Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SAML token. Login ID look up in Claim management - source attribute.

    With the new option to sign-in to Azure AD with email as an alternate login ID (preview), it would be great to have access to the login ID in the source attribute when adding a new claim. It may be useful to able to pass the login ID in a SAML claim when it's different from user.email and UPN, especially if an account has multiple ProxyAddresses that can be used as login ID.
    Dynamic source attribute and an attribute lookup function in the transformation would be handy as well.
    Thank you.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Were having issues with users not realizing the 2 factor option "click here to not be asked for 30 days" expiring and userse not realizing.

    When the 2 factor option for "Click here to not be bothered for 30days" expires it doesn't really prompt you very clearly that you need to sign back in. It's just a small icon on outlook. If you're busy or doing other things you don't notice.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add a «start» sync button for the Authenticator App

    I have noticed that the Authenticator App does not sync the newly added accounts with your existing backup. This is a huge oversight as I have fallen in that trap where I downloaded the app on a new phone only for then to lose half the accounts I had before.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Avoid Sign-in prompt on iOS by adding Redirect URI scheme for Apple device in Safe List

    When adding a new Microsoft Exchange account under Settings / Password & Accounts on an Apple iOS device to access O365, after authentication a consent page is displayed (see screenshot). This page is not clear to users, and we have seen cases where the device would be stuck on it (Continue or Cancel wouldn’t work)
    Looking at AAD logs and after opening a case, we found out that this page is displayed because the redirect URI that the iOS device sends back to AAD is not in the “Safe List” (http://, https://, msauth:// (iOS only), msauthv2:// (iOS only)…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Authenticator Backup

    Authenticator backup should allow cloud backup to work or school accounts and allow recovery across devices.

    Presently, I cannot recover my work codes, via my personal account on an iOS device because the backup was originally taken on my Android phone.

    A backup that can't be restored is useless (if it's even that good).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Fix authentication app crashes

    Latest authenticator update for Android broke. Authenticator Appplicaton crashes and restarts endlessly. Drained my battery in under 8 hours. I have had to uninstall it so that my phone will keep working.

    Samsung Galaxy Note 5 (yes it's old but so what)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. For 2 days I have been trying to access my email but your authenticating phone process will not allow me to do so. It allows 2-seconds only

    Can't access my email account because of your 2nd level authenticating process (phone call) happens too fast (2-seconds) then it automatically hangs up on me. I need to change the registered phone number. How can I do that?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. PRT with MFA strong authentication in token on hybrid Aad join/Aad join

    PRT with MFA strong authentication in token on hybrid Aad join/Aad join
    With Aad registered with strong authentication works correctly. User gets one mfa part of registration flow once and will skip mfa challenges even if Aad Ca is set for it. strong authentication .
    With hybrid Aad join there is no strong authentication part of flow. Yes you get a PRT but will not bypass/skip mfa challenges even if Aad Ca is set for it. No strong authentication.
    What I would like is hybrid Aad join to have strong authentication to bypass/skip mfa challenges even if Aad Ca is…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Show log entries for basic attempts once basic authentication is blocked

    As noted in the article
    https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authentication-in-exchange-online

    When it's blocked, Basic authentication in Exchange Online is blocked at the first pre-authentication step (Step 1 in the previous diagrams) before the request reaches Azure Active Directory or the on-premises IdP. The benefit of this approach is brute force or password spray attacks won't reach the IdP (which might trigger account lock-outs due to incorrect login attempts). The issue is that because of where blocked, the normal sign-in logs don't show it - which is good and bad

    It'd be nice to have those attempts still show up in the sign-in attempts log,…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Make refreshing SSO sessions an option

    Currently, an SSO session has a fixed lifetime as configured by the SsoLifetime parameter, i.e., a user logs in, and once [SsoLifetime] minutes have passed, their SSO session ends, even if they were still active until minutes before.
    This is because a new SSO session is only created when an authentciation is performed, but as long as an SSO session is active, (of course) no authentication is performed.

    There are use cases, however, where we want the user to be able to extend their SSO session whenever they are active, provided that their current SSO session is still valid.

    It…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Delete my account on microsoft authenicator

    Hi, I accidentally remove/delete my school on microsoft authenicator, and I can not receive verification code now. What should I due? Everytime I choose to use other selection, it shows send code in my application or send notification in my application. That' s a deadlock.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Include MFA to local AD, in the free version of Azure AD

    I feel that this is something that is sorely missing from windows and a lot of organisations are to small to be able to support the paid Azure subscription required. This feature would also be of huge benefit to education and charities which I also support and would like to tighten up their local security.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Include SSPR Writeback in the free Azure AD Subscription

    Please can you include the SSPR Writeback in the free Azure AD Subscription at least for schools and charities. it would also make sense for a lot of the much smaller buisnesses and organisations.

    this functionality is needed at the moment where most staff are forced to work from home, and some are keeping odd working hours, and ICT support staff are not free to be able to reset passwords may that be the technical staff are at home and personal numbers are not shared etc.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. MAKE THE DO NOT ASK FOR 60 DAYS WORK!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    MAKE THE DO NOT ASK FOR 60 DAYS WORK!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow service principals assigned as Azure Sql server AAD admin to create additional Azure AD sql users

    It appears you cannot create additional Azure Sql database AAD users using a service principal, it must be a user or group.
    This is limiting in Azure DevOps as I would like to use my service connection to use token authentication to provision users for managed identities.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. The "verify another way" is the same cell phone. How do I verify 2 factor authentication when I don't have that cell phone but it wants t

    The "verify another way" is the same cell phone. How do I verify 2 factor authentication when I don't have that cell phone but it wants to send a text or call the lost phone? And there is no way my organization can change that number. And the CCPO organization does not support CVR any longer and AESD-W says they can't help. Help!!!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Sign in to Windows 2016 VM in Azure using Azure Active Directory authentication

    Sign in to Windows 2019 VM in Azure using Azure Active Directory authentication is now in preview.
    https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows.

    Is it possible to release this feature also for Windows Server 2016 Azure VM's?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Browser specific Windows Integrated Authentication (WIA) enforcement

    Users get errors and are blocked from using their mobile devices for Azure Active Directory Authentication when Windows Integrated Authentication is configured for desktop browsers like Google Chrome in Active Directory Federation Services (ADFS).

    ADFS configuration does not allow for configuring specific browsers and OS pairs for Windows Integrated Authentication (WIA) enforcement.

    It would be nice to easily configure this to avoid errors.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Device-based default authentication method

    As an admin I would like to be able to enable or disable the default authentication method on accounts based on the device users are accessing to their accounts from.

    For example, if passwordless sign-in is the default authentication method on accounts, we would like to say if users are accessing from the registered cellphone device where the phone sign-in was enabled on, then ask for a password + MFA and disable failover to passwordless sign-in. That way, if that device was lost or stolen and another person were able to access the device, they will need to have the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base