Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. MSAL: Automatically revoke dynamic consent in a first-party scenario

    I just learned that with MSAL and AAD dynamic user consent isn't ever revoked if not manually. In my understanding this leads to a de facto violation of the least privilege principle, for which dynamic user consent has been introduced. I'll try to explain why.
    I guess some 99.9% of the users don't have a real understanding of what's going on behind the scenes with the auth-n & auth-z mechanisms, and so I guess that hardly anyone would ever go there to actively revoke his or her consent. What I expected was that the consent would be revoked automatically after…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. This thing pops up out of no where and really hard to understand exactly what it is that you want and why it piped up on my phone. I think i

    You should be able to decide yourself if you want this product or not. Don’t just pop it up on everyone’s phone and please explain what the **** your doing instead of just say do it. Very irritating and totally insane and impolight.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. I want to change my mobile number

    I'm unable to login without varificatino and my new mobile number is not updated

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow Azure AD Connect Seamless SSO in 64-bit .NET webbrowser

    I have an embedded webbrowser component in a .NET 4.5.2 WinForms application.
    The OS is Windows 10 64-bit.
    If I build the app in 32-bit, it can successfully perform a seamless single sign-on.
    If I build the app in 64-bit, the seamless single sign-on fails and shows the sign in page.
    I use Azure AD Connect with password hash sync.

    I believe this is caused by the 64-bit process of Internet Explorer not being correctly configured, bit how do I do that?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support HID Crescendo smartcards for Cloud Only Identities

    Request feature to authenticate Azure Active Directory user accounts that are cloud-only identities using HID Crescendo smartcards

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Entering authenticator code after expiration in Outlook web interface never works first time

    When MFA is enabled and you've signed into the Outlook web interface (Office 365), once the MFA approval expires, you're prompted to enter your authenticator code before you can use the site again.

    However, this prompt doesn't work until the page is refreshed. I'm able to enter and submit a code, but nothing happens - there's no error message; it just doesn't work. Once you refresh the page, submitting the code works and you're able to continue using the service.

    This is relatively minor since there's an easy workaround, but it's still annoying.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add an App for Windows...you might talk with the company that makes it.

    Add an App for Windows...you might talk with the company that makes it.

    Guess I will stick with Authy until you support Windows. I have a surface and not having the app makes this worthless to me. I don't alway have my phone or it is dead... kinda defeats the point of the app.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Users should have an option to chose re-send the code again than select other sign on options...

    Re-send option should be available for users than chose other way …..

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Hi the idea seems to be good as per the security term but if there is any network connectivity issue with the mobile number registered there

    There should be an alternate way to get signed in with the mail or there should be any of the option to provide other alternate number in case there is any network issue or the power issue.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. IDEE Authentifizieren.

    Es wäre Sicher, wenn Sie dafür sorgen, dass diese Absicherung auch in dem Konto des Kunden integriert wird. Dieses Konto ist von mir dort schon angemeldet. Über dieses oder vom Original PC könnte ich meine Authentifizierung auslösen. Dazu braucht man( ich) kein Smartphone.
    Ein solches besitze ich nicht. Das was sie hier finden sollten? gehört nicht mir, also ist nicht in meinem Besitz. So, nun ist mein Konto wohl kaputt, nur weil ich einmal eine Sicherungs-Abfrage gewagt habe.
    Pech für mich? Ich hasse diese Meldeanmeldungen. Ich bin ich und ich habe ein Konto und habe eine ID Nummer in meinem…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Regards to phone number

    We are unable to change/reset our own details. While entering our phone number there is no proper instructions such as "the number can not be entered multiple times" or something like that. So that we may not get issues related to OTP.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. add sign-in with other account button to unauthorised message/page

    When access an Azure AD SSO application from a PC registered to another tenant, authentication proceeds using SSO with the account that is signed into the PC. The attached message is displayed, saying the account is not authorised to that application.

    This page should give the option to try to sign-in using a different account, by providing credentials.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. block non-USA logins, foreign IPs are locking out my users.

    block non-USA logins, foreign IPs are locking out my users.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Support POST OpenID Connect authentication requests

    Supporting POST authentication/authorization requests is not mandatory for clients, but would be a nice addition if I wanted to use idtokenhint without being it captured in server logs in the referer header response.

    >Authorization Servers MUST support the use of the HTTP GET and POST methods defined in RFC 2616 [RFC2616] at the Authorization Endpoint. Clients MAY use the HTTP GET or POST methods to send the Authorization Request to the Authorization Server. If using the HTTP GET method, the request parameters are serialized using URI Query String Serialization, per Section 13.1. If using the HTTP POST method,…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. when we are able to login the Microsoft account in mobile phones using bio metric, why can't you provide same bio-metric authentication for

    when we are able to login in the Microsoft Authentication App. using the Microsoft account (xyz@hotmail.com) in mobile phones with bio metric Authentication, why can't you provide same bio-metric authentication for PC signing In. the option using Microsoft account signing In is already available, additional requirement is signing using. Mobile signing In using Microsoft Authentication App. For this additionally you have to provide the mobile Icon in the login Screen in windows 10 OS.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Face id

    Rien avec FaceId, plutôt qu’un système de codes compliqué ? C’est pas très top

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. It’s so new of the products for me to used, it seems have a lot more useful than others normal mails, I will let you know that Soon again.

    It’s so new to me, I don’t even receive the first mail yet, but I will let you all know that later please. Thank you so much to helping me to set it up. I’m sure it very useful mail for me to the futures. Love xoxoxo

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Fix MSAL-Angular library

    Currently, the Angular implementation of the MSAL client library is not synced up with the main branch of MSAL and is broken when using Microsoft Internet Explorer. I hate IE but 70% of our users are stuck on it. PLEASE FIX.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base