Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Linux compatibility for AzureAD Powershell Module

    As mentioned in https://github.com/PowerShell/PowerShell/issues/5274, the AzureAD module is not compatible with Linux.

    112 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  2. Find all users with app passwords

    We think that it's necessary to have a command for PowerShell to show app passwords per user. It would also need to show what app the password is being used for. MFA is pointless with thousands of app passwords. Not every user we've enforced has set up app passwords. this is what me and many other admins would like to know.

    50 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  3. Query Azure AD Devices BitLocker recovery key via PowerShell

    Please allow query Azure AD Devices BitLocker recovery key via PowerShell

    48 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  4. Powershell command to update the authentication contact email

    Need to change the user alternate authentication emails for azure user accounts using Powershell. We are able to change the same in azure portal i.e. Azure active directory >> Users and groups >> all users >> profile >> Authentication contact info >> email.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add a friendly name attribute when getting MSOL license/SKU (Get-MsolAccountSku)

    Please add a "FriendlyName" attribute when doing a license search via Powershell (Get-MsolAccountSku).
    If I give you an example. The command "Get-MsolAccountSku" retrieve the following information for an SKU :

    ExtensionData : System.Runtime.Serialization.ExtensionDataObject
    AccountName : xxxxx
    AccountObjectId : xxxxxxxxx
    AccountSkuId : xxxxx:FLOW_FREE
    ActiveUnits : xxxxx
    ConsumedUnits : 0
    LockedOutUnits : 0
    ServiceStatus : {Microsoft.Online.Administration.ServiceStatus, Microsoft.Online.Administration.ServiceStatus, Microsoft.Online.Administration.ServiceStatus}
    SkuId : f30db892-07e9-47e9-837c-80727f46fd3d
    SkuPartNumber : FLOW_FREE
    SubscriptionIds : {xxxxxxxxxx}
    SuspendedUnits : 0
    TargetClass : User
    WarningUnits : 0

    Please add the friendly name for the license in the result. For the moment, we only have this document https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-service-plan-reference
    But it's never up to date…

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  6. Provide PowerShell access to user extension attributes used in Azure App SAML claims

    We need access to get and set the values using PowerShell for user.extensionattribute1 to user.extensionattribute15. On-prem users have these values synchronized via Azure AD Connect, but I'd like to set the values manually for our cloud-only users.

    See suggestion: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/13743219-allow-for-employeeid-as-a-selection-for-nameidenti

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  7. Password-based SSO - change credentials using powershell

    We want the ability to be able to update user credentials for password-based SSO apps using powershell so we can script it, as we set credentials for each user individually. To set up for hundreds or thousands of users this will take a very long time using the UI.

    I have googled this for hours, and came close to finding a script that could do it but unfortunately couldn't get it to work in our scenario.

    Can we please get this functionality?

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add support for creating native AD applications via PowerShell cmdlets

    The current version of the New-AzureRMADApplication cmdlet only supports creating web applications in Azure AD. Please add support for creating Native Applications as well.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  9. Use Powershell standards for Powershell cmdlets

    The AzureADcmdlets do not obey standard Powershell coding guidelines/rules/practices that make them weird and harder than necessary to use. Three examples:

    -All (For instance in Get-AzureADUser Get-AzureAD...) should be a switch, not a boolean.

    -WhatIf should be supported by all Set-* commandlets, and should ideally be able to display the object being changed (like Set-ADUser does). If it doesn't, then at least it will be possible to validate the parameterset.

    -Set-AzureADUser -ExtensionProperty wants a 'system.collections.generic.dictionary[string,string]'. However, you only need a hashmap, and Generics is not straight forward in Powershell. Hashmaps are.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  10. Possibility to set attribute LastPasswordChangeTimestamp

    Following to the article
    https://support.microsoft.com/en-us/help/4025960/federated-users-in-azure-ad-are-forced-to-sign-in-frequently we're trying to set the attribute LastPasswordChangeTimestamp with powershell.

    By using the CMDlet "Set-MsolUser" with the parameter "LastPasswordChangeTimestamp" nothing happens. The value stays empty / does not change. No error message from the CMDlet. Seems to be a bug!

