Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable full Language customization for Azure B2B

    Azure AD B2B sends verification code emails to external guests only in english. There is no possibility to change language & design? Besides, if the external user has to set the new passwort for his MSA/AAD, the page is in english and cannot be customized as well. Any plans on this? Or any other idea to get this working in local language? Any plans when there will be a possibility to customize the design? Thanks a lot!

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  2. Update displayed username for a guest user when its' UPN is changed

    You can change UPN on guest users using PowerShell. You can even drop the "#EXT#"-part, and use any verified domain in the guest tenant, not only the initial onmicrosoft address.
    One problem with this, is that the visible username for the actual guest user when logging into Azure for instance is not changed. It remains the email address used to invite the user initially. Even though the SMTP address or UPN used for inviting is removed from both the source and the guest tenant, this is still shown in the username.

    Request: Update displayed username for a B2B guest user…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  3. Prevent guest users from seing security groups/content through Access Panel.

    In B2B setup guest users can see the members of a security group used for e.g an app through the Access Panel. This is unfortunate as they may be competitiors or membership exposes information that is not supposed to be public.

    I am aware that you can turn of group view for all users in the access panel, but the access panel is also a nice feature.

    B2C will also solve it, but not a good option for many cases.

    Could it be solved with a property hidden or secret only open for internal og owners/admins?

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  4. I want to restrict users of my tenants from being invited from other tenants.

    I want to restrict users of my tenants from being invited from other tenants.

    Now the administrator can not see where users of their tenants are accessing.

    Since there is a security problem, I would like to have the ability to control the tenants that users will be invited as guest users.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  5. Enrol B2B users into intune

    I was hoping to use a large majority of B2B (External Azure Active Directory) accounts for my deployment, including allowing these users to enrol their devices into Intune on my tenant (their current provider does not offer intune). Is this likely to be supported in the future?

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  6. B2B Guest-user security scope restriction.

    We want to restrict the scope of API processes to guest-users only, thus isolating and separating Directory members at the API layer. This is currently only achieved when inviting guest users, however, on-going management such as updates to group membership, appears to apply to the entire directory which poses a huge security/integrity risk to directory members. This risk could be alleviated by ensuring B2B guest-related API calls are only made possible on B2B guest users only. Thanks!

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  7. Set a due date for guest users

    Currently there are a lot of unneeded guest users in Azure AD.
    So I want to set a due date for guest users.

    For instance, Guest users don't sign in for 90 days, it is deleted or blocked automatically.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  8. OTP Precedence order and migration of existing B2B users

    Currently, the new OTP B2B feature provides this as the default authentication type for non AAD or MS accounts. We want the ability to force this method of auth for those who already have MS accounts. We also want the ability to convert already invited users who are using MS and viral accounts to use OTP. This way, we only have to support two types of guest users - Those with organisational O365 accounts and those using OTP.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  9. SharePoint Online / Microsoft Teams inviter should be written back to Azure AD

    A lot of functionality seems to be missing on the backend from a governance and compliance point of view. All Azure B2B accounts magically gets created in Azure Active Directory, when the users accept the invite send from SharePoint Online. We can see the invites within SharePoint Online, but they are missing this within Azure B2B invitation summary view and under Azure Audit. We would have expected to see an entry from SharePoint Online as the "Initiated By (Actor)" with the "Activity" sending out Azure/SharePoint B2B invitation on behalf of user XYZ. I would be preferred with the users UPN.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  10. Set Additional User Properties in New-​Azure​AD​MS​Invitation -Title -Mobile -GivenName -Surname, etc.

    PowerShell and portal.azure.com should enable more attributes to be set when inviting external users, such as their Mobile number, GivenName, Surname, Title, etc. rather than waiting until the invited user is added and then having to lookup their object ID and setting the attributes with Set-ADUser

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  11. B2B include Manager access reviews

    B2B governance options are currently limited to the group and app reviews. If a guest account that has no group membership or application access these guest users fall between cracks.
    Although the review can be performed by User Admin this will require centralization of the governance function.
    Suggestion: add a Manager review and fall back to User Admin or Security team review of guest accounts as a last resort.
    Develop and publish governance process ensuring all guest accounts are accounted for, outlining options for guest account internal ownership allocation ( Manager or responsible person), ways to include a responsible person…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  12. MFA of guest accounts should reference to the user object

    The MFA information is redundant over multiple stores, if I have multiple guest accounts. It would be better if there is one place, because there is also only one valid user. If I have to update my MFA information (e.g. a new phone number), I have to open myapps.microsoft.com, switch to every directory, and provide the approbiate information. All this for guest accounts which I can use only if my user account in the default directory is valid.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  13. Fix Account Provisioning for B2B users in SaaS Apps like Salesforce

    Currently account provisioning for B2B users in SaaS apps like Salesforce is broken. More info: name attribute in SAML response from Azure AD for B2B user is suffixed with azure ad tenant name e.g. testuser_yahoo.com#EXT#@azureadtenantname.onmicrosoft.com because of this external users\b2b users are not able to login to the SaaS application.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  14. restrict b2b

    I desire the ability to allow B2B collaboration with only allowed tenants thru a config managed at the tenant side. As an org we may not want to federate with all tenants. The existing workaround involving Tenant Restriction thru proxy injection is not viable in our org.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add support guest user login on common endpoint.

    Current Azure AD B2B doesn't support guest/external users login on common endpoint. Hence it is very difficult to develop a multi-tenant application supporting guest users login. Developers have to set a specific tenant id to use OpenId Connect Authentication.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  16. Preload B2B invited users in SharePoint Online

    At the moment, when you add someone to a Security Group, that grants access to SharePoint Online, using the B2B invite process, they often get the:
    "We're sorry, but EMAILADDRESS can't be found in the TENANT.sharepoint.com directory. Please try again later, while we try to automatically fix this for you."

    error. If they wait a few minutes and try again, all is good.

    There's no point in having an SPOnline URL in the invite, if they can't get to it straight away.

    Preloading the user into SPOnline might fix this, or having some way to force, "instantly", the user to…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add B2B Users via both CSV or by searching via email

    Love the new AAD Admin Portal. It's currently missing the capability that the classic Azure portal has to invite B2B (other AAD) users. In the new experience can we have the ability to not only bulk upload with CSV, but also be able to add one at a time with a simple email search?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  18. Document the process that enables a B2B partner invite

    The B2B invite process is failing with "This invitation may not be used to signup a new user". What are the prerequisites for the invited partner organisation. What is being checked for the invited user?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  19. Permit OTP for users who do have a corresponding Azure AD account

    We sometimes encounter situations where a user may actually have an existing Azure AD account (in another tenant) or and MSA - but we want to invite them as an OTP user.

    The reason for this - using the existing AAD account as an example - is that this may be an account that is the product of some abandoned POC that this other org did. And as a result, the user does not know the password and SSPR may not be enabled. The result is that the user is unable to redeem a non-OTP invite.

    For best flexibility, maybe…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  20. B2B Guest User schema to indicate Host and Guest Org Unit data

    Although the current gust user schema contains Org unit information, there is a need to distinguish between the guest Org Unit details and the Host Org unit details for proper access decisions, segregation of duties verification and account and access governance.
    Suggestion: please update the guest account schema to include both guest and host Org unit information.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base