currently logged in and allows the admin to kill the sessions (revoking creds, etc).
This is different than the current Azure AD Sign-ins screen that shows running status of who signed in and when, and whether the sign-in was successful.
Realize this is a big ask with many moving parts, but something I believe is warranted for security and compliance reasons.
Currently you can only sort on Display Name. Sorting on other columns (ex: Access) would make management much easier. For instance finding out who has or does not have access to the application is currently impossible.5 votes
If you create an "Access to Azure Active Directory" subscription from your Office 365 subscription when you are logged with the wrong global admin (Office 365) then you cannot change the Account Administrator (Azure) because the subscription cannot be transferred.
The only workaround is to log on with a different global admin and create a new Azure subscription to the same Office 365 tenant.
It is quite confusing and the documentation below should be amended or the procedure simplified so the Azure Account Administrator can be changed or the subscription transferred.
When activating Freshdesk for users, I have to manually scroll through pages and pages, until I see the name on the list. But it would be great to have an option to quickly find the user from the list (something like a search bar or the use of Ctrl +F).5 votes
Great suggestion and we are working on making this experience and many others with regards to users, groups and apps in the portal when we release Azure AD in the new Azure Portal in a few months.
Please provide an audit trail for access to BitLocker Recovery Keys.
My investigations of the AAD audit logs show that no audit log entries are created when an AAD user views a BitLocker recovery key in the admin portal.
The InfoSec departments at many organizations expect to see an audit log entry for security critical actions. Viewing a BitLocker recovery key is viewed as a security critical action.4 votes
We should be able to search and filter within the portal in a much more complete way than we can today.
Today, you can mostly search for startwith of a upn/name of a user. This is super limiting, so I go back and live in PowerShell to do anything more than a simple name search.
And if we want to filter, you can use show all users, or guest users only.
Give us the ability to search / filter / sort / export any attribute available to us.
This extrapolates to Groups and other object types too.4 votes
No puedo ingresar a mi correo aun con mi contraseña y proporcionando todos los datos.
Necesito ayuda4 votes
mode passe oublié4 votes
buenos dias he estado observando que por el momento un usuario standart no puede agregar su numero de telefono para reestablecer su contraseña, seria una opcion muy facil que ellos mismos pudieran agregarlo y cambiarlo, sin necesidad que el admin lo haga por ellos asì podran administrar su contraseña y el contacto con el servicio tecnico serà minimo4 votes
Office 365 allows you to add in custom Helpdesk Information (URL/Phone #). It would be helpful if we could also apply this to our custom branding page as well, since the sign-in help field does not allow HTML, nor does it respect line breaks in the Plain Text.4 votes
- Don't see your idea?