Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. ¿No lo pueden hacer mas complicado? se requiere un manual para entender la "guia rápida"

    ¿No lo pueden hacer mas complicado? se requiere un manual para entender la "guia rápida"

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enabling Azure AD Authentication for SQL Managed Instance Needs Improvement

    Enabling Azure AD Authentication for SQL Manage Instance requires a Global Admin or Azure AD user with similar elevated privileges to grant read access to to the SQL Managed Instance's Managed Identity. This does not scale well for teams using DevOps deployment methodology who frequently create and destroy resources in a large environment where security standards necessitate the separation of duties. We need a way to enable this which does not require a global admin or creating a microservice to do it.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Dockerize the Microsoft Authentication libraries for Javascript (msal.js) sample applications

    A number of sample applications with the msal.js library could be offered in containers - building the samples for testing on local a machine is messy

    https://github.com/AzureAD/microsoft-authentication-library-for-js

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. allow login with samAccountName not just UPN

    When logging into cloud based apps integrated with Azure AD, instead of limiting the login to only UPN based login, should allow login based on samAccountName. e.g. Ali Smith can login using asmith instead of asmith@domain.com

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support UPN and Mail attributes as logon for home realm discovery

    Support UPN and Mail attributes as logon for home realm discovery.

    In the case that UPN attribute and Mail attributes are different on a tenant allow both these attributes for home realm discovery.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. get a new job

    get a new job

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Company Branding customization should allow removal of GitHub Sign-in option

    Azure AD P1 "Company Branding" should allow an option to remove 'GitHub' from the sign-in page.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. There should be more methods than just text or call verification on Workplace.

    My primary number is from Bangalore and therefore any verification code to get into Workplace comes to this number however when travelling internationally the code still comes only to primary number when it doesn't have international roaming. This means I cant access the Workplace while travelling. Email option will help me better cos of internet on not depending only on a telecom service provider

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Policy setting to enforce client secret expiration on Apps/SPs

    It should be possible to have a policy setting that lets you set a lifetime for client sercrets and certificates for apps and service principals.

    This would mean users will be forced to rotate certificates/secrets.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure AD Authentication for Mobile that can redirect authentication request to different Claim Provider Trust

    Hello,
    We hope that Azure AD Authentication can redirect Mobile device authentication request to different Claim Provider Trust such third party Airwatch Workspace One.

    Regards,
    Jake

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Requested feature for Azure AD Conditional Access policy Third party MDM compliant check

    We would love to have the ability in Azure AD Conditional Access that can allow or block base on different MDM provider as for mobile device compliant check.

    Regards,
    Jake H.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Stop doing this so I can use my email. You are causing major disruptions to my business

    Stop doing this so I can use my email. You are causing major disruptions to my business

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Server authentication

    I would love to be able to fully deploy Azure MFA to all server authentication requests. I just recently rolled out Azure MFA to my remote access VPNs. It would be great if I include more services like server authentication. Currently I am using RSA MFA when logging in to servers, where I am prompted for a passcode after entering my AD credentials. I would love to use Azure MFA in a similar manner, where I can approve the login request through the Authenticator app, or use the passcode generated in the app.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow more than 150 groups to be returned in the SAML assertion

    As part of the SAML assertion of a user we get the groups from the Azure AD. But for some users that are in many groups (> 150) Azure AD does not send the list of groups.
    Please allow either more than 150 groups or enable an easy way to get all groups of a user.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Custom code to extend token / claims

    It would be nice to be able to use code to inject custom field/claims into the token.
    Classic usage would be calling a third party service to inject dynamics field to be used by applications instead of having each application develop this.

    Ideally something similar to Auth0 rules mechanism: https://auth0.com/docs/rules

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support other languages for Azure MFA NPS extension notification (iOS)

    At the moment the MFA notifcation popup shows only in english language on iOS devices.

    As you can see in the attached screenshot the language of the popup is in english even though the language of the iOS device is set to i.e. german.

    Please support other languages for the extension.

    At best the language is tailored to the language which is set on the notified device.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Support other languages for Azure MFA NPS extension notification (iOS)

    At the moment the MFA notifcation popup shows only in english language on iOS devices.

    As you can see in the attached screenshot the language of the popup is in english even though the language of the iOS device is set to i.e. german.

    Please support other languages for the extension.

    At best the language is tailored to the language which is set on the notified device.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Variable password complexity requirements / multiple assignable password complexity policies

    I'd like the ability to configure multiple password complexity requirements / policies, and assign them based on for instance:
    * Azure AD Groups (Ex: All users in a group gets affected, all not assigned to a complexity gets the tenant default complexity)
    * Azure AD Role (Any or specific roles)
    * Subscription role on any of subsbriptions tied to tenant (Ex. User has "owner" on one of the subscriptions)

    This would make sense as regular users should be able to create short, memorable passwords. Admin users on the other hand, should have complex, random generated, long passwords, and use password…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Remove two factor

    It is more of an inconvenience that an asset. It doesn't help me feel my account is secure as I have already felt it was secure by having a password that only I knew. This feature is very frustrating as sometime it does not work and then I am not able to log in to my account to complete my course work or view assignments. People should be asked if they would like to turn this feature on versus being made to do so.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base