Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make it less bizzare!!!! I've read the docs and I am still confused. Its working, but Im confused.

    Are these accounts copies of accounts in my local directory? Where the does Microsoft account come into play? I can only sign in with "personal account". Come on....this is just strange and your docs are ZERO help.....

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support max_age OIDC parameter on Azure AD v2.0 endpoint

    We are using the v2.0 endpoint for authentication to a multi-tenant application. This currently allows users to log in without re-entering their password if they have already logged in with their current browser session.

    If the v2.0 endpoint supported the max_agent OpenID Connect parameter, it would give us some control over how recently we need the end-user to have been actively authenticated.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Access Panel Extension for Edge Browser

    Edge supports browser extensions now. We should have an Access Panel browser extension for Edge!

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure User Login Authenticate Issue, Not able to access Graph api

    Please help with solving the following:
    I have a office365 subscription. I created application in azure Active Directory for Access users outlook calendar event from iOS application.I am using graph api for this. I am getting successfully Event of user which is added in azure active directory tenant user list. But I am not able to get the Event of user's calendar which is not added in azure active directory tenant and got the error in response "user not added in azure active directory tenant" so how to resolve this issue and allow all user to access outlook event api…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Verification Certificate upload for Azure AD Applications

    Currently the only way to add a certificate as a verification method to a service principal is through PowerShell, and it is painful to script. It would be really helpful if there was a way to upload a certificate as a credential in the portal.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. HTTP Agents for OpenID connect or SAML

    We would like to migrate all our application protection to AzureAD from traditional WAM systems like SiteMinder.

    Not all applications can consume OpenID or SAML tokens, would need HTTP connectors / proxies to speed up application migration to Azure AD.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Passport for Work MFA

    It should be selectable in Azure MFA to use Passport for Work as a 2FA. A computer is using device authentication (2nd factor) when Passport for Work is used.

    It seems redundant to also require a Phone Factor, SMS, or Azure Authenticator Push when Passport for Work is already verifying Device + PIN/Bio.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Custom Attribute for Cloud Only users

    Recently had an issue where I was populating Exchange Online Cloud Only user mailboxes customattribute1. I wanted to leverage that field to pass that customattribute value to a SaaS provider which had a requirement for a unique id. There is not field to enter a unique id in Azure AD. My request would be to allow the ability to have a custom attribute field that is not dependent on Exchange Online, since it has been found via support that the Exchange Online team, by design, does not pass those values for Cloud Only users.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable more granular password policy

    The options for configuring the password policy is currently not very flexible.
    Many organisations have security policies that are more complex than what can be enforced with on-prem AD, necessitating 3rd party software.
    Within Azure, the password policy options are even less flexible than on-prem AD.
    For example, allow the valid character set with a regular expression.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Login conflict between organizational ID and Outlook.com (personsl)

    I am certain if this is the right place to post this.

    I have both a recently created organizational Azure AD account (MPaxton@isp.IN.gov), and an older Outlook.com account (MPaxton5684@Outlook.com) that has an alias identical to my Azure account.

    When I tried to login to my Outlook account, I received the following error:

    X-ClientId: 08B2383E094046859E798B1521F6E042
    X-OWA-Error: Microsoft.Exchange.Data.Storage.DatabaseNotFoundException
    X-OWA-Version: 15.1.517.8
    X-FEServer: BY2PR0601CA0024
    X-BEServer: BY2PR09MB0248
    Date: 6/12/2016 3:01:47 AM

    It does not matter which ID I use at Outlook.com, I get the same error.

    Can you help me, or direct me to someone who can?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support query parameters in Reply urls with Azure AD endpoint v2.0

    Azure AD endpoint 2.0 does not seem to support query parameters in the reply url.
    This is really useful to perform post login/logout action.

    http://stackoverflow.com/questions/37489964/custom-parameter-with-microsoft-owin-security-openidconnect-and-azuread-v-2-0-en

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow ADFS federation per user not domain

    Remove the federation limitation of only allowing federation by domain and allow federation by user. e.g.

    usera@contoso.com = federated to ADFS
    userb@contoso.com = cloud authentication

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. automate authentication fallback from ADFS to password-sync for SSO

    Please add automated authentication fallback for ADFS federated domains to password-sync in case on-premise ADFS services are not reachable/available
    or
    provide way for ADDConnect password-sync enabled domain to use AzureAD as true SSO for on-premise domain joined devices in regards to O365 applications (Exchange, Sharepoint, RichClients)

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. passphrase

    Users should be prompted and guided to passphrases, not passwords. Passwords are dead and buried, we should stop encouraging their use. Allow admins to makeusers specify at least 5 words for a total of more than 20 wide char. Give the user an example (that they cannot use, naturally). Give them hints.

    Then require MFA, because seriously... single factor is moronic.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Please document how to perform logout

    AAD documentation is awesome in general. How to authorize the user is documented very well. But there is no documentation at all on how to logout.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Azure federation limitation

    If user has federated their AD with AAD for O365, they will not be able to federate their AD names with AAD for other purpose. would help if AAD can support that.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Configuration of SAML 2.0 responses - hash algorithm (SHA1 v SHA256), message signing

    Are there any plans to add further configuration options to the AAD SAML 2.0 functionality.

    When acting as an IdP in a SAML 2.0 federation, unlike ADFS, there does not appear to be any options to customize the SAMLResponse which is returned to the Relying Party.

    The options that I'm particularly interested in are:

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Authenticating wireless access points \ RADIUS through Azure AD

    I would like to see Authenticating wireless access points \ RADIUS servers through Azure AD , not having to store user accounts in local active directory

    923 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    81 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support certificate authentication in MyApps for iOS

    I would like to be able to log into MyApps using ADFS and Certificate authentication. I can log into Safari using Certificates, but I can not use the native MyApps application on iOS.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure AD SAML Claims Rules and import Service Provider metadata

    Most customers of o365 have an on premise AD to connect ADFS to... we don't. We only have our Azure AD. We would really like to have the ability to use more full featured ADFS services from Azure AD, for instance some applications we want to connect to can only receive NameID so the ability to transform SAM Account Name to NameID would be very helpful. Further - importing the metadata from a SAML service provider would complete the circle and allow a more complete set of Azure AD app SSO services.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base