Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. For the user export function, I would also need the column source, especially for guest users this is a key attribute.

    For the user export function, I would also need the column source, especially for guest users this is a key attribute.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  2. Automated GuestInvites or Tenant Federation

    We got customers, that work very close with several partner tenants. Instead of the current B2B self-service invite process, they look for a solution to automatically provision, update and deprovision guests from selected tenants in their tenant.
    Currently the only solution we can deliver this feature is by leveraging Microsoft Identity Manager (MIM) and Graph API Apps to synchronize AzureAD Tenants. Thes works very well if we only integrate a few tenants.
    If we would get this functionality out-of-the box, so that e.g. Tenant X just request Tenant Y to synchronize user objects as guest. And of course after Tenant…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow guest users to configure FIDO2 passwordless authentication

    Allow guest users the ability to register FIDO2 security keys for their accounts. Currently this is only available for "Member" users but we would like to see this available for "Guest" users as well.

    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key#user-registration-and-management-of-fido2-security-keys

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  4. Aš galiu padėt bet ne visą gyvenima

    Kas nedirba mielas vaike tam ir duonos dout neteikė.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  5. Username when connecting tenants

    When 2 Azure tenants are connecting, if the external tenant users use their email to set up the account, it puts their email as the username in your tenant. Azure should update your tenant with their actual upn instead of email.

    When they goto connect they need to use thier upn to log in but that information is not shown in your tenant and so you can not help them log in. They also can not reset the password because the email that shows as their username is not a valid account in your Azure AD Users.

    This seems to…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  6. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  7. Permit OTP for users who do have a corresponding Azure AD account

    We sometimes encounter situations where a user may actually have an existing Azure AD account (in another tenant) or and MSA - but we want to invite them as an OTP user.

    The reason for this - using the existing AAD account as an example - is that this may be an account that is the product of some abandoned POC that this other org did. And as a result, the user does not know the password and SSPR may not be enabled. The result is that the user is unable to redeem a non-OTP invite.

    For best flexibility, maybe…

    25 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow Group Email addresses to be added as OTP guest users

    Allow Group Email addresses to be added as OTP guest users, without this functionality enabling B2B integration with Sharepoint\Onedrive stops the ability to share to Group Email addresses

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  9. Need some way to deal with: "AADB2B_0001 : We cannot create a self-service Azure AD account for you because the directory is federated"

    Not all B2B invites can be redeemed successfully. Failures happen for reasons that are out of the inviters control (leading to an inability to fix the problem) and are not predictable (leading to poor user experience).

    I suspect this problem happens most frequently when a partner organization bungles taking ownership of their tenant. MSFT needs to make it much harder for people to render their production tenant in such a disfunctional state.

    95 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  10. Link a foreing group from other tenant

    We are an IT enterprise and we are some IT managers to make support to our clients.

    All IT managers need be owners form our customers Tenants to give support or make some actions in the Tenants Customer.

    The option offered by Microsoft to do it is invite all IT managers accounts (from our tenant), make it members of a local group and give owner role to this group.

    It was very usesfully if it was possible to invite or link a grop from foreign tenant (our tenant) and then don't be to invite accounts one-by-one.

    Thanks

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  11. Overcome limitation or explicitly state/document B2B lock out with viral tenancies

    Azure B2B has a scenario which is undocumented. That's when you invite a user, if they setup a viral tenancy using their work address and later forget their Azure AD password they've just created, the user has no way of getting their original account back.

    From the partner organisation point of view, if you delete and recreate, then re-send the invitation email to the guest user, even though the user has access to their own email address, they cannot login or recreate their account in the Azure tenancy as they've forgotten the original password they setup on the Azure tenancy.…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  12. B2B Guest User schema to indicate Host and Guest Org Unit data

    Although the current gust user schema contains Org unit information, there is a need to distinguish between the guest Org Unit details and the Host Org unit details for proper access decisions, segregation of duties verification and account and access governance.
    Suggestion: please update the guest account schema to include both guest and host Org unit information.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  13. B2B include Manager access reviews

    B2B governance options are currently limited to the group and app reviews. If a guest account that has no group membership or application access these guest users fall between cracks.
    Although the review can be performed by User Admin this will require centralization of the governance function.
    Suggestion: add a Manager review and fall back to User Admin or Security team review of guest accounts as a last resort.
    Develop and publish governance process ensuring all guest accounts are accounted for, outlining options for guest account internal ownership allocation ( Manager or responsible person), ways to include a responsible person…

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  14. the Guest account login activity

    the Guest account login activity

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  15. OTP sign in failed

    Please provide more details regarding the failed sign in for OTP users. Currently we only see;
    Status Failure
    Sign-in error code

    501811
    Failure reason Other

    If we want to know more ( reason of the failure ) the customer needs to contact support with a Request ID and time stamp. They would like to be able to see the reason themselves. Thank you!

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  16. The AS2 encoder corrects the data as it becomes incorrect

    Hello everyone,,
    When binary data is entered by the AS 2 encoder, processing is done as a character without permission and it does not become attached file data
    According to the specification of AS 2, binary attachment is possible by standard, why can not it?
    It is impossible to communicate with B2B normally
    Please make full response to the AS 2 specification faster

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow B2B Guest users to authenticate on Windows 10 Azure AD joined Devices

    Allow B2B collaboration users (Guest users who signs in with an account that's managed by another Azure AD directory) login into Azure AD Windows 10 joined devices.

    Use case: Collaboration between an educational institution and a public library. Adding student Azure AD (AAD) accounts from the educational institution as AAD Guest accounts in the public library AAD tenant would allow students to use their educational institution AAD credentials to login into the public library Windows 10 AAD joined devices.

    44 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  18. Set a due date for guest users

    Currently there are a lot of unneeded guest users in Azure AD.
    So I want to set a due date for guest users.

    For instance, Guest users don't sign in for 90 days, it is deleted or blocked automatically.

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow B2B Domain allow/deny list override for Global Admins

    Currently we only allow invitations to guest users from specific domains (e.g. .com) due to security policies BUT also allow members to invite guests (.com is a trusted company).

    Sometimes, however, we need to add users outside of that domain (e.g. gmail..com) in one-off cases ONLY. We do not want to add this exception domain to the allowed list FOR ONE GUEST USER invite. Because the members have the ability to add guests, we then open up that domain to them as well (not good).

    The option to override the domain DENY/ALLOW lists should be available to global administrators…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  20. B2B account login to domain joined computers

    Industry: Higher Ed
    Currently, we provision AD accounts so students (and vendors) can access domain-joined computers/servers. The challenge, this provisions an Office 365 account/mailbox and our current practice allows students to keep those mailboxes after they graduate.

    Higher Ed institutions would benefit from the ability to provision B2B accounts for these user types (especially students), and allow those accounts to login to ADDS-joined computers/servers.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base