Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow an Application Service Principal to be added as a guest in other tenants

    We manage multiple tenants across our extended organiation and would like to have a single application service principal to do so rather than having a separate service principal in each tenant.

    The work around is to use a standard user account but we would prefer not to do it this way. Since service Proncipals don’t have UPNs, there doesn’t seem to be a way to invite them via the B2B guest invite API.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  2. Fix Account Provisioning for B2B users in SaaS Apps like Salesforce

    Currently account provisioning for B2B users in SaaS apps like Salesforce is broken. More info: name attribute in SAML response from Azure AD for B2B user is suffixed with azure ad tenant name e.g. testuser_yahoo.com#EXT#@azureadtenantname.onmicrosoft.com because of this external users\b2b users are not able to login to the SaaS application.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  3. Preload B2B invited users in SharePoint Online

    At the moment, when you add someone to a Security Group, that grants access to SharePoint Online, using the B2B invite process, they often get the:
    "We're sorry, but EMAILADDRESS can't be found in the TENANT.sharepoint.com directory. Please try again later, while we try to automatically fix this for you."

    error. If they wait a few minutes and try again, all is good.

    There's no point in having an SPOnline URL in the invite, if they can't get to it straight away.

    Preloading the user into SPOnline might fix this, or having some way to force, "instantly", the user to…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add B2B Users via both CSV or by searching via email

    Love the new AAD Admin Portal. It's currently missing the capability that the classic Azure portal has to invite B2B (other AAD) users. In the new experience can we have the ability to not only bulk upload with CSV, but also be able to add one at a time with a simple email search?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  5. Document the process that enables a B2B partner invite

    The B2B invite process is failing with "This invitation may not be used to signup a new user". What are the prerequisites for the invited partner organisation. What is being checked for the invited user?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  6. Guest invitation sender email customization

    Currently when Guest user is created in Azure AD invitation is ent to guest using "invites@microsoft.com" email address and due to this sometimes guest users ignore this email as spam. Instead of @microsoft.com domain , can we use our own company domain email here?

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  7. B2B - Expose source tenant UPN and ObjectId in the guest tenant

    There is currently no immutable, unique property to match a user in the source tenant to the guest user in a guest tenant with PowerShell (AzureAD, MSOnline) or Azure AD web GUI. The unique identifier which I believe is the ObjectId from the source tenant, is not exposed in the guest tenant.

    UPN on a guest user can be changed to <anything>@<anyverifieddomaininguest_tenant>, and thus is NOT a unique identifier.

    Request: Expose a guest user ObjectId and UserPrincipalName from the source tenant as attributes/ properties on the guest user object.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  8. Show the B2B-blocking proxy address in my tenant's logs

    Scenario:
    I try to invite user@partnerdomain.com to my tenant (via Azure AD B2B), but get the error message "The user you're inviting already exists in the directory." But there are NO traces at all of that account in my tenant.

    It turns out that the user@partnerdomain.com have another proxy address (user@anydomain.com) in THEIR OWN TENANT, and a user in my tenant also happen to have user@anydomain.com as proxy address. There are valid reasons for this to occur.

    I makes sense that you cannot have more than one proxy address per tenant, but there is no way for us…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  9. B2B display name

    Hi,

    We have noticed change on B2B accounts display name. Now Azure AD overrides it from actual user properties, meaning
    * If user belongs to some Office 365 already, our directory shows that display name
    * If user doesn't belong to any O365, it shows firstname.lastname

    And this display name change happens after user has activated their account to our directory. In our company there is naming standard, which we would like to follow. Previously, when support invited user, they could chagne display to correct format directly. Now our support does extra work, when chasing has user activated account and…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  10. Improve the experience of creating and managing Azure AD B2B security groups of guest users

    We created a security group of 200+ external users across 80+ vendors.


    1. Please create the ability to easily manage the membership of a security group in Azure portal. For example, we cannot currently sort the list of members by name. Also, to drill into a member's profile, it takes two clicks when it should only require one click.


