Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable SSPR for B2B invited users when there is no admin for their domain

    When an external user is invited and there is no existing Azure AD domain for him a dynamic one is set up and his account created there, this is all well and good.

    However, if he looses his password there is no way to reset it. I have tried it with a mail address on a test domain and I could not recover the password. The only option I could see is to claim the dynamically created Azure AD for the external user's domain, so that the new admin of that domain can reset the password. But this is of…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow internal B2B Guest accounts to be visible in in-cloud address lists

    If an on-premises user which is mail-enabled is granted access to Azure AD as a 'Guest' account (https://docs.microsoft.com/en-us/azure/active-directory/external-identities/hybrid-on-premises-to-cloud) then the account becomes a 'Guest mail user' and has HiddenFromAddressListsEnabled set to 'TRUE' in Exchange Online. This means the account cannot be used as a single on-premises login, in-cloud login, and Exchange Online contact, which is often desirable.

    As discussed with Microsoft support (Microsoft 365 Support Case #24168919) this is due to Exchange Online treating the on-premises attribute 'msExchHideFromAddressLists' differently when it is <not set> on internal B2B Guest accounts (Guest Mail Users).

    Direction: 'Inbound'
    Add new rule
    Description…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  3. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  4. One-time passcode login for GCC High/DOD users

    Allow a guest user to be added to GCC/Public Azure AD that exists in a national cloud (GCC-High/DOD). Utilize the same OTP method that allows non-Microsoft users to authenticate.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  5. Block Azure AD guest display name change after accepting invite

    Currently the Azure AD guest account displayname, which is set by the inviter (in this case admins from the tenant) will change when the invitee accepts the invite. Since this displayname is usually the primary way for users to identify others and names are not unique, this creates confusion. Is it possible to add a method to set the invite to not change the displayname after the invite is accepted?

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  6. Guest User invite perfomance

    After guest user invite the following user update via MS Graph (PATCH) is not able to query the user sometimes after 30 seconds. The reason is that invite component perform the invite async. The only solution is manage retries in GET/PATCH.

    The proposal is to allow update an user in same DC where the user was invited first.
    For example in the invite to return SessionID pointer, that using it the following PATCH will be done, and it will allow to update user properties faster and w/o 30 seconds of retries

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  7. If the Display Name is manually specified in the invite, the External Azure AD should not override and rewrite it.

    When I set up a guest user in Azure AD, and they accept the invitation, the external Azure AD rewrites their display name in a scheme that doesn't match either organization's naming convention. As the users accept the invites, the admin has to go back and rewrite the guest's display name. Doing this for massive numbers of users becomes cumbersome. This property should be able to be locked on the inviting AD.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  8. Fix New guest user invite SharePoint MFA

    Right now if you invite a new guest user through SharePoint with a conditional access policy enabled the guest will get an error the first time they try to setup MFA on the tenant they are invited to. If they try to set it up a second time the error is gone and they are able to setup MFA.

    Please fix this issue.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add B2B collaboration and Guest Access for GCC-H

    Please add the ability for GCC-H users to add Guests into Microsoft Teams or provide a way to add them into Azure AD as organizational Guests in GCC-H. This capability was a selling point while using the commercial version, but now we are trying to work around this issue. Please implement this feature as soon as possible.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  10. Send As Option for B2B Invite Email

    Different Admins create B2B accounts so the invite emails will have a different sender which also displays the Admin account details.

    Send As option would allow a consistent name to be displayed for all B2B invites - shared mailbox for example which also prevents privileged account E-Mail Address details from being included in the email

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  11. Assigning roles to B2B Guest Users - M365 Workloads

    The owner of a CSP (Cloud Solution Provider) subscription must be associated to a specific tenant, and we want to keep our main corporate tenant separate for security purposes. We intended to invite necessary corporate users (or partner accounts) via B2B and allocate CSP roles to them.

    This (allocation of roles to B2B users) is currently impossible due to each M365 workload (EXO, SharePoint, etc) not yet support assigning roles to B2B users.

    As a result, we may have to maintain separate identities -- possibly for each of our customer's CSP tenants -- which is highly inconvenient and can represent…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  12. Show accounts in 'Delete/block accounts not used in last 30 days'

    SecureScore does not tell you which accounts are not used in the last 30 days, and there is no way to find out. It only says "You have XX accounts that have not been used in the last 30 days."

    Please include an easy way to show which accounts are not used. The suggested Powershell script does not do the job correctly, and is not very userfriendly.

    Ideally, i would like a notification if a useraccount has been unused for xx days.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  13. I would like to restrict access Guset users who are Microsoft Account

    when I invite guest users, if he or she has both Microsoft Account and Work or School Account (has same upn), he or she can select which one user to access my tenant's resources.

    In order to strengthen a security, I would like to restrict access to Microsoft Account but Azure AD does not have this feature.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow B2B Domain allow/deny list override for Global Admins

    Currently we only allow invitations to guest users from specific domains (e.g. .com) due to security policies BUT also allow members to invite guests (.com is a trusted company).

    Sometimes, however, we need to add users outside of that domain (e.g. gmail..com) in one-off cases ONLY. We do not want to add this exception domain to the allowed list FOR ONE GUEST USER invite. Because the members have the ability to add guests, we then open up that domain to them as well (not good).

    The option to override the domain DENY/ALLOW lists should be available to global administrators…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  15. Setting inviteRedirectUrl from UI

    Adding new guest user from Azure AD UI should allow setting inviteRedirectUrl, as Graph API provides (See https://docs.microsoft.com/en-us/graph/api/invitation-post?view=graph-rest-1.0

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enforce Organizational B2B account

    For users that happen to have both an organizational account AND a personal Microsoft account (PMA) tied to their work email address, we would like to enforce the organizational account being the only allowed option.

    Currently if an invitation is sent and they choose the PMA and then they happen to leave the external company, there is a human reliance component of the external company having to notify us of them leaving.

    A current work around is to monitor the guest accounts for non-org accounts, but it would be less time consuming if the personal account wasn't an option.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  17. Cross tenant sync of AD user email address for guests

    we have issues wherein we have tons of user accounts in Office 365 tenant and we have many additional Azure tenants wherein we invite users as guests to these tenants they are then linked to Azure Devops instances.

    We are going through an ongoing process of migrating users email addresses, the problem is once Office 365 is updated with a new domain the guest tenants are not updated. While it is possible to script update every user in every tenant it is not possible to update the users email attribute.

    This then has a knock on affect with Azure Devops…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow B2B user to be admin of Dynamics 365 instances

    We have outsourced the administration of several online Microsoft services to external partners. We invite their admins with B2B so they can administer Exchange Online, SharePoint and Azure for us with their own account. Dynamics 365 does not support this, yet. Please add support for this.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  19. Azure AD B2B collaboration :- MSA mailbox should not be provisioned for users accepting invitation.

    Whenever a guest user is invited, if he/she has a live account, the redemption process is completed after the consent, but if he/she is using a gmail or any other provider, the user account is created in live database.
    If this is limited to having a set of claims for a user object I think its fine , but for some reason a mailbox is also getting provisioned in MSA.

    So real time experience, I have a gmail id - testuser@gmail.com which I was using on gmail and know after getting invited by any tenant, I can use this id…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  20. fga

    hh s

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base