Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Please document how to perform logout

    AAD documentation is awesome in general. How to authorize the user is documented very well. But there is no documentation at all on how to logout.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Request to update the machine learning data per user via Confirmed sign-in Safe

    [Identity Protection]
    Request to update the machine learning data per user via Confirmed sign-in Safe, Customer would like to be able to update the user safe/familiar location data-set to include the new location

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support UPN and Mail attributes as logon for home realm discovery

    Support UPN and Mail attributes as logon for home realm discovery.

    In the case that UPN attribute and Mail attributes are different on a tenant allow both these attributes for home realm discovery.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Direct federation with OpenID Connect IdPs

    At this time, direct federation in preview can be set up with any organization whose identity provider (IdP) that supports the SAML 2.0 or WS-Fed protocol. Please extend this to OpenID Connect IdPs.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Enable application roles for user assigned managed identity

    We use application claims declared in an AAD application registration to enable specific applications access to specific roles in a microservice application model.

    User assigned managed service identity provides a great way to securely assign identity to an application, however currently this is an 'all or nothing' model.

    Enabling use of a custom identity manifest in the same way as enabled for a standard application registration would allow far greater flexibility in defining what access an application would have to another application while maintaining the additional security and ease of use benefits achievable though use of managed service identity.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. I need help with changing phone number

    I need help with changing phone number from my cell number to my office number.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Troca de senha problema com autenticador

    Mudei minha senha do AD e perdi a sincronia com o autenticador, com refaze-la .

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Why does Microsoft Authenticator App needs access to so much mobile phone data?

    If you want to install the Microsoft Authenticator App for Android (https://play.google.com/store/apps/details?id=com.azure.authenticator), you need to accept the app to acces a lot of data from the mobile phone, i. e. Identity, Contacts, Photos/Files, Camera. For an app that simply makes two-way authentication available, I do not understand (and do not accept) that.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. AAD certificate authentication used for smart card

    AAD certificate authentication used for smart card, allow to receive a certificate from AAD to authenticate using smart card or virtual smart card. I know Windows Hello is that but will not work for Windows 7 and will not Work for RDP. smart card or virtual smart card are more usable now, including web authentication via certificate.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Send a verification code to another e mail account. cell phones don't always work in the real world (as in last night) due to remote locati

    Send a verification code to another e mail account. cell phones don't always work in the real world (as in last night) due to remote locations.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Please add FAQ UPN change is unsupported on device join win10 version less than 1803. we do have plan to back port that feature to RS3/RS2.

    we have several cases, where user change UPN and Hybrid AAD join breaks. they see IsAzureADUser:No and AzureADPrt:No. we can place a note or caution in FAQ UPN change is unsupported on device join win10 version less than 1803 (RS4). we do have plan to back port that feature to RS3/RS2.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. The proposed update to the Office 365 signon is not an improvement

    By removing the box around the Username and Password fields, you've made it less obvious they are fillable fields. I know it's fashionable to hide user interface elements as much as possible, but this is a user-hostile move. It should be immediately obvious which part of the screen is a fillable field, users should not have to hunt for it.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. The confirmation system by text or call is not working

    The system takes way too long to activate and makes it inconvenient to access webmail.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. third party initiated

    Support OpenID Connect third party initiated login, as described here: http://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin.

    Opening on behalf of a customer I just spoke to.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    unplanned  ·  1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. "Guest Users limited permission" setting description is wrong or don't work as expected in AAD Admin Center

    In Azure AD Admin Center, under users and Groups/user settings there is an option to set Guest Users Permissions are limited to YES
    The description says: Yes means that guests do not have permission for certain directory tasks, such as enumerate users, groups or other directory resources, and cannot be assigned to administrative roles in your directory.
    But in fact, you can grant administrative roles to guess if the setting is yes or no. Description should be changed, or you should remove the option to assign administrative role when set to yes

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Block legacy authentication (Clients) via Client app conditions

    Support blocking legacy auth via client conditions.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. "Don't ask me again for 14 days" Azure MFA feature for AD FS 2016

    In Azure AD cloud MFA, once primary authentication has completed, during the second authentication, there is the option to "don't ask me again for 14 days".

    Enable this feature for AD FS 2016 (v4) when the Azure MFA adaptor is configured.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Force Apple to fix Safari certificate auth bug (Support ADFS Device Authentication)

    We really need Microsoft Corp. to fly to Cupertino and slap the guys responsible for the development of the Safari browser on MacOS. :D
    It looks like the people at SAP give up on Apple. This have been an issue for a long time now and we REALLY need a solution for this.

    Another approach would be to built somekind of mechanism / feature into ADFS that would not send a "Certificate Authentication Request" for specific user-agent-string (Read MacOS+ Safari). We have only seen the issue for Safari on MacOS. Other browsers work like a charm.

    The fact that Apple…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Windows Hello for Business reporting tool

    Please implement the option/tool of having where to check the WHfB enrollment status for users.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add EventLog for login attempt using only blacklisted keyword

    Password blacklists will prevent someone from using an easy password containing exclusively blacklisted keywords. But if I want to catch bad guys on my network, I want to see when someone is trying Company123 or Winter2020 for several different users. This is password spraying.

    If we can add this short list of commonly guessed passwords to the password blacklist, I would then like to have an event logged when someone attempts to use one of them. If we see many of those events in a short period, the security team will need to investigate.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base