    2. Please create the ability to track responses to invitations within a group. After multiple rounds of mass invitations via PowerShell, 80 users responded to the invitation, but 120 people have not and they likely cannot find the email. We need the ability…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  11. sign in codes

    IMO would love to not have to receive codes to sign in. already signing in w/ our password, so i think codes are time consuming/unneccessary

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  12. What happened to inviting "users in partner companies"?

    In the old portal we had the ability to bulk upload a CSV file of "Users in partner companies" into B2B. There doesnt' appear to be an equivalent in the new portal.

    This allowed us to invite external users, add them to an appropriate group and send them to a SPOnline URL, all in one hit. Plus monitor the invite process in the AzureAD reports.

    Great for Extranets!

    Now I have to invite individuals, then add them to a group, then send them a URL to go to once they're finished.
    I can script a lot of this out, but…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  13. Bulk b2b invite in the New portal as now this feature is available in the old classic portal using the CSV file.

    As of now I don't see the Bulk B2b invites possible in the New Azure portal, where as in the old Classic portal it is there using the .csv file, we have moved to new portal since there are restricted permission model available, but we are missing the great future missing bulk b2b upload, so it would be very appreciate ful if you provide that feature.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow users to use their email on sign in even though the adress is associated with an account

    When we invite external users to our Azure AD, we use an email that they provide. This works fine for a lot of cases. However, in some situations, the user gets a message like this:

    You have been invited to access <somedomain>
    To access applications in the <someorg> organization, you'll
    need to sign in with <yourEmail>. This email
    address is associated with an account named
    <someaccount>

    To get this to work, the user needs to use the account as login, and not the email we used to invited them. This is very confusing for the users, as some of them…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  15. View organizations where users are guest member

    Users can be guest member in different organizations. The user can view the organisions where they are guest member in https://account.activedirectory.windowsazure.com/r#/profile/organizations#organizations-section. But as a global admin I'm unable to view the guest memberships of a user in other Tenants. I would like to be able to view the organizations memberships of users and/or create an export of all users and their organizations memberships.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  16. Invite redemption url get

    We are able to invite new guest users into our AD Tenant using either PowerShell or Graph API. Using this approach we may choose not to send the Invitation E-Mail, in which case we would get the Invitation Redemption URL and we can send it to the "guest" in any way we choose allowing us to better control the first step of the overall invitation experience.

    The issue is that once we get the URL, we have no way to retrieve that URL back in the future. It is up to us to save that URL for future use or…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  17. the Guest account login activity

    the Guest account login activity

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  18. B2B account login to domain joined computers

    Industry: Higher Ed
    Currently, we provision AD accounts so students (and vendors) can access domain-joined computers/servers. The challenge, this provisions an Office 365 account/mailbox and our current practice allows students to keep those mailboxes after they graduate.

    Higher Ed institutions would benefit from the ability to provision B2B accounts for these user types (especially students), and allow those accounts to login to ADDS-joined computers/servers.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  19. Extend B2B Federation capabilities to Google Business (aka GSuite) accounts

    Currently, B2B Federation setup only covers "normal" Google IDs (aka @gmail.com IDs).

    We need to setup Federation with GSuite IDs urgently in our current project requirement.

    The idea is to invite a GSuite ID (via email adress) and use Google authentication to access Azure resources, without adding a "shadow" Azure AD account with an own password and security policy.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  20. Uniform Guest Invitation Process across all Microsoft Products

    As of now B2B guest invitation process is not streamlined across Microsoft Products especially Sharepoint and Teams .Because of this we are not able to provide single solution to customers for Identity life cycle management
    . Following are few of them
    1) If you invite the Users from SharePoint Online, the Guest Invitor is SharePoint Service Account >> Because of this behaviour we can't track the Guest invitor and impose Guest Invitor Role functionality as Sharepoint never look Azure AD whether the user has Guest Invitor role or not. The workaround is create Group Based Invitor functionality within SPO apart…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base