Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

We have a new log in experience integrated with Azure AD, and we strongly recommend you log in with your Azure AD (Office 365) account. If your UserVoice account is the same email address as your Azure AD account, your previous activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Include users' last logon time

    Last Logon is missing from the user objects in Azure! I'd like to be able to read the Last Logon information through the Graph API, to tell which users are actually logging in. But very surprisingly I can't find any such attribute!
    Can we please please add this attribute to the user object?

    438 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    34 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  2. Expose user last password changed date

    Please add the capability to retrieve the date a user change the last password using the Graph API.

    82 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →

    We’re currently working on an API to provide CRUD access to authentication methods (password, SMS, voice, etc), and we’re considering adding last pw change time and/or password expiration time. Thanks for the feedback!

    Michael

  3. Expand navigation property of children with a single query

    Impossible to get members of Azure AD group with expanded 'manager' property in one request.
    for example:
    https://graph.windows.net/<tenant_id>/directoryObjects/<group_id>/members/?api-version=1.6&$expand=manager

    we gets the following response:
    {"code":"Request_UnsupportedQuery","message":{"lang":"en","value":"An unsupported query was observed. Please ensure you query does not navigate across multiple reference-properties."}

    I suppose reason of such response is clear. and current workaround is the following:
    1) Get group members
    2) for each five members(using OData batch) get manager
    But this way make us do a lot of requests to Azure AD and we expect performance degradation here.

    We develop multi tenant application which access Azure AD of all our customers and it's…

    65 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  4. Possibility to enable/disable multi-factor authentication for a user via the Graph API

    We would like to be able to set MFA for users from a custom application, by using Graph API or Azure AD SDK.

    63 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →

    We’re in the process of building APIs for both conditional access policies and authentication method registration. Between the two, you’ll be able to programmatically register your users’ auth methods (sms, voice, etc) and also create and edit conditional access policies to require MFA.

    Michael

  5. Support for query deleted users (recycle bin) from Azure AD Graph API

    Support for query deleted users (recycle bin) from Azure AD graph api, today GET user on AzureAD graph only return user who is not in recycle bin.

    16 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  6. 16 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  7. Expose user Authentication Phone and Authentication Email

    why graph api don't sending user authentication email and phone number using this api endpoint https://graph.windows.net/myorganization/users/{user_id}?api-version.

    in my application i need the email address user used for signup and mobile number which user used for MFA. but i can't find any of those.

    15 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  8. Graph API differential query: need a way to distinguish change from creation

    At this time, in the response of a differential query, there is no formal way to distinguish if item is about creation or update. No problem with deletion which is signaled by the property aad.isDeleted.

    14 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  9. Unable to retrieve user Description attribute through Graph API

    We are using Graph API to retrieve the Users from Azure Active Directory Instance which are synced from On-premise Active Directory instance. As part of it, We are able to fetch most of the information from Graph API Except "Description" Attribute. After discussing with Microsoft support team, it is identified as a limitation from the Graph API side. Can you please include this Description field as a member of User Entity Object. We are in need of this for a High profile Customer requirement, please include this at the earliest possible.

    10 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow programmatic access of BitLocker recovery keys

    Currently it is possible (if you have permission) to view BitLocker recovery keys on the "Device" page of the Azure Active Directory portal.

    It is also possible to view Device information through the API or through Microsoft Graph, but this does not include the BitLocker recovery information.

    A programmatic way to view this data would be incredibly useful for creating a secure backup of the recovery keys.

    Another use case, which is what I was hoping to achieve, is to have users in the field encrypt data with their BitLocker key and then send a CD containing the encrypted data…

    8 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  11. Make it possible to update LastPasswordChangeTimestamp via Graph API

    As mentioned in this article: https://support.microsoft.com/en-ph/help/4025960/federated-users-in-azure-ad-are-forced-to-sign-in-frequently , some federated users are required frequent login.

    Although the article present resolutions that LastPasswordChangeTimestamp can be updated via PowerShell, it actually cannot. It should be fixed and, more generally, the value should be updated via Graph API.

    8 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  12. Supportability for more attributes with MS Graph API

    Please support syncing more attributes (on user create and update) with MS Graph API.

    Here is the wish-list:
    proxyAddresses,
    postOfficeBox,
    pager,
    msExchExtensionCustomAttribute,
    mail,
    ipPhone,
    info,
    extension_<AAD_App_GUID>_<attribute_name>,
    description,
    countryCode,
    commonName,
    cloudAnchor,
    alias

    Thanks,
    Anna

    7 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  13. REST API Support for Creating Directories

    REST API should support the ability to create/suspend/delete whole directories towards Azure AD. This is something that has to me done manually today, not that good for creating automated services with Azure Stack with a lot of directories.

    7 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  14. 7 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  15. Calculate & expose device's primary user based on usage (user to device affinity)

    In many reporting scenarios it is necessary to map between users/devices. E.g.,
    * VIP Victor is complaining about something, we need a list of the devices he uses
    * I need to report on crashes (or some other device data) by the user's department/building/etc.

    Today we have registeredUsers and registeredOwners, but these can't be used for this purpose because:
    A) They seem to reflect primarily administrative enrollment activity, not end-user-affinity
    B) They are many:many and don't automatically calculate a "primary user" based on logon activity

    6 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  16. Access to OtherMails Property

    REALLY need a means to enter an email for a user other than their Exchange account. In the AAD Graph we used OtherMails. In the Portal we can use the Alternate Authentication Email. Both of these are hacks. It would be nice to simply have "ExternalEmail" or at least OtherEmails back.

    6 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support more OData filters (like endswith or substringof)

    When using the 'classic' Get-MSOLUser, the -Domain parameter can be used to filter users by an equivalent "endswith(userPrincipalName, "domain.blah") filter, but this is not possible with the Graph API or the AzureAD v2 PowerShell module.

    6 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow complex query for assignedLicenses

    Allow filters such as "assignedLicenses/any(x:x/skuId eq guid'4075ceb4-6426-4341-a899-f6a4430f5162')"

    The O365 admin portal can return such results easily, but using PowerShell/API requires me to retrieve 200,000+ objects and filter locally

    6 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  19. Exchange Permissions - Ability to restrict send/receive to a specific mailbox

    Requesting application based permissions to restrict sending/receiving email to a specific mailbox. The current set of application permissions allow to access to any mailbox. One of our use cases involves sending mail from a back end service (i.e. no user interaction) using the client credentials grant flow but we need to limit the app team's ability to send from one mailbox.

    5 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support current password when changing a user's password

    When you change a user's password using the update user operation you supply a passwordProfile. This profile only allows for the new password. Add a new property to the passwordProfile for the current password and only allow the change if the current password is correct.

    https://msdn.microsoft.com/en-gb/library/azure/ad/graph/api/users-operations#ResetUserPassword

    5 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base