Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Prevent guest users from seing security groups/content through Access Panel.

    In B2B setup guest users can see the members of a security group used for e.g an app through the Access Panel. This is unfortunate as they may be competitiors or membership exposes information that is not supposed to be public.

    I am aware that you can turn of group view for all users in the access panel, but the access panel is also a nice feature.

    B2C will also solve it, but not a good option for many cases.

    Could it be solved with a property hidden or secret only open for internal og owners/admins?

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  2. Mail Enabled External Users - Allow UserType=Member to be Mail Enabled - Allow Inviter to Control Mail Enable/ShowInAddressList on invite

    Consider the following scenario. You have a sister company or other company with their own AzureAD tenant, for which you want your users to be able to collaborate. You invite those users to your AzureAD tenant. Depending on how you do so, those external users may be Users or may be Mail Enabled Users.

    These External Users may now collaborate with your users using SharePoint or other AzureAD connected business apps, but if you're users are regularly collaborating with these external users, wouldn't it be great if you could make it easy for your users to find them in the…

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  3. Azure Active Directory, Guest User invite. Allow Group/Distribution lists

    Azure Active Directory, Guest User invite. Allow Group/Distribution lists.

    You can not add a guest user email address if its a distribution list. You have to use a "user" email address, ticket REG:117081816209241. This is would be useful to invite clients to manage certain objects (our example is keyvaults). People come and go and change positions. So using a distro list makes sense here. Using a "shared" mailbox is possible but why extra overhead of an additional mailbox and license.

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  4. B2B invitation status

    Azure Active Directory B2B account.

    Now there isn't possiblity to generate report, if B2B user has activated account or not. It would be good to have feature to list not activated users from administrative perspective. Example when doing acocunt clean up.

    There are fields in profile like Source which contain Invited user or Resend invitation button is visible. Those indicates if user hasn't activated invitation.

    Or even have automatic removal on directory, if invitation hasn't been approved within X days, B2B account is removed automatically. As if account hasn't been activated, it cannot be used anywhere.

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  5. Update UPN/Mail of B2B account

    Add possibility to update mail / UPN of Azure Guest account. That is required if mail of host user has been changed.

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow Guest users to change their MFA

    Guest (B2B) users should be able to reset/change their MFA options. Currently when a guest user gets a new phone, they have no way to fix the Authenticator app. Currently Guest can only try and find a contact at the tenant org and have them reach out to IT in order to reset. This is very confusing for all users.

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  7. Guest Account Expiration Date

    Add the ability to mark an expiration date on guest accounts. Once the expiration date has passed, it should automatically unable to login to resources in the tenant (similar to the block sign it bit on a member account)

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  8. Intune Ap Protection for Azure B2B users

    I have app and I am using Intune app protection and every thing is working fine. I have few azure B2B users.
    I also read some app configuration policies.
    My question is how I will read the app configuration policies for my Guest users.

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  9. Additional information for Azure B2B shadow user during invite creation

    Allow us to add more information about the Azure B2B shadow user before sending Azure B2B invite

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  10. SharePoint Online / Microsoft Teams inviter should be written back to Azure AD

    A lot of functionality seems to be missing on the backend from a governance and compliance point of view. All Azure B2B accounts magically gets created in Azure Active Directory, when the users accept the invite send from SharePoint Online. We can see the invites within SharePoint Online, but they are missing this within Azure B2B invitation summary view and under Azure Audit. We would have expected to see an entry from SharePoint Online as the "Initiated By (Actor)" with the "Activity" sending out Azure/SharePoint B2B invitation on behalf of user XYZ. I would be preferred with the users UPN.

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  11. Enable full Language customization for Azure B2B

    Azure AD B2B sends verification code emails to external guests only in english. There is no possibility to change language & design? Besides, if the external user has to set the new passwort for his MSA/AAD, the page is in english and cannot be customized as well. Any plans on this? Or any other idea to get this working in local language? Any plans when there will be a possibility to customize the design? Thanks a lot!

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  12. Please reconsider removing support for redemption of invitations by creating unmanaged Azure AD accounts

    Per your Azure B2B documentation "Starting March 31, 2021, Microsoft will no longer support the redemption of invitations by creating unmanaged Azure AD accounts and tenants for B2B collaboration scenarios. In preparation, we encourage customers to opt into email one-time passcode authentication."

    This is a big issue for us because we develop SaaS applications and use this feature to create accounts for users that don't have Azure AD accounts. The passcode authentication that you recommend instead offers suboptimal user experience since access to email is required to sign in. I cannot imagine our customers being happy without option to create…

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  13. B2B include Manager access reviews

    B2B governance options are currently limited to the group and app reviews. If a guest account that has no group membership or application access these guest users fall between cracks.
    Although the review can be performed by User Admin this will require centralization of the governance function.
    Suggestion: add a Manager review and fall back to User Admin or Security team review of guest accounts as a last resort.
    Develop and publish governance process ensuring all guest accounts are accounted for, outlining options for guest account internal ownership allocation ( Manager or responsible person), ways to include a responsible person…

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  14. B2B - Expose source tenant UPN and ObjectId in the guest tenant

    There is currently no immutable, unique property to match a user in the source tenant to the guest user in a guest tenant with PowerShell (AzureAD, MSOnline) or Azure AD web GUI. The unique identifier which I believe is the ObjectId from the source tenant, is not exposed in the guest tenant.

    UPN on a guest user can be changed to <anything>@<anyverifieddomaininguest_tenant>, and thus is NOT a unique identifier.

    Request: Expose a guest user ObjectId and UserPrincipalName from the source tenant as attributes/ properties on the guest user object.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  15. Enrol B2B users into intune

    I was hoping to use a large majority of B2B (External Azure Active Directory) accounts for my deployment, including allowing these users to enrol their devices into Intune on my tenant (their current provider does not offer intune). Is this likely to be supported in the future?

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  16. B2B Guest-user security scope restriction.

    We want to restrict the scope of API processes to guest-users only, thus isolating and separating Directory members at the API layer. This is currently only achieved when inviting guest users, however, on-going management such as updates to group membership, appears to apply to the entire directory which poses a huge security/integrity risk to directory members. This risk could be alleviated by ensuring B2B guest-related API calls are only made possible on B2B guest users only. Thanks!

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  17. View organizations where users are guest member

    Users can be guest member in different organizations. The user can view the organisions where they are guest member in https://account.activedirectory.windowsazure.com/r#/profile/organizations#organizations-section. But as a global admin I'm unable to view the guest memberships of a user in other Tenants. I would like to be able to view the organizations memberships of users and/or create an export of all users and their organizations memberships.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  18. Azure AD B2C KMSI as Built in policy

    Moving from builtin policies to custom policy for only kmsi is a real pain. Need KMSI as a Builtin policy setting not under custom policies

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow an Application Service Principal to be added as a guest in other tenants

    We manage multiple tenants across our extended organiation and would like to have a single application service principal to do so rather than having a separate service principal in each tenant.

    The work around is to use a standard user account but we would prefer not to do it this way. Since service Proncipals don’t have UPNs, there doesn’t seem to be a way to invite them via the B2B guest invite API.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  20. Set Additional User Properties in New-​Azure​AD​MS​Invitation -Title -Mobile -GivenName -Surname, etc.

    PowerShell and portal.azure.com should enable more attributes to be set when inviting external users, such as their Mobile number, GivenName, Surname, Title, etc. rather than waiting until the invited user is added and then having to lookup their object ID and setting the attributes with Set-ADUser

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base