Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Policy setting to enforce client secret expiration on Apps/SPs

    It should be possible to have a policy setting that lets you set a lifetime for client sercrets and certificates for apps and service principals.

    This would mean users will be forced to rotate certificates/secrets.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support other languages for Azure MFA NPS extension notification (iOS)

    At the moment the MFA notifcation popup shows only in english language on iOS devices.

    As you can see in the attached screenshot the language of the popup is in english even though the language of the iOS device is set to i.e. german.

    Please support other languages for the extension.

    At best the language is tailored to the language which is set on the notified device.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. service principal

    There is no logs for Service Principal connexion in Azure AD Sign-in.

    If a SP secret is discovered, we can't determine from where and when the connexion has been done to Azure AD.

    Provide logs for service principal connexion to azure (connect-azaccount).

    We also would like to use Conditionnal Access with Service Principal to make restriction based on location like user account.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Have a way to Block Search Engines from finding ADFS Identity sources (IDP) Signon Page

    Have a way to block ADFS IDP Sign-on /adfs/ls/idpinitiatedsignon.aspx from listing on search engine site, thus anyone can access the IDP site if they search for a Companies SSO Site

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Enable application roles for user assigned managed identity

    We use application claims declared in an AAD application registration to enable specific applications access to specific roles in a microservice application model.

    User assigned managed service identity provides a great way to securely assign identity to an application, however currently this is an 'all or nothing' model.

    Enabling use of a custom identity manifest in the same way as enabled for a standard application registration would allow far greater flexibility in defining what access an application would have to another application while maintaining the additional security and ease of use benefits achievable though use of managed service identity.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Troca de senha problema com autenticador

    Mudei minha senha do AD e perdi a sincronia com o autenticador, com refaze-la .

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Why does Microsoft Authenticator App needs access to so much mobile phone data?

    If you want to install the Microsoft Authenticator App for Android (https://play.google.com/store/apps/details?id=com.azure.authenticator), you need to accept the app to acces a lot of data from the mobile phone, i. e. Identity, Contacts, Photos/Files, Camera. For an app that simply makes two-way authentication available, I do not understand (and do not accept) that.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Send a verification code to another e mail account. cell phones don't always work in the real world (as in last night) due to remote locati

    Send a verification code to another e mail account. cell phones don't always work in the real world (as in last night) due to remote locations.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Please add FAQ UPN change is unsupported on device join win10 version less than 1803. we do have plan to back port that feature to RS3/RS2.

    we have several cases, where user change UPN and Hybrid AAD join breaks. they see IsAzureADUser:No and AzureADPrt:No. we can place a note or caution in FAQ UPN change is unsupported on device join win10 version less than 1803 (RS4). we do have plan to back port that feature to RS3/RS2.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. F149045501@taalim.ma

    Oublié mot passe

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. The proposed update to the Office 365 signon is not an improvement

    By removing the box around the Username and Password fields, you've made it less obvious they are fillable fields. I know it's fashionable to hide user interface elements as much as possible, but this is a user-hostile move. It should be immediately obvious which part of the screen is a fillable field, users should not have to hunt for it.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow admins to force the App password to expire after certain number of days

    Currently, the Apps passwords for non web based apps, has no limitation of lifetime. We feel potentially unsafe, in case if that device compromised they can use this credentials. So we require an option to be implemented that should allow and Admins to force the Apps passwords should get expired after certain number of days.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. The confirmation system by text or call is not working

    The system takes way too long to activate and makes it inconvenient to access webmail.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. third party initiated

    Support OpenID Connect third party initiated login, as described here: http://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin.

    Opening on behalf of a customer I just spoke to.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    unplanned  ·  1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. "Guest Users limited permission" setting description is wrong or don't work as expected in AAD Admin Center

    In Azure AD Admin Center, under users and Groups/user settings there is an option to set Guest Users Permissions are limited to YES
    The description says: Yes means that guests do not have permission for certain directory tasks, such as enumerate users, groups or other directory resources, and cannot be assigned to administrative roles in your directory.
    But in fact, you can grant administrative roles to guess if the setting is yes or no. Description should be changed, or you should remove the option to assign administrative role when set to yes

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Block legacy authentication (Clients) via Client app conditions

    Support blocking legacy auth via client conditions.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. "Don't ask me again for 14 days" Azure MFA feature for AD FS 2016

    In Azure AD cloud MFA, once primary authentication has completed, during the second authentication, there is the option to "don't ask me again for 14 days".

    Enable this feature for AD FS 2016 (v4) when the Azure MFA adaptor is configured.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Force Apple to fix Safari certificate auth bug (Support ADFS Device Authentication)

    We really need Microsoft Corp. to fly to Cupertino and slap the guys responsible for the development of the Safari browser on MacOS. :D
    It looks like the people at SAP give up on Apple. This have been an issue for a long time now and we REALLY need a solution for this.

    Another approach would be to built somekind of mechanism / feature into ADFS that would not send a "Certificate Authentication Request" for specific user-agent-string (Read MacOS+ Safari). We have only seen the issue for Safari on MacOS. Other browsers work like a charm.

    The fact that Apple…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. automate authentication fallback from ADFS to password-sync for SSO

    Please add automated authentication fallback for ADFS federated domains to password-sync in case on-premise ADFS services are not reachable/available
    or
    provide way for ADDConnect password-sync enabled domain to use AzureAD as true SSO for on-premise domain joined devices in regards to O365 applications (Exchange, Sharepoint, RichClients)

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Restrict Azure AD user to have 1 concurrent session to Azure portal

    Currently, Azure AD allows concurrent login to Azure portal for the same user from different browser on the same workstation or from same/different browser on different workstations. It is good to have a feature to restrict concurrent login for the Azure portal to 1 for each user. That way at a time only 1 session for the Azure portal is active for the user.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base