Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable SSPR for B2B invited users when there is no admin for their domain

    When an external user is invited and there is no existing Azure AD domain for him a dynamic one is set up and his account created there, this is all well and good.

    However, if he looses his password there is no way to reset it. I have tried it with a mail address on a test domain and I could not recover the password. The only option I could see is to claim the dynamically created Azure AD for the external user's domain, so that the new admin of that domain can reset the password. But this is of…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  2. Update UPN/Mail of B2B account

    Add possibility to update mail / UPN of Azure Guest account. That is required if mail of host user has been changed.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  3. Invite redemption url get

    We are able to invite new guest users into our AD Tenant using either PowerShell or Graph API. Using this approach we may choose not to send the Invitation E-Mail, in which case we would get the Invitation Redemption URL and we can send it to the "guest" in any way we choose allowing us to better control the first step of the overall invitation experience.

    The issue is that once we get the URL, we have no way to retrieve that URL back in the future. It is up to us to save that URL for future use or…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  4. Guest invitation sender email customization

    Currently when Guest user is created in Azure AD invitation is ent to guest using "invites@microsoft.com" email address and due to this sometimes guest users ignore this email as spam. Instead of @microsoft.com domain , can we use our own company domain email here?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow guest users to configure FIDO2 passwordless authentication

    Allow guest users the ability to register FIDO2 security keys for their accounts. Currently this is only available for "Member" users but we would like to see this available for "Guest" users as well.

    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key#user-registration-and-management-of-fido2-security-keys

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow B2B Domain allow/deny list override for Global Admins

    Currently we only allow invitations to guest users from specific domains (e.g. .com) due to security policies BUT also allow members to invite guests (.com is a trusted company).

    Sometimes, however, we need to add users outside of that domain (e.g. gmail..com) in one-off cases ONLY. We do not want to add this exception domain to the allowed list FOR ONE GUEST USER invite. Because the members have the ability to add guests, we then open up that domain to them as well (not good).

    The option to override the domain DENY/ALLOW lists should be available to global administrators…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure AD B2B Collaboration: Automatic invitation of users belonging to a specific group of a specific tenant

    Some companies are using multi-tenant in many places. Therefore, there are multiple requests for the function of automatic invitation. Currently, many companies use their own scripts in PowerShell.
    Please carry out the function of automatic invitation.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add and AAD Tenant Restrictions logging option to log all external tenant usage

    Currently with AAD Tenant Restrictions, we can get AAD log records of blocked sign-ins by having our proxy insert the request header "Restrict-Access-Context". This is good as far as it goes (and I upvoted another user's suggestion to include the external tenant's name and not just the ID).
    I'm asking that there be an additional option to log all use of external AAD tenants (both sign-ins, and the URIs of resources for which tokens are issued). The use case is analytics for risks of data leakage and malicious data exfiltration as well as for potential legal liability scenarios. If we…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  9. Setting inviteRedirectUrl from UI

    Adding new guest user from Azure AD UI should allow setting inviteRedirectUrl, as Graph API provides (See https://docs.microsoft.com/en-us/graph/api/invitation-post?view=graph-rest-1.0

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  10. Enforce Organizational B2B account

    For users that happen to have both an organizational account AND a personal Microsoft account (PMA) tied to their work email address, we would like to enforce the organizational account being the only allowed option.

    Currently if an invitation is sent and they choose the PMA and then they happen to leave the external company, there is a human reliance component of the external company having to notify us of them leaving.

    A current work around is to monitor the guest accounts for non-org accounts, but it would be less time consuming if the personal account wasn't an option.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  11. Read first/last name from external AD for guests

    Currently only the display name of an external guest is imported when the guest accepts a B2B invite. If possible, when the guest allows their profile to be read, read the first/last name and add them to the AAD would improve the user experience AND search.
    Display names are not controlled by the "inviting" AAD and mess up the user experience in search. Search only works as expected when first/last name have been added manually.
    BTW, also annoying is that is not possible to add this data manually before the invitee has accepted the invite. This requires the inviting admin…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow B2B user to be admin of Dynamics 365 instances

    We have outsourced the administration of several online Microsoft services to external partners. We invite their admins with B2B so they can administer Exchange Online, SharePoint and Azure for us with their own account. Dynamics 365 does not support this, yet. Please add support for this.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  13. B2B against custom IdP

    We control access to our customer resources through a custom OpenIdConnect provider that we integrate to group information in Dynaocs365.

    If we could select custom IdP like this in our Azure AD tenant, we could deploy external collaboration (eg Teams) to our customers using a single login.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure AD B2B collaboration :- MSA mailbox should not be provisioned for users accepting invitation.

    Whenever a guest user is invited, if he/she has a live account, the redemption process is completed after the consent, but if he/she is using a gmail or any other provider, the user account is created in live database.
    If this is limited to having a set of claims for a user object I think its fine , but for some reason a mailbox is also getting provisioned in MSA.

    So real time experience, I have a gmail id - testuser@gmail.com which I was using on gmail and know after getting invited by any tenant, I can use this id…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  15. fga

    hh s

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow guest users to acces VM in Azure in combination with AADDS

    I hope this can be done so I do not have to look for 3th party solutions.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add an Enterprise app for Single Sign on for OpenShift

    Create an Enterprise app for Single Sign-on for the OpenShift service https://www.openshift.com/

    We currently access OpenShift via AD DS LDAP however we need more flexibility for internal and 3rd party access (Azure AD Cloud only account from our tenant and Federation)

    The current app in the gallery is Password Vault not SSO

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add an Enterprise app for Seismic

    Create an Enterprise app for Single Sign-on for the Seismic service https://seismic.com/ According to the Seismic documentation it supports Azure AD however it would be easier if there was an app in the gallery

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add an Enterprise app for Symphony IM

    Create an Enterprise app for Single Sign-on for the Symphony IM service https://symphony.com/ I successful created a custom app for SAML SSO however it would be easier if there was an app in the gallery

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  20. Very good

    Very good

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base