Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Bug: Malformed OAuth 2.0 access token response

    Steps to reproduce

    Request an access token by following the instructions at Request an access token.

    Expected

    expires_in is a number, as in the example and RFC 6749:

    "expires_in": 3599,
    

    Actual

    expires_in is a string:

    "expires_in": "3599",
    

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. worst system ever

    worst system ever. this is ridiculous

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. AAD certificate authentication used for smart card

    AAD certificate authentication used for smart card, allow to receive a certificate from AAD to authenticate using smart card or virtual smart card. I know Windows Hello is that but will not work for Windows 7 and will not Work for RDP. smart card or virtual smart card are more usable now, including web authentication via certificate.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Access Panel Extension for Edge Browser

    Edge supports browser extensions now. We should have an Access Panel browser extension for Edge!

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support UPN and Mail attributes as logon for home realm discovery

    Support UPN and Mail attributes as logon for home realm discovery.

    In the case that UPN attribute and Mail attributes are different on a tenant allow both these attributes for home realm discovery.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. azure ad domain services SAM account

    Voor Single Sign On with Azure AD as source for users to Azure AD Domain Services, is it possible to rewrite the SAM account to Azure AD. So the Azure AD joined only devices do not genereate a Netbioname/sam account by login of a user, but get this information from AzureAd as well.
    Now we have issues with AADDS joined servers and application with SSO.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Encrypted private key (PKCS#8) / PFX (PKCS#12) support in az cli for service principals

    As it stands there are a few methods to authenticate service principals with a private key and certificate using PKCS#12 files which are documented below:

    Using PowerShell on Windows - WORKS:

    https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-authenticate-service-principal-powershell

    Using Terraform (azurerm 1.24.0) - WORKS:
    https://www.terraform.io/docs/providers/azurerm/auth/serviceprincipalclient_certificate.html

    What does not work is using az cli with an encrypted RSA private key in either PKCS#8 or PKCS#12 format and az cli is meant to be the strategic cross-platform tool for administering Azure. I have tested the functionality with an Azure Support Engineer who was very helpful with the testing and explained the current position. The az-cli documentation…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. I need help with changing phone number

    I need help with changing phone number from my cell number to my office number.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. text verification code doesn't work when accessing internet from airplane

    text verification code doesn't work when accessing internet from airplane

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Microsoft app registration needs AAD/group ownership

    Currently app registrations created in apps.dev.microsoft.com are owned by a Microsoft account - entirely useless in an organisation. The only way to share ownership of an app registration is to share logon details. Please add the ability to create and manage app registrations amongst other users/groups (preferably AAD, not Microsoft accounts).

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. password

    wish you can add an option to allow a higher character count Password restriction for our firm. Ideally, we would want minimum of 10 characters on the password of users in our domain. We have no on perm AD.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Please document how to perform logout

    AAD documentation is awesome in general. How to authorize the user is documented very well. But there is no documentation at all on how to logout.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Domain auto-complete for single sign on.

    When signing in, please allow the "username hint" to become an actual text, not blank out when someone starts typing.

    i.e. Where someone@consoto.com exists in username hint, remove "someone" add @consoto.com and only require the user to put in their username, NOT the full UPN so "Jon.Doe@consoto.com" is only required to put in "Jon.Doe" and "@consoto.com" is automatically appended.

    For K-12 orgs, the younger students struggle with longer domain names. For SSO applications it alleviates the additional typing to allow the user to sign in. if the user is already being redirected to the company's SSO SAML portal,…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add support for SAMLP extensions in logout requests in ADFS and AAD

    At the current time, logout requests from a relying party that supports the <samlp:Extensions> element in logout requests cause a failure in ADFS and sign-out is not achieved. I do not know if other requests or responses in the SAML protocol are affected.

    At very least, the server should be able to ignore SAML protocol extensions that it does not support. More ideal would be to also have a supported mechanism for extending the functionality of the IdP for extensions not supported out of the box.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Authenticator Backup

    Authenticator backup should allow cloud backup to work or school accounts and allow recovery across devices.

    Presently, I cannot recover my work codes, via my personal account on an iOS device because the backup was originally taken on my Android phone.

    A backup that can't be restored is useless (if it's even that good).

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow service principals assigned as Azure Sql server AAD admin to create additional Azure AD sql users

    It appears you cannot create additional Azure Sql database AAD users using a service principal, it must be a user or group.
    This is limiting in Azure DevOps as I would like to use my service connection to use token authentication to provision users for managed identities.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Integrate Eidas (eu wide government login for eu citizens) into azure ad

    Since eu offers a eu wide login service for almost all eu citizens a better integration with azure ad could make azure ad more easy to use for many people.

    Examples could be

    use eu login additional / instead of mfa
    Onboard new employees by eu login retrieving their base masterdata.
    ....

    https://webgate.ec.europa.eu/cas/login?loginRequestId=ECAS_LR-18107929-Jzq2R5ivb0rSdzHNrcLnURNKXozRgMADBrjg1OjiePJP7gkzWbEE0ZfzKOs8H7fj08brFVNEHmOrxm7zGNYXh9XG-jpJZscgsw0K6XyjCM9qinm-NAMXk3llCCzWtNc4etQOJkJGIVSlzetVJb7gvd7DwBkACF2GWc2T5OwINsBKEWwJk8DCzaTQpEZ4lhtDTxr8VjW

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Request to update the machine learning data per user via Confirmed sign-in Safe

    [Identity Protection]
    Request to update the machine learning data per user via Confirmed sign-in Safe, Customer would like to be able to update the user safe/familiar location data-set to include the new location

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Security Defaults: Verification code from mobile app or hardware token - need to allow

    According to the site, security defaults does not allow "Verification code from mobile app or hardware token".

    Given social engineering - and the limited effectiveness of UAC (people like to click notifications!) - allowing Verification Codes from mobile app or hardware token needs to be allowed as part of the security defaults.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Company Branding customization should allow removal of GitHub Sign-in option

    Azure AD P1 "Company Branding" should allow an option to remove 'GitHub' from the sign-in page.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base