Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Encrypted private key (PKCS#8) / PFX (PKCS#12) support in az cli for service principals

    As it stands there are a few methods to authenticate service principals with a private key and certificate using PKCS#12 files which are documented below:

    Using PowerShell on Windows - WORKS:

    https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-authenticate-service-principal-powershell

    Using Terraform (azurerm 1.24.0) - WORKS:
    https://www.terraform.io/docs/providers/azurerm/auth/serviceprincipalclient_certificate.html

    What does not work is using az cli with an encrypted RSA private key in either PKCS#8 or PKCS#12 format and az cli is meant to be the strategic cross-platform tool for administering Azure. I have tested the functionality with an Azure Support Engineer who was very helpful with the testing and explained the current position. The az-cli documentation…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow a device to enroll under more than one organization for password-less phone sign-in

    In regard to password-less phone sign-ins, Azure AD evidently disallows a device to be enrolled with more than one organization.

    Known issue:

    "One of the prerequisites to create this new, strong credential, is that the device where it resides is registered within the Azure AD tenant, to an individual user. Due to device registration restrictions, a device can only be registered in a single tenant. This limit means that only one work or school account in the Microsoft Authenticator app can be enabled for phone sign-in."

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. text verification code doesn't work when accessing internet from airplane

    text verification code doesn't work when accessing internet from airplane

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Microsoft app registration needs AAD/group ownership

    Currently app registrations created in apps.dev.microsoft.com are owned by a Microsoft account - entirely useless in an organisation. The only way to share ownership of an app registration is to share logon details. Please add the ability to create and manage app registrations amongst other users/groups (preferably AAD, not Microsoft accounts).

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. password

    wish you can add an option to allow a higher character count Password restriction for our firm. Ideally, we would want minimum of 10 characters on the password of users in our domain. We have no on perm AD.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Please document how to perform logout

    AAD documentation is awesome in general. How to authorize the user is documented very well. But there is no documentation at all on how to logout.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow service principals assigned as Azure Sql server AAD admin to create additional Azure AD sql users

    It appears you cannot create additional Azure Sql database AAD users using a service principal, it must be a user or group.
    This is limiting in Azure DevOps as I would like to use my service connection to use token authentication to provision users for managed identities.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Integrate Eidas (eu wide government login for eu citizens) into azure ad

    Since eu offers a eu wide login service for almost all eu citizens a better integration with azure ad could make azure ad more easy to use for many people.

    Examples could be

    use eu login additional / instead of mfa
    Onboard new employees by eu login retrieving their base masterdata.
    ....

    https://webgate.ec.europa.eu/cas/login?loginRequestId=ECAS_LR-18107929-Jzq2R5ivb0rSdzHNrcLnURNKXozRgMADBrjg1OjiePJP7gkzWbEE0ZfzKOs8H7fj08brFVNEHmOrxm7zGNYXh9XG-jpJZscgsw0K6XyjCM9qinm-NAMXk3llCCzWtNc4etQOJkJGIVSlzetVJb7gvd7DwBkACF2GWc2T5OwINsBKEWwJk8DCzaTQpEZ4lhtDTxr8VjW

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. AAD - Azure Key Vault integration

    We have a certificate generated by Azure Key Vault and it will auto rotate. and we use the same certificate for the AAD App authentication by uploading the .cer to AAD portal.
    However, once the certificate is auto rotated, the thumbprint will be changed, and the AAD App authentication to AAD will fail because it use the latest version of certificate generated by Azure Key Vault.

    Is it possible to implement a feature rather than upload a cert, just point to the Azure Key vault certificate, once there is a new version generated, AAD should whitelist the new cert version,…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Windows Hello for Business reporting tool

    Please implement the option/tool of having where to check the WHfB enrollment status for users.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Request to update the machine learning data per user via Confirmed sign-in Safe

    [Identity Protection]
    Request to update the machine learning data per user via Confirmed sign-in Safe, Customer would like to be able to update the user safe/familiar location data-set to include the new location

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support UPN and Mail attributes as logon for home realm discovery

    Support UPN and Mail attributes as logon for home realm discovery.

    In the case that UPN attribute and Mail attributes are different on a tenant allow both these attributes for home realm discovery.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support other languages for Azure MFA NPS extension notification (iOS)

    At the moment the MFA notifcation popup shows only in english language on iOS devices.

    As you can see in the attached screenshot the language of the popup is in english even though the language of the iOS device is set to i.e. german.

    Please support other languages for the extension.

    At best the language is tailored to the language which is set on the notified device.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Enable application roles for user assigned managed identity

    We use application claims declared in an AAD application registration to enable specific applications access to specific roles in a microservice application model.

    User assigned managed service identity provides a great way to securely assign identity to an application, however currently this is an 'all or nothing' model.

    Enabling use of a custom identity manifest in the same way as enabled for a standard application registration would allow far greater flexibility in defining what access an application would have to another application while maintaining the additional security and ease of use benefits achievable though use of managed service identity.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. I need help with changing phone number

    I need help with changing phone number from my cell number to my office number.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Troca de senha problema com autenticador

    Mudei minha senha do AD e perdi a sincronia com o autenticador, com refaze-la .

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Why does Microsoft Authenticator App needs access to so much mobile phone data?

    If you want to install the Microsoft Authenticator App for Android (https://play.google.com/store/apps/details?id=com.azure.authenticator), you need to accept the app to acces a lot of data from the mobile phone, i. e. Identity, Contacts, Photos/Files, Camera. For an app that simply makes two-way authentication available, I do not understand (and do not accept) that.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. AAD certificate authentication used for smart card

    AAD certificate authentication used for smart card, allow to receive a certificate from AAD to authenticate using smart card or virtual smart card. I know Windows Hello is that but will not work for Windows 7 and will not Work for RDP. smart card or virtual smart card are more usable now, including web authentication via certificate.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Send a verification code to another e mail account. cell phones don't always work in the real world (as in last night) due to remote locati

    Send a verification code to another e mail account. cell phones don't always work in the real world (as in last night) due to remote locations.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Please add FAQ UPN change is unsupported on device join win10 version less than 1803. we do have plan to back port that feature to RS3/RS2.

    we have several cases, where user change UPN and Hybrid AAD join breaks. they see IsAzureADUser:No and AzureADPrt:No. we can place a note or caution in FAQ UPN change is unsupported on device join win10 version less than 1803 (RS4). we do have plan to back port that feature to RS3/RS2.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base