Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Fix New guest user invite SharePoint MFA

    Right now if you invite a new guest user through SharePoint with a conditional access policy enabled the guest will get an error the first time they try to setup MFA on the tenant they are invited to. If they try to set it up a second time the error is gone and they are able to setup MFA.

    Please fix this issue.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add B2B collaboration and Guest Access for GCC-H

    Please add the ability for GCC-H users to add Guests into Microsoft Teams or provide a way to add them into Azure AD as organizational Guests in GCC-H. This capability was a selling point while using the commercial version, but now we are trying to work around this issue. Please implement this feature as soon as possible.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  3. Send As Option for B2B Invite Email

    Different Admins create B2B accounts so the invite emails will have a different sender which also displays the Admin account details.

    Send As option would allow a consistent name to be displayed for all B2B invites - shared mailbox for example which also prevents privileged account E-Mail Address details from being included in the email

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  4. Assigning roles to B2B Guest Users - M365 Workloads

    The owner of a CSP (Cloud Solution Provider) subscription must be associated to a specific tenant, and we want to keep our main corporate tenant separate for security purposes. We intended to invite necessary corporate users (or partner accounts) via B2B and allocate CSP roles to them.

    This (allocation of roles to B2B users) is currently impossible due to each M365 workload (EXO, SharePoint, etc) not yet support assigning roles to B2B users.

    As a result, we may have to maintain separate identities -- possibly for each of our customer's CSP tenants -- which is highly inconvenient and can represent…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  5. Show accounts in 'Delete/block accounts not used in last 30 days'

    SecureScore does not tell you which accounts are not used in the last 30 days, and there is no way to find out. It only says "You have XX accounts that have not been used in the last 30 days."

    Please include an easy way to show which accounts are not used. The suggested Powershell script does not do the job correctly, and is not very userfriendly.

    Ideally, i would like a notification if a useraccount has been unused for xx days.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  6. I would like to restrict access Guset users who are Microsoft Account

    when I invite guest users, if he or she has both Microsoft Account and Work or School Account (has same upn), he or she can select which one user to access my tenant's resources.

    In order to strengthen a security, I would like to restrict access to Microsoft Account but Azure AD does not have this feature.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow B2B Domain allow/deny list override for Global Admins

    Currently we only allow invitations to guest users from specific domains (e.g. .com) due to security policies BUT also allow members to invite guests (.com is a trusted company).

    Sometimes, however, we need to add users outside of that domain (e.g. gmail..com) in one-off cases ONLY. We do not want to add this exception domain to the allowed list FOR ONE GUEST USER invite. Because the members have the ability to add guests, we then open up that domain to them as well (not good).

    The option to override the domain DENY/ALLOW lists should be available to global administrators…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure AD guest user profiles are sometimes empty after invitation is accepted

    When inviting a guest user (B2B) the guest user must consent and authorize Azure AD to read the guest user account Name and Email address.
    However, most of the time the user profile that is created in Azure AD is not filling the "Name" attribute. This behavior is not consisted across different Azure AD environments.
    It would also help a lot to enrich the guest profiles with other attributes like "First Name", "Last Name" and "Display Name" because it will greatly reduce the effort needed to modify these accounts manually.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  9. Setting inviteRedirectUrl from UI

    Adding new guest user from Azure AD UI should allow setting inviteRedirectUrl, as Graph API provides (See https://docs.microsoft.com/en-us/graph/api/invitation-post?view=graph-rest-1.0

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  10. Enforce Organizational B2B account

    For users that happen to have both an organizational account AND a personal Microsoft account (PMA) tied to their work email address, we would like to enforce the organizational account being the only allowed option.

    Currently if an invitation is sent and they choose the PMA and then they happen to leave the external company, there is a human reliance component of the external company having to notify us of them leaving.

    A current work around is to monitor the guest accounts for non-org accounts, but it would be less time consuming if the personal account wasn't an option.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  11. Cross tenant sync of AD user email address for guests

    we have issues wherein we have tons of user accounts in Office 365 tenant and we have many additional Azure tenants wherein we invite users as guests to these tenants they are then linked to Azure Devops instances.

    We are going through an ongoing process of migrating users email addresses, the problem is once Office 365 is updated with a new domain the guest tenants are not updated. While it is possible to script update every user in every tenant it is not possible to update the users email attribute.

    This then has a knock on affect with Azure Devops…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow B2B user to be admin of Dynamics 365 instances

    We have outsourced the administration of several online Microsoft services to external partners. We invite their admins with B2B so they can administer Exchange Online, SharePoint and Azure for us with their own account. Dynamics 365 does not support this, yet. Please add support for this.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  13. Azure AD B2B collaboration :- MSA mailbox should not be provisioned for users accepting invitation.

    Whenever a guest user is invited, if he/she has a live account, the redemption process is completed after the consent, but if he/she is using a gmail or any other provider, the user account is created in live database.
    If this is limited to having a set of claims for a user object I think its fine , but for some reason a mailbox is also getting provisioned in MSA.

    So real time experience, I have a gmail id - testuser@gmail.com which I was using on gmail and know after getting invited by any tenant, I can use this id…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  14. fga

    hh s

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow guest users to acces VM in Azure in combination with AADDS

    I hope this can be done so I do not have to look for 3th party solutions.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add an Enterprise app for Single Sign on for OpenShift

    Create an Enterprise app for Single Sign-on for the OpenShift service https://www.openshift.com/

    We currently access OpenShift via AD DS LDAP however we need more flexibility for internal and 3rd party access (Azure AD Cloud only account from our tenant and Federation)

    The current app in the gallery is Password Vault not SSO

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add an Enterprise app for Seismic

    Create an Enterprise app for Single Sign-on for the Seismic service https://seismic.com/ According to the Seismic documentation it supports Azure AD however it would be easier if there was an app in the gallery

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add an Enterprise app for Symphony IM

    Create an Enterprise app for Single Sign-on for the Symphony IM service https://symphony.com/ I successful created a custom app for SAML SSO however it would be easier if there was an app in the gallery

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  19. Very good

    Very good

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  20. "What is Azure AD B2B collaboration?" documentation

    Your "What is Azure AD B2B collaboration?" page has two copies of the same screenshot, which is wrong for the "Authorization policies protect your corporate content?"

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base