Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. App Reg Grant permissions overwrites the associated service principals oauth2permissiongrants

    When you add permissions to an Azure AD App Reg (for example add the Microsoft Graph->read all users' basic profiles permission) and then click the Grant permissions button, any existing oauth2permissiongrants on the associated service principal will be removed and *only* the permissions added to the App Reg will now be present.

    This is an issue specifically in the case of the new Spfx 1.6 App Reg: SharePoint Online Client Extensibility Web Application Principal.

    The service principal for this App Reg is what is used by the SharePoint Admin (preview) API management screen to add OAuth2PermissionGrants, and also to display…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. User sign-ins to legacy Office client applications and Office applications that support modern authentication: Office 2010, 2013 and 2016 ve

    Pass through Authentication limitation mentioned over https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-current-limitations

    point mentioned is

    User sign-ins to legacy Office client applications and Office applications that support modern authentication: Office 2010, 2013 and 2016 versions.

    Documentation is not clear, Since office 2010 doesn't support modern authentication is this still a limitation any more ?

    i can see in the change log its no more any limitation
    https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/whats-new#pass-through-authentication-supports-legacy-protocols-and-applications

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. 2 Step

    Stop with the phone verification and auto password garbage. I take 8 months off, out of country and the US phone has an issue here so when I finally bother to access my O365, MNP and other accounts, I have some nonsensical lockout. One of them will not be accessible until Oct 4. If we can become partners, and my profile also includes venture capital focusing on wireless chip tech, I think we don't all need to have our security imposed upon us. Better part of a week and one account is still locked. Was a hoot waiting from 1am…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. You could try sending the message before posting that you didn't get a response.

    I've listed my home email because I can't access my sabre mail. I got a message on my phone and acknowledged but got a message that I had not responded. I tried three or four more times but never got another message on the phone.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support authentication from a google chrome extension

    Is it possible to implement authentication flow from a google chrome extension? I am trying to enter the chrome-qualified URL to one of the redirect URLs but it shows error. Can you help?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. how to implement single sign in for outlook, SFB and OFB application.

    how to implement single sign in for outlook, SFB and OFB application.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. REST API common tenant is broken

    Scenario: I have 2 microsoft accounts. A personal account and a school account. The school account login process is 2 stage involving a redirect to a second login page. If an app uses: https://login.microsoftonline.com/common/oauth2/v2.0/authorize, I am supposed to be able to choose an account however, it jumps directly to the second stage of logging into my school account.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. v1 and v2 apps vs app registrations / Enterprise apps

    There are sy different ways to mention application and authentication. I would like see this be consistent from every point of view (developers, GAs, application admins).

    1)Why can some registred apps not be managed from within Azure Portal and do the need to be managed via https://apps.dev.microsoft.com/ ?
    2)Why are these same apps visible via powershell. This almost wants a GA to change it via Powershell. When that happens things can break I understand. At that moment the existing owner might not even see the app anymore in https://apps.dev.microsoft.com/
    3) There should only be one workflow and in that workflow…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. network

    Hi,

    we would appreciate that remote office computers not connected directly to our Active Directory Network but only Internet could create profiles for users that haven't previously connected. These remote office computers are Azure AD hybrid domain joined and the user account have been synchronized to Azure AD. It would ease the user provisionning as it would not require remote computer to be connected through a VPN.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. This is absolutely impossible to use with NO CELL SERVICE!!!!!

    This is absolutely impossible to use with NO CELL SERVICE!!!!!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. We are reachable at our Quicken US support number on a 24×7 basis and 365 days a year

    You can hire third party Quicken tech support companies 24 hours, 7 days, and 365 days a year. They can be accessed from anywhere anytime. You would not have to leave your current place to reach these certified professionals because they will serve you over the phone as per your convenience.

    more info :-
    http://www.quickentechsupport247.com/
    http://www.quickentechsupport247.com/quicken-customer-service.html
    http://www.quickentechsupport247.com/contact.html

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. 2-step authentication locks me out of my account when my phone is not working. How can you fix that?

    2-factor authentication is bogus sinc it does not account for a phone not working

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. This is ********.

    I can't keep running back to my car to get an authentication text on my phone and then running back into work. It should be authenticate one time and done.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Workable SSO integration

    Hi there

    We would really benefit from a Workable SSO integration.
    https://www.workable.com/

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Security Bug: Please Fix Bug Application Delegation Bug Lingering Active Directory Delegation

    If application registration has Active Directory delegation it would NOT remove the Active Directory delegation behind the scenes even after removing all delegations.

    I need to remove all application delegations, Save and then add a new non-active directory delegation and Save again in order to limit who can access the application and/or web service.

    This is a issue as if there is any application that uses OAuth 2.0 and gets a token where the the "audience" | "aud": "00000002-0000-0000-c000-000000000000" it will have access to any application without restrictions of delegation rules if this lingering active directory access is behind the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. password

    The current SSRPT does not give a 3rd option to enter a new password because its expired (90day policy) it currently provides 1. I have forgotten 2. I know my password but i cant login (unlock feature). This is language issue is causing a lot of confusion to our user.

    The site also needs to return a meaningful error msg when the user is unable to reset the password.. not a generic one like whats available today.

    Finally it will be handy to have listed when i last logged in successfully or failed attempt using my password..

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base