Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. B2B direct federation Custom IDP support for multiple target domains

    B2B direct federation documentation mentions it is only allowed for policies where the authentication URL’s domain matches the target domain, or where the authentication URL is one of these allowed identity providers (this list is subject to change): accounts.google.com pingidentity.com login.pingone.com okta.com oktapreview.com okta-emea.com my.salesforce.com federation.exostar.com federation.exostartest.com

    I have a case where my custom IDP need to support more than one target domain. My company works with number of small member organizations who does not have IT department to implement custom IDP. we would like to support all of them. Please add this feature to custom IDP implementation.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  2. Fix Account Provisioning for B2B users in SaaS Apps like Salesforce

    Currently account provisioning for B2B users in SaaS apps like Salesforce is broken. More info: name attribute in SAML response from Azure AD for B2B user is suffixed with azure ad tenant name e.g. testuser_yahoo.com#EXT#@azureadtenantname.onmicrosoft.com because of this external users\b2b users are not able to login to the SaaS application.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  3. restrict b2b

    I desire the ability to allow B2B collaboration with only allowed tenants thru a config managed at the tenant side. As an org we may not want to federate with all tenants. The existing workaround involving Tenant Restriction thru proxy injection is not viable in our org.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add support guest user login on common endpoint.

    Current Azure AD B2B doesn't support guest/external users login on common endpoint. Hence it is very difficult to develop a multi-tenant application supporting guest users login. Developers have to set a specific tenant id to use OpenId Connect Authentication.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  5. Guest invitation sender email customization

    Currently when Guest user is created in Azure AD invitation is ent to guest using "invites@microsoft.com" email address and due to this sometimes guest users ignore this email as spam. Instead of @microsoft.com domain , can we use our own company domain email here?

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow guest users to configure FIDO2 passwordless authentication

    Allow guest users the ability to register FIDO2 security keys for their accounts. Currently this is only available for "Member" users but we would like to see this available for "Guest" users as well.

    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key#user-registration-and-management-of-fido2-security-keys

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  7. B2B Guest User schema to indicate Host and Guest Org Unit data

    Although the current gust user schema contains Org unit information, there is a need to distinguish between the guest Org Unit details and the Host Org unit details for proper access decisions, segregation of duties verification and account and access governance.
    Suggestion: please update the guest account schema to include both guest and host Org unit information.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  8. Show the B2B-blocking proxy address in my tenant's logs

    Scenario:
    I try to invite user@partnerdomain.com to my tenant (via Azure AD B2B), but get the error message "The user you're inviting already exists in the directory." But there are NO traces at all of that account in my tenant.

    It turns out that the user@partnerdomain.com have another proxy address (user@anydomain.com) in THEIR OWN TENANT, and a user in my tenant also happen to have user@anydomain.com as proxy address. There are valid reasons for this to occur.

    I makes sense that you cannot have more than one proxy address per tenant, but there is no way for us…

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow AAD Guests to become members of mail-enabled security groups

    AAD Guests can be added to a security group in Azure, but Azure does not allow for the creation of a mail-enabled security (MES) group. An MES group can be created in the O365 admin portal or the EAC, but AAD guests are not listed as entities who could be added to the MES group. This makes it impossible to use groups to control access to SPO and O365 while also being able to communicate with the group via e-mail.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add tenant name to AzureAD tenant restrictions error log

    Azure AD tenant restrictions work great, however rely on you being told the 3rd party tenant name, eg contoso.onmicrosoft.com. Many orgs users simply have no idea what their tenant name is as they use the org domain name instead.

    In the AAD signin logs you clearly see the target tenant id code, but there is no way to map that on to a tenant name to use in your proxy configuration. This would make life soooo much simpler for organisations that restrict access to tenants and need to manage the config.
    In my case this is for a large central…

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  11. B2B display name

    Hi,

    We have noticed change on B2B accounts display name. Now Azure AD overrides it from actual user properties, meaning
    * If user belongs to some Office 365 already, our directory shows that display name
    * If user doesn't belong to any O365, it shows firstname.lastname

    And this display name change happens after user has activated their account to our directory. In our company there is naming standard, which we would like to follow. Previously, when support invited user, they could chagne display to correct format directly. Now our support does extra work, when chasing has user activated account and…

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  12. MFA of guest accounts should reference to the user object

    The MFA information is redundant over multiple stores, if I have multiple guest accounts. It would be better if there is one place, because there is also only one valid user. If I have to update my MFA information (e.g. a new phone number), I have to open myapps.microsoft.com, switch to every directory, and provide the approbiate information. All this for guest accounts which I can use only if my user account in the default directory is valid.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  13. Preload B2B invited users in SharePoint Online

    At the moment, when you add someone to a Security Group, that grants access to SharePoint Online, using the B2B invite process, they often get the:
    "We're sorry, but EMAILADDRESS can't be found in the TENANT.sharepoint.com directory. Please try again later, while we try to automatically fix this for you."

    error. If they wait a few minutes and try again, all is good.

    There's no point in having an SPOnline URL in the invite, if they can't get to it straight away.

    Preloading the user into SPOnline might fix this, or having some way to force, "instantly", the user to…

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add B2B Users via both CSV or by searching via email

    Love the new AAD Admin Portal. It's currently missing the capability that the classic Azure portal has to invite B2B (other AAD) users. In the new experience can we have the ability to not only bulk upload with CSV, but also be able to add one at a time with a simple email search?

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  15. Document the process that enables a B2B partner invite

    The B2B invite process is failing with "This invitation may not be used to signup a new user". What are the prerequisites for the invited partner organisation. What is being checked for the invited user?

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  16. Uniform Guest Invitation Process across all Microsoft Products

    As of now B2B guest invitation process is not streamlined across Microsoft Products especially Sharepoint and Teams .Because of this we are not able to provide single solution to customers for Identity life cycle management
    . Following are few of them
    1) If you invite the Users from SharePoint Online, the Guest Invitor is SharePoint Service Account >> Because of this behaviour we can't track the Guest invitor and impose Guest Invitor Role functionality as Sharepoint never look Azure AD whether the user has Guest Invitor role or not. The workaround is create Group Based Invitor functionality within SPO apart…

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  17. Improve the experience of creating and managing Azure AD B2B security groups of guest users

    We created a security group of 200+ external users across 80+ vendors.


    1. Please create the ability to easily manage the membership of a security group in Azure portal. For example, we cannot currently sort the list of members by name. Also, to drill into a member's profile, it takes two clicks when it should only require one click.


    2. Please create the ability to track responses to invitations within a group. After multiple rounds of mass invitations via PowerShell, 80 users responded to the invitation, but 120 people have not and they likely cannot find the email. We need the ability…

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  18. sign in codes

    IMO would love to not have to receive codes to sign in. already signing in w/ our password, so i think codes are time consuming/unneccessary

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  19. support removal of the forgotten password link for B2B users

    At the moment in AD Connect you can remove the Password Writeback option however the microsoft company branded page has no option to remove the "forgotten password" link.

    So users end up trying to use that link and end up saying the Admin hasnt enabled the option.

    It would be better to support an option to either customize the link or removal completed when the password writeback is turned off.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  20. What happened to inviting "users in partner companies"?

    In the old portal we had the ability to bulk upload a CSV file of "Users in partner companies" into B2B. There doesnt' appear to be an equivalent in the new portal.

    This allowed us to invite external users, add them to an appropriate group and send them to a SPOnline URL, all in one hit. Plus monitor the invite process in the AzureAD reports.

    Great for Extranets!

    Now I have to invite individuals, then add them to a group, then send them a URL to go to once they're finished.
    I can script a lot of this out, but…

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base