    The new CMDlet "Set-AzureADUser" does not like to support this action, at least there is no parameter like “LastPasswordChangeTimestamp”: https://docs.microsoft.com/en-us/powershell/module/azuread/set-azureaduser?view=azureadps-2.0

    Please give us a way to programmatically set the attribute LastPasswordChangeTimestamp for an azure ad user.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  11. PowerShell PIM Access Reviews

    It doesn't appear like there are any PowerShell cmdlets for PIM to support access review creation and management. This would be helpful for automation purposes so someone doesn't have to log into the GUI to create access reviews, check status, etc.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  12. Install and configure Azure Marketplace Enterprise Applications using PowerShell

    We need to be able to automate from start to finish the installation and configuration of Azure Marketplace (not custom) Enterprise Applications like AWS, ServiceNow, etc....using PowerShell.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  13. Set-AzureADUser - setting null value for attribute Mobile or TelephoneNumber

    See also at https://github.com/Azure/azure-docs-powershell-azuread/issues/166

    Set-AzureADUser -objectid -Mobile "$null" will generate an error.

    set-AzureADUser : Error occurred while executing SetUser
    Code: Request_BadRequest
    Message: Invalid value specified for property 'mobile' of resource 'User'.

    Expected behaviour: properties Mobile and TelephoneNumber should be able to set to $Null or "" (empty string). It works via the Graph API and the Office 365 Admin Portal, but not with PS AzureAD module.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  14. Enable Unattended Sign-in for Federated Users

    Currently I can sign in to Azure AD with the Connect-AzureAD cmdlet's -Credential parameter with a cloud-authored account. When I try to do this with a federated account that is synced from our on-premises directory, I receive this error:

    accessing_ws_metadata_exchange_failed: Accessing WS metadata exchange failed: The remote server returned an error: (400) Bad Request.

    I had the same issue with the preview versions of the msonline module with ADAL. Please address this so unattended sign in works with federated accounts as well.

    Thanks!

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  15. There is currently no way to specify a manager of a user using PowerShell

    Currently, using the MSOnline PowerShell module, we can specify many properties of an Azure AD User, including the title, city and name, things like that. However, there is no ability to specify the user's manager, among other fields.

    The only method to achieve this is through the REST API, which requires using oAuth2.0, something which is very difficult to accomplish using PowerShell.

    I'd recommend these missing management areas be covered with an update to the PowerShell module.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add a parameter for Set-MsolUserLicense for enabling individual features.

    Currently, the Set-MsolUserLicense cmdlet uses reverse logic for what features should be enabled for a user's license.

    You need to define what features should not be enabled rather than what features should be enabled.

    This causes challenges when it comes to rolling out a new feature if there is not complete autonomy in how an organization's features are configured.

    It is not as easy to for example go through and indicate to turn on a particular feature for all users and leave their existing features intact.

    It would be very helpful to have an option to enable a particular feature…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  17. Edit Office 365 Group ProxyAddresses

    There is an issue with Office 365 group and email aliases. If a user creates a group named "All amazing people" it will create Office 365 email alias allamazingpeople@contoso.com. But in certain instances there are customers (like us) that use Azure AD Sync. So when I create distribution group in our AD, with same email name I get a sync issue.

    If I rename Office 365 group and change email address, for some reason all aliases are kept, so the only solution is to remove Office 365 group. I have worked with support when it was mentioned "remove group,…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  18. Get-MsolUser should return the "Source" of the AD entry

    Both the Classic portal and the ARM portal clearly display where each AD entry is sourced from. Usually, this is either "Microsoft Azure Active Directory", "Microsoft account", or "Microsoft Azure AD (other directory)". I want to have that information available in the data returned by Get-MsolUser but it is not.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  19. Infrastructure as code

    In following the Infrastructure as Code model, all settings management available through the GUI should be available through an API, even if it evolves from v1 through REST, to v2 through a PowerShell module.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  20. Fixing New-AzureADApplicationPasswordCredential

    When using New-AzureADApplicationPasswordCredential with a CustomKeyIdentifier, it is not possible to edit keys in the Azure Portal anymore (an error "Unable to complete the request due to data validation error." is raised).

    It should be possible to manage keys with these cmdlets without breaking the portal.

    See https://stackoverflow.com/questions/47081133/how-can-i-add-an-app-registration-key-with-powershell-without-breaking-the-azure for the exact steps to reproduce the problem.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base