Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. make it so I can see my work calendar on my **** phone

    Login Error email server timed out. wow, I like Windows, but I guess my love affair with Microsoft ends right there. Outlook is horrid, Teams is weird and lacking, can't even see my calendar on my phone?!? ugh, ok, titanic

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. SAML Group claims customizable value

    In the source attribute menu, it could be good to be able to send a fully customizable claim value (not name) for a group like it is possible to do in ADFS.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Windows Hello for Business reporting tool

    Please implement the option/tool of having where to check the WHfB enrollment status for users.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Confluence SAML SSO by Microsoft

    Hi
    Confluence SAML SSO by Microsoft not supportet the latest version of Confluence server7.8.1

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support POST binding for SAML logout

    AD FS supports both HTTP-Redirect and HTTP-POST bindings for SAML Logout requests.

    Azure AD does not support the POST binding. This means that not all applications can be migrated successfully from AD FS to Azure AD.

    Please allow the logout requests to be POSTed to Enterprise Apps that only support this binding, and take notice of the supported bindings when uploading a service providers federation metadata document (which states what the service provider supports) when setting up an Enterprise App.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. two factor authentication numbers are not using the secondary notification numbers

    This used to work, then it stopped, when the account has multiple contact numbers, currently only 1 number is receiving notification, the screen to select the contact is not showing any other contact number. Only 1 is working even tho the security options are set up to sign in with any of the various numbers.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Make the number of digits for OATH TOTP configurable (6,7 or 8 digits)

    This is needed in order to comply to RFC4226 and RFC6238 and to support the various kinds of tokens in the market.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Authenticate device ahead of scheduled verification date

    Our office has implemented multi-factor authentication and we have to type in our authentication codes every 60 days. I often have to do work with my laptop at military bases where I do not have cell phone coverage. I had setup my multi-factor authentication to text the authentication code to my cell phone. When I was at a military base yesterday my microsoft programs were asking me for the authentication code, but I couldn't get the code because I didn't have cell phone service. Even if I had set up the app I still would have needed cell phone service…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Implement Contemporary Biometric Mobile Auth

    Allow mobile users to sign in to AAD B2C using contemporary mobile biometric features like touchID and faceID instead of a password.

    This is one of the biggest feature requests from our users today in our industry where users must sign on frequently for security/privacy reasons.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Permit Exceptions to Security Defaults

    Security Defaults nearly provides adequate automatic MFA for organizations that don't utilize licensing that permits Conditional Access, but because it doesn't permit an Exceptions List which would include a Security Group it destroys the functionality of SMTP accounts. It would be provide very functional default MFA status if we could utilize an exception list.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Feature request to control MFA claim

    The feature that can enable to control MFA Session separately for specific Apps rather than conditional access sign-in frequency control that only controls Primary Authentication.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Unfamiliar sign-in properties

    Unfamiliar sign-in properties should not be high alerts if the user successfully did the MFA authentication.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. When using Authenticator App for VPN\MFA, NPS times out before authentication can occur.

    NPS times out before user can open app and press "Approve". Allow for administrators to control that timeout value.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Scoring password in Azure AD password protection

    Today, Azure AD Password Protection scores the normalized new password with this rules:
    1. Each banned password that is found in a user’s password is given one point.
    2. Each remaining unique character is given one point.
    3. A password must be at least five (5) points for it to be accepted.

    If you use a banned word like "contoso", the score of the password grows with +1. A new password with 5 banned password(s), you will have an accepted password.

    If you choose one of the following password as a new password, it will be accepted:

    "contosocontosocontosocontosocontoso" --> [contoso]…

    33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Make Enterprise Apps searchable by Reply URL

    We have a ton of SSO'ed apps. If an app is misspelled/mislabeled during creation, the vendor changes product names, or you have multiple similar apps with the same company it can be very difficult to identify the appropriate enterprise app. I think it would be very helpful if we could also search by reply URL.

    I love the new Enterprise Apps experience. You guys rock - thanks for being awesome!

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. including PHP code for Access Token and ID Token validation

    I were to implement Active directory integration on the web application in PHP. All I need is to authenticate the user before letting user on my application.
    So far, I have a tenant ID and Application Registered on Azure. I am already using authorize endpoint and receiving the token successfully.
    However, the documentation do not share anything on validating the ID Token with PHP.
    If you can share the validation endpoint or code to decode the token and use to design my application.
    thanks

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Azure AD SAML/OAuth log

    At this point Azure AD doesn't provide a way to check log if SAML/OAuth authentication is getting failing due to some issue.

    Last week SAML response was failing due to one of mapped attribute was blank on user profile. It took us 6 hrs to figure out by guessing what could be wrong. In most of other SSO product, you can check runtime server log and get reason in 5 mins!

    Microsoft should provide some way to check server log.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow more than 150 groups to be returned in the SAML assertion

    As part of the SAML assertion of a user we get the groups from the Azure AD. But for some users that are in many groups (> 150) Azure AD does not send the list of groups.
    Please allow either more than 150 groups or enable an easy way to get all groups of a user.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base