Branding guidelines are available which offer up login buttons to be used in web applications that use Azure AD for authentication. The branding guidelines are here:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-branding-guidelines

The buttons on that page are PNGs. It would be good to publish SVG versions of these buttons, as many web apps incorporate SVGs rather than binary files served up statically.

The options for configuring the password policy is currently not very flexible.
Many organisations have security policies that are more complex than what can be enforced with on-prem AD, necessitating 3rd party software.
Within Azure, the password policy options are even less flexible than on-prem AD.
For example, allow the valid character set with a regular expression.

We are using the v2.0 endpoint for authentication to a multi-tenant application. This currently allows users to log in without re-entering their password if they have already logged in with their current browser session.

If the v2.0 endpoint supported the max_agent OpenID Connect parameter, it would give us some control over how recently we need the end-user to have been actively authenticated.

Azure AD endpoint 2.0 does not seem to support query parameters in the reply url.
This is really useful to perform post login/logout action.

http://stackoverflow.com/questions/37489964/custom-parameter-with-microsoft-owin-security-openidconnect-and-azuread-v-2-0-en

Recently had an issue where I was populating Exchange Online Cloud Only user mailboxes customattribute1. I wanted to leverage that field to pass that customattribute value to a SaaS provider which had a requirement for a unique id. There is not field to enter a unique id in Azure AD. My request would be to allow the ability to have a custom attribute field that is not dependent on Exchange Online, since it has been found via support that the Exchange Online team, by design, does not pass those values for Cloud Only users.

AAD documentation is awesome in general. How to authorize the user is documented very well. But there is no documentation at all on how to logout.

Please add automated authentication fallback for ADFS federated domains to password-sync in case on-premise ADFS services are not reachable/available
or
provide way for ADDConnect password-sync enabled domain to use AzureAD as true SSO for on-premise domain joined devices in regards to O365 applications (Exchange, Sharepoint, RichClients)

HubSpot: I would recommend to have Password-based SSO for HubSpot integration with Azure AD. Is it possible to be amended in the future Azure updates?

Currently AzureAd only support unique SAML2.0 IssuerUri's.

http://community.office365.com/en-us/f/613/t/295163.aspx

In federation architecture "Hub-and-spoke Federation with Centralised Login" will each tenant/company/organization/root-domain/educational institution share/reference the same IDP SAML2.0 IssuerUri.

https://wiki.edugain.org/Federation_Architecture

Most customers of o365 have an on premise AD to connect ADFS to... we don't. We only have our Azure AD. We would really like to have the ability to use more full featured ADFS services from Azure AD, for instance some applications we want to connect to can only receive NameID so the ability to transform SAM Account Name to NameID would be very helpful. Further - importing the metadata from a SAML service provider would complete the circle and allow a more complete set of Azure AD app SSO services.

It would be nice if we could selectively roll out the password less authentication with AAD, as we might not want to allow all users to have this feature at first and for testing.

Add support for sles to this extension

As of now, the apple watch authentication app only supports personal or work accounts. Our company has an authenticator instance outside of microsoft's domain. This works perfectly with the iphone app, but not on the watch. Big letdown.

Please support this feature microsoft!

Rifate tutto. Siete il problema di chi viaggia. Cambierò mail

We currently use the azure-activedirectory-library-for-js but now need to support Microsoft Personal accounts.

I've tried to use microsoft-authentication-library-for-js but it appears it does not support getting of tokens if you have NOT signed in with MSAL.js.

If it does I can't find any documentation related to this.

We are using Password Protection Preview and currently, it only supports only "guessable word" as it is but doesn't support a wildcard character for each word. Can we add this feature to the Azure so that way we can block different variations of a word?

MAKE IT WORK. Suddenly, I can't access my work E-mail from home, using my existing passwords. It doesn't acknowledge my work password although my work computer does. You send me a code and the programs doesn't accept the code. Lousy. Work: Steven.olsen@unitypoint.org---Home: docstev6@hotmail.com