Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure AD DS "log on to" user settings

    Can I set up "log on to" user settings in Azure AD DS? We are using Azure AD DS (No on-premise AD DS) to authenticate user login. Not configuring these settings, it is the cause of information leakage. Because any user can log in to anyone's computer using their domain account and access their files and data. I have tried to set up these settings by the user in AAD DC administrators, it is disabled. Because this group hasn't the permission to do that configuration. Is there anything else to solve this issue? Also, we tried that way. Remove the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Implement grant_type=urn:ietf:params:oauth:grant-type:token-exchange as per RFC8693

    This type of oAuth2 flow will enable scenarios when a user already has a valid id or access token obtained by other means and wants to exchange it for access token for another app.
    For instance this can be used in context of K8S pods being provisioned service account token by cluster orchestrator and if cluster is trusted by AAD as identity provider, pods can exchange service account tokens for access tokens for remote API endpoints it may want to connect to.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Auto Generate Sign-in Reports Weekly to Preferred Email

    Customer is requesting a feature to auto generate sign-in event details on a weekly cadence and send said report to the preferred contact method to capture weekly trends of sign-in occurrences for their environment.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for reaching out and sharing your feedback. It would be great if you can share few additional details on your scenarios (scenario you are trying to achieve through weekly reports) to make sure we have a good understanding of your needs.

  4. hybrid joined device user login using azure ad

    allow login to Hybrid Joined Device using Azure AD authentication. when domain in not available.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Tenant Restrictions without Proxy

    Many organisations require tenant restrictions to be in place. This requires use of a proxy. This puts your proxy infrastructure in the dependency chain for access to Office 365 and other services which use AAD. This also means that remote workers still need to use a VPN to reach a proxy to authenticate.

    There should be an alternative method of applying tenant restrictions which is done in the cloud and not dependent on on-prem proxy servers.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Проблемы с входом

    Зарегестрировали учетную запись для школы. Включили двухфакторноую проверку подлинности Microsoft Authenticator. В настройках учетной записи был удален номер телефона и устройство. Теперь при входе в учетную запись не возможно подтвердить личность. Как зайти в свою учетную запись?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Dark mode

    Dark mode for Microsoft Authenticator app please. It’s taking so long

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. no phone

    no phone

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Make it work

    keeps going to download this app why run this system when bugs aren't worked out

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for reaching out and sharing feedback. Please share few additional details on your scenarios (scenario you are trying, error or issue you are running into, repro steps etc.), that will help us to review scenario and provide quick resolution.

  10. Add an option to issue normal access token for users without LastPasswordChangeTimestamp

    Users federated with 3rd party IdP sometimes has no value in LastPasswordChangeTimestamp.
    Users with no timestamp in LastPasswordChangeTimestamp will be issued an access token with Max Age value of 12 hours.

    https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/federated-users-forced-sign-in

    So it would be helpful if there is an option to mark certain users as federated and bypass LastPasswordChangeTimestamp check.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow me to turn off 2 step authenticator for my account only so I can add my new mobile no.

    I lost my mobile phone at the start of lockdown in Ireland. No services were available from my existing supplier virgin so I couldn't get a replacement sim.

    I had to change supplier and number.

    I changed my password to have my emails on my new phone. But now can't login in to my portal or shared drive because the 2 step authenticator is on sending codes to my old mobile number.

    With extra security, allow individuals to turn off 2 step authenticator on their own for a limited time period so that they can get into their account settings…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Customizable OAuth Bearer Token Timeout (by application)

    It would be very helpful to have the ability to adjust the Bearer Token time out by application. This would give us the flexibility to adjust timeouts on a per application basis.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Find another method of MFA other than using personal devices for work purposes.

    Come up with another form of authentication other than expecting people to be happy with work becoming part of their personal space.
    Some people still like to think that their personal space and time is actually theirs.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Help locked out of Facebook

    Please I can’t see well and I accidentally deleted my Facebook account within the app. I have iCloud back up but that didn’t seem to do anything but sync the new version without the Facebook accounts to my other phone.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for reaching out and sharing feedback. Please share few additional details on your scenarios (scenario you are trying, error or issue you are running into, repro steps etc.), that will help us to review scenario and provide quick resolution.

  15. Integration with ASP.Net WebForms (NOT MVC)

    I have seen and implemented many articles on how to do SSO against an MVC app and they work great. I am trying to integrate this into an existing WebForms (Non-MVC) .aspx application and having a login lopping issue.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. If this is correct area; mobile app Authenticator needs better recognizable icon that is noticeably an MS product.

    If this is correct area; mobile app Authenticator needs better recognizable icon that is noticeably an MS product.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Better customisation for claims with Azure AD Policies

    Right now I’m aware I can set SamlClaimType of http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier and this allows me to send a number of attributes in the format of urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

    If I do not set a SamlClaimType then by default is sends a persistent nameId using the nameID format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent. Can we support customisation to this like what can be done in the portal? In the portal I can set persistent to send the users ObjectId and a few other options, however I don’t see any documentation on how I can do this in a policy.

    Also support for the other two formats should be…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. mag reign kayo lahat

    mag reign kayo lahat

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. putang ina nyo, delayed ang verification code ng 15 min

    putang ina nyo talaga, san nakakintindi kayo ng Pilipino, mga bwiset!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Were having issues with users not realizing the 2 factor option "click here to not be asked for 30 days" expiring and userse not realizing.

    When the 2 factor option for "Click here to not be bothered for 30days" expires it doesn't really prompt you very clearly that you need to sign back in. It's just a small icon on outlook. If you're busy or doing other things you don't notice.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base