Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SVG Login Buttons

    Branding guidelines are available which offer up login buttons to be used in web applications that use Azure AD for authentication. The branding guidelines are here:

    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-branding-guidelines

    The buttons on that page are PNGs. It would be good to publish SVG versions of these buttons, as many web apps incorporate SVGs rather than binary files served up statically.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enable more granular password policy

    The options for configuring the password policy is currently not very flexible.
    Many organisations have security policies that are more complex than what can be enforced with on-prem AD, necessitating 3rd party software.
    Within Azure, the password policy options are even less flexible than on-prem AD.
    For example, allow the valid character set with a regular expression.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support max_age OIDC parameter on Azure AD v2.0 endpoint

    We are using the v2.0 endpoint for authentication to a multi-tenant application. This currently allows users to log in without re-entering their password if they have already logged in with their current browser session.

    If the v2.0 endpoint supported the max_agent OpenID Connect parameter, it would give us some control over how recently we need the end-user to have been actively authenticated.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support query parameters in Reply urls with Azure AD endpoint v2.0

    Azure AD endpoint 2.0 does not seem to support query parameters in the reply url.
    This is really useful to perform post login/logout action.

    http://stackoverflow.com/questions/37489964/custom-parameter-with-microsoft-owin-security-openidconnect-and-azuread-v-2-0-en

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Custom Attribute for Cloud Only users

    Recently had an issue where I was populating Exchange Online Cloud Only user mailboxes customattribute1. I wanted to leverage that field to pass that customattribute value to a SaaS provider which had a requirement for a unique id. There is not field to enter a unique id in Azure AD. My request would be to allow the ability to have a custom attribute field that is not dependent on Exchange Online, since it has been found via support that the Exchange Online team, by design, does not pass those values for Cloud Only users.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Please document how to perform logout

    AAD documentation is awesome in general. How to authorize the user is documented very well. But there is no documentation at all on how to logout.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. automate authentication fallback from ADFS to password-sync for SSO

    Please add automated authentication fallback for ADFS federated domains to password-sync in case on-premise ADFS services are not reachable/available
    or
    provide way for ADDConnect password-sync enabled domain to use AzureAD as true SSO for on-premise domain joined devices in regards to O365 applications (Exchange, Sharepoint, RichClients)

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. HubSpot: I would recommend to have Password-based SSO for HubSpot integration with Azure AD

    HubSpot: I would recommend to have Password-based SSO for HubSpot integration with Azure AD. Is it possible to be amended in the future Azure updates?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Support "Hub-and-spoke Federation with Centralised Login" SAML2.0 architecture

    Currently AzureAd only support unique SAML2.0 IssuerUri's.

    http://community.office365.com/en-us/f/613/t/295163.aspx

    In federation architecture "Hub-and-spoke Federation with Centralised Login" will each tenant/company/organization/root-domain/educational institution share/reference the same IDP SAML2.0 IssuerUri.

    https://wiki.edugain.org/Federation_Architecture

    25 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure AD SAML Claims Rules and import Service Provider metadata

    Most customers of o365 have an on premise AD to connect ADFS to... we don't. We only have our Azure AD. We would really like to have the ability to use more full featured ADFS services from Azure AD, for instance some applications we want to connect to can only receive NameID so the ability to transform SAM Account Name to NameID would be very helpful. Further - importing the metadata from a SAML service provider would complete the circle and allow a more complete set of Azure AD app SSO services.

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Gradual roll out of Passwordless phone sign-in with the Microsoft Authenticator app

    It would be nice if we could selectively roll out the password less authentication with AAD, as we might not want to allow all users to have this feature at first and for testing.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add sles ro aadforlinuxextension

    Add support for sles to this extension

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Use apple watch authentication app for *all* accounts

    As of now, the apple watch authentication app only supports personal or work accounts. Our company has an authenticator instance outside of microsoft's domain. This works perfectly with the iphone app, but not on the watch. Big letdown.

    Please support this feature microsoft!

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Fate riscrivere tutto e licenziate chi ha fatto questo lavoro. Imbarazzante

    Rifate tutto. Siete il problema di chi viaggia. Cambierò mail

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Using MSAL to get tokens without using MSAL to sign in

    We currently use the azure-activedirectory-library-for-js but now need to support Microsoft Personal accounts.

    I've tried to use microsoft-authentication-library-for-js but it appears it does not support getting of tokens if you have NOT signed in with MSAL.js.

    If it does I can't find any documentation related to this.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Password Protection Preview

    We are using Password Protection Preview and currently, it only supports only "guessable word" as it is but doesn't support a wildcard character for each word. Can we add this feature to the Azure so that way we can block different variations of a word?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Make it work

    MAKE IT WORK. Suddenly, I can't access my work E-mail from home, using my existing passwords. It doesn't acknowledge my work password although my work computer does. You send me a code and the programs doesn't accept the code. Lousy. Work: Steven.olsen@unitypoint.org---Home: docstev6@hotmail.com

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. App Reg Grant permissions overwrites the associated service principals oauth2permissiongrants

    When you add permissions to an Azure AD App Reg (for example add the Microsoft Graph->read all users' basic profiles permission) and then click the Grant permissions button, any existing oauth2permissiongrants on the associated service principal will be removed and only the permissions added to the App Reg will now be present.

    This is an issue specifically in the case of the new Spfx 1.6 App Reg: SharePoint Online Client Extensibility Web Application Principal.

    The service principal for this App Reg is what is used by the SharePoint Admin (preview) API management screen to add OAuth2PermissionGrants, and also to display…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base