Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Authenticator app - Requests from multiple accounts

    Authenticator app: Since the app handles multiple accounts (including my kids) it would be practical if there where some info (in the request) over what account that generated the authentication request ... as of now I sometimes do not know who wants access and if it’s valid or a spoofing attempt..

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Do not verify identity when afk

    I'm in my couch, watching TV and suddenly Microsoft Authenticator pops up on my phone. "No, I did not request this".

    Turns out I had my browser up and running on my computer. And as it happens O365 needed to re-authenticate me (I guess 14 days passed since last time).

    There was no context provided in the microsoft authenticator app. It just looked very weird.

    Could you guys:
    a) don't verify a user that is not currently accessing the web page in question actively (I had been afk for an hour or so I think)
    b) provide some content in…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. 无法下载Microsoft Authenticator

    Microsoft Authenticator无法下载

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Request to update the machine learning data per user via Confirmed sign-in Safe

    [Identity Protection]
    Request to update the machine learning data per user via Confirmed sign-in Safe, Customer would like to be able to update the user safe/familiar location data-set to include the new location

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Please make error message more meaningful

    Please make the error messages more meaningful.

    I was doing an Azure AD SAML enterprise application connection and got the message "Message: AADSTS7500525: There was an XML error in the SAML message at line 2, position 498. Verify that the XML content of the SAML messages conforms to the SAML protocol specifications". In fact, it turned out to be the Isuer that was missing.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Christopher caudill

    I have problems seeing over the last three years because of my brain damage my email accounts have been hacked stolen all my personal information pictures id and much more goldjudgelover1@gmail.com has been stolen gold judgelover 0 though 3 has always been my address but every thing has been stolen I use text typing to Communicate I have a very serious and hard problem trying to see words I’m practically blind I hope and wish somebody could help track down these websites my name is Christopher august Caudill please can you help me Retrieve my life back from them stealing…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. We would like to use PowerShell (AzureAD) to expose the expiration dates of SSO SAML certs? I would identify apps with expiring certs so th

    As we use Azure Ad Enterprise application to onboard cloud/SaaS application for Single Sign-On with SAML. Generally SAML certificate for each application is expired after certain period of time, So, we would like to use PowerShell (AzureAD) to expose the expiration dates of SSO SAML certs? I would identify apps with expiring certs so they can be renewed in a timely fashion. Or is there a report or something else in Azure that can be run to expose this?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Coordination between Azure AD qualification and Azure AD domain services

    I am successfully using the beta Azure AD qualification to connect to an Azure Virtual Machine. This results in registered users, who are also using the M365 product, being able to log into the Virtual Machine. Although they can log in, this causes problems with RDS licensing - which is the only way to use the Azure product! To use the VM users must have RDS CAL licenses and I have provisioned accordingly. Unfortunately, the beta AD qualification does not result in a Virtual Machine that is formally "domain joined" - it is only quasi joined. As such, per licensing…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Microsoft Authenticator app iOS

    I was wondering when will we see a overhaul of the app on iOS? It is so outdated compared to the Android version. It even looks like an outdated Android port on iOS. Hope a new a version with a new look comes soon. The Android app gets more love than the iOS version.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure AD Sign-Ins should be available in non-AAD-Premium subscriptions

    Customers not on AAD Premium P1 or P2 (i.e. Office 365 apps edition, Free edition), are unable to gain visibility into whether or not they have clients using legacy authentication. This is unfair, especially when you are now pushing the blocking of legacy authentication so hard.

    The "Sign-Ins" feature should be included with all editions. This is currently setup as a sales trap.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Get consolidate report of Federation Certificates issued to Enterprise Application in Azure AD.

    Right now we are able to get report of Federation Certificates. But we are unable to retrieve the notification email address.

    As we have now have feature to add additional email address to the Certificate expiry notification, retrieve and updating this email address should be available from PowerShell.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Stop using the MFA

    This is a truly terrible incarnation of 2FA. I have used Google's and Apple's and the is truly rubbish. Its the norm to have to ask for authentication multiple times, it does not recognised I have approved it, or the option to approve does not appear on the phone.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Make the OIDC Front-Channel Logout feature adhere to spec

    Azure AD supports OpenID Connect Front-Channel Logout (not really apparent from the documentation, but it appears to be what the configured Logout URL of a registered app is used for). It however appears to always send a "sid" parameter (which it may) but without sending an "iss" parameter (which the specification states is required if the "sid" parameter is included).

    The reason why the "iss" must be included is that the "sid" is only guaranteed to be unique in the context of a particular issuer.

    From the spec (https://openid.net/specs/openid-connect-frontchannel-1_0.html#RPLogout):
    The OP MAY add these query parameters when rendering…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Security Defaults: Verification code from mobile app or hardware token - need to allow

    According to the site, security defaults does not allow "Verification code from mobile app or hardware token".

    Given social engineering - and the limited effectiveness of UAC (people like to click notifications!) - allowing Verification Codes from mobile app or hardware token needs to be allowed as part of the security defaults.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. An unexpected error has occurred - Security Info

    trying to add the authenticator app as one of my security verification methods but when I click on the Security Info tab in my signing, it buffers for a little while and then shows - an unexpected error has occured.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base