Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Integrate Azure AD Connect Health with OMS/Log Analytics
This information should be available in OMS/Log Analytics, as a one stop shop for all monitoring... It should not be available only separately to OMS/Log Analytics!
74 votesThanks for the feedback. Connect Health team is planning to integrate Connect Health data with Log Analytics in phases. The first stream of ADFS data will be available in 3-6 months for preview.
Please reach out to askaadconnecthealth at microsoft.com for preview request. -
SCOM Management Pack for Azure AD Connect
Please create a management pack for SCOM to monitor AAD Connect, including the Pass-through authentication functionality. This is a critical component in the Microsoft cloud ecosystem. All on-prem products are supposed to be shipped with a SCOM management pack for monitoring them. This has been in prod for years and it is still missing.
And no, AD Connect health does not cut it. For example, it does not even send an alert email when the "Microsoft AAD Application Proxy Connector" is not running.
59 votesThank you for the feedback. This is under review. We will in touch with SCOM team to assess this request.
-
Add report for Extranet Lockout Protection - Account Lockout
Add a new report to Azure AD Connect Health that allows support staff to see which accounts are locked out by ADFS Extranet Lockout Protection.
56 votes -
Azure AD Connect Health Pass-through Authentication Agent Support
Please add support for monitoring the Azure AD Pass-through Authentication Agent to Azure AD Connect Health. This is current a gap in that when you use Pass-through Authentication (PTA) the agents are not monitored and there is no way to do this via Azure AD Connect Health currently. The PTA agent is a critical service when using Pass-Through Authentication so this should be monitored.
28 votes -
Support FIPs compliant algorithms for Azure AD Connect Health Agent
Azure AD Connect Health Agent does not currently support FIPS mode. As a result, we are unable to run the agent on our FEDRamp system.
"FIPS is not supported by Azure AD Connect Health agents."
AD Connect does support FIPS by modifying the .NET config so I would expect that is possible with the Health agent as well.
28 votes -
I would love to be able to export and search the ADFS bad password attempts!
I would love to be able to export and search the ADFS bad password attempts!
28 votesThank you for the feedback! Azure AD Connect Health team is planning to provide a solution of this report. We will update in this thread further once it is ready for preview.
-
Integrate Azure AD Connect Health ADFS Failed Logins and Lockout Events with Microsoft Cloud App Security
The ADFS auditing events for logon failures or account lockout collected by the Azure AD Connect Health agent for ADFS on all the on-premise ADFS servers are not shared with the central Azure Security solutions such as:
1. Azure AD Identity Protection
2. Office365 Cloud App Security (OCAS)
3. Microsoft Cloud App Security (MCAS).There is no available method to integrate or correlate these events with the rest of the Azure security solutions. The result is that this limit heavily the brute force attacks detection on the ADFS infrastructure. The only available option is to collect the logs locally through…
21 votesThank you for your feedback.
We are planning to work with Azure Identity Protection team to have enhanced security features for ADFS. -
AD Connect Sync stopped-deletion-threshold-exceeded: Allow to get an export list (CSV or Excel file) of all objects marked for deletion
Allow the possibility to export the list of users that appear in threshold so they can be verified before disabling it.
As you know, if you want to delete more than 500 objects in local AD, AD Connect won;t allow you to do this. We need a way to export those users just to make sure that they are not removed by mistake.
Thank you!
20 votesThank you for the feedback! Azure AD Connect Health team is planning to provide a solution of this report. We will update in this thread further once it is ready for preview
-
Azure AD Connect Health Bad Password Report improvement
Add which application was the bad password logged against.
20 votesThank you for the feedback! Azure AD Connect Health team is planning to provide a solution of this report. We will update in this thread further once it is ready for preview
-
Include an AAD Connect Health Gateway for DCs without internet connectivity
An easy to configure gateway install similar to the OMS gateway to act as a proxy for servers without internet connectivity would be a useful addition.
19 votesThank you Jeremy for the great feedback.
We started to review the work of adding the proxy to health agent in our ADDS agent. -
Test Authentication Request (Synthetic Transaction) failed to obtain a token.
Hi Team,
I am receiving ADFS alerts as mentioned in the subject, but while I test the ADFS Server health, the test is getting passed. But I offen get this alert, can some one help me in fixing this.
thanks in advance.
Regards,
Naveen Ramakrishnan11 votesUpdate the status
-
Alert on 80% and 90% usage for SQL Server 2012 Express LocalDB with 10GB size limit
Please add some monitoring for the database size for Azure AD Connect with a SQL Server 2012 Express LocalDB (10GB size limit).
Customers needs to be made aware before they hit the limit. Send alerts when customer hit 8-9GB usage on the DB.
10 votesThank you Peter for the feedback! Azure AD Connect Health team is working on this alert and should be available very soon.
-
AzureAD Connect Health Delegation of Authority for Active Directory Domain Services
Right now we delegate out access to our various forests to our directory team. To do so, we have to go into each forest and set up contributor access.
However, there's some issues with how it is done.
+Ideally you'd be able to delegate all of the Domain Services Health section, I don't think that's possible today.
+On the granting of access, there are two sections that seem to perform the same function, but only one works. Why have both, can we get these merged?Example:
- Azure Active Directory Connect Health | AD DS services | Domain | Settings…9 votes -
Can you please maintain the history page for AAD Connect Health Agent
It appear a new version of the AAD Connect Health Agent for Domain Controllers has been released but the page https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-health-version-history does not reflect it (last update July 2019)
Please maintain ALL version history pages; this is important9 votes -
Show AADConnect version when upgrading
Show the AADConnect Version you are upgrading to when starting the Wizard and once complete, show the version again.
8 votes -
Microsoft.adhybridhealthservice/services/read
Assign permissions to grant lower-level roles to drill into and resolve sync conflicts. Appears to be the permission below, but the custom role UI doesn't find it available to add.
Microsoft.adhybridhealthservice/services/read
7 votes -
server 2019 support?
ADFS connect health support for Server 2019 or just isnt documented?
7 votes -
AADC Health - Notification when AADC Scheduler is disabled
Send a notification when AADC Scheduler is disabled or when sync didn't happen for x number of hours/days.
7 votesThanks for the feedback!
This is in our backlog and our engineers are working on the new alert. -
Get Sync Error events (duplicates) over Powershell
Recurring events under "sync errors --> duplicates" could be managed automatically if we could get those events over Powershell. In this way we can implement an method for each specific recurring error which fix the problem:
- in AD
- by merging account (multiple)
- by informing a specific team about a specific eventIn this way we can reduce the manual support effort on those part.
6 votes -
AD Connect Health ADDS Agent should not require WOW64
We have been removing WOW64 Support from all Server Core installs. Not happy about adding it back on DCs for an agent.
6 votes
- Don't see your idea?