Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. How about having it work with your pc sign in windows 10

    When you sign in to yourcaccount on your laptop or desktop having to enter pasword plus code generated by the moble applacation

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Create an ADAL client library for the R language

    Create an ADAL client library for the R language

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow Pass Phrases

    Why are we limited to using 16 character passwords, and passwords without spaces in them? This makes it so the best passwords, pass phrases, aren't available in Office 365 accounts (as well as Outlook.com accounts, etc). I use 40+ character passwords that would take centuries to hack, but I can't use them in Office 365. Please fix this - if it's an application limitation, fix that application, but allow pass phrases across all of Office 365.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support for non-Microsoft Authenticator

    We have implemented a full Office 365 solution but are finding the lack of authenticator support very disappointing.

    We have for a long time been using Google's authenticator as well as Authy. Being forced to use your Authenticator is quite annoying and there needs to be an option to use 3rd party authenticators since your app simply is not up to code compared to other products out there.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Logout from Authenticator App

    Usually I use Microsoft Authenticator app for signing into my Outlook account (so NO password required).
    It would be great if we can logout from Authenticator app itself. So its like we can login phone and logout from the phone itself. It gives a user better control.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. AD Connect 654/ADFS Service Account bug?

    When setting up 2nd (for Staging) AD Connect 1.1.654.0 at customer, setup deadlocks at "AD FS Service Account" pane. Customer has ADFS deployed, and successfully deploy first AD Connect server (older version, later upgraded to 654). Now wants to install 2nd one, gets to screen to pick AD FS Service Account, but DOMAIN USERNAME is prefilled with the UPN of the account used. Can't authenticate now, because field expects DOMAIN\USERNAME format entry. Unfortunately, editing is disabled for this field, so can't continue installation. Customer installed 649 now (doesn't have this issue), then upgraded to 654.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable controlling Legacy Activation Client by Conditional Access on Azure AD.

    Enable controlling Legacy Activation Client by Conditional Access on Azure AD.
    (Azure AD の条件付きアクセスにおいて、先進認証に対応していないレガシー認証クライアントへの対応)

    As a major way to control is using AD FS claim rules at present.
    Furthermore, it would be great if the feature will able to control "Legacy Activation Client" especially for the users not compatible with modern authentication even from Azure Management Portal.
    I believe this implementation will help the user to reduce the time and effort for to doing the management operation.

    Thank you for your consideration.

    (in Japanese)
    AD FS のクレームルールによる制御が一般的であるが、Azure 管理ポータル上でも、レガシー認証クライアントへの制御が行えるよう機能の追加を希望します。
    この背景としては、利用者の管理負荷軽減を目的としています。

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    need-feedback  ·  2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. After logout user not redirected to application when using Microsoft private account for logging in

    We have an application that uses Microsoft private account configured as IDP. But when users logout they are not redirected to the application, thought the logout url is configured properly. This does not happen when we use Azure Active directory. Happens only when private accounts are used for logging in.

    Test app url https://domsch.com/dib/dev.

    Click login, -> Click Azure AAD button - > Login with microsoft private email . Once logged in click logout. We will see that the user is not redirected back to the application and when the application is accessed again the user is still logged…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Standalone OAuth2 + non WebApp + No UserInteraction + Redirect always failing - How to get Auth Code ?

    I have created a dummy Outlook mail account :
    Username: arnab30dutta@outlook.com
    Password: wiproinfotechbt012
    Also registered my headless standalone Java App at https://apps.dev.microsoft.com/#/application/524f2f35-30ca-4497-9a58-654e431858ef (I dont require Spring Model Or View, + all necessary consents allowed) using above same user/password

    SpringBootMailRESTApiApp

    Application Id 7a1fff16-ef39-4299-a6b9-50d2b37924e4
    Pass 8wLwBic9Hxwj9f9e5hkjq9n
    RedirectcURI https://USHYDARNDUTTA2.us.deloitte.com:8080/signin-microsoft

    Following URL When Tested with RestClient Firefox addon works fine:

    https://login.live.com/oauth20authorize.srf?clientid=524f2f35-30ca-4497-9a58-654e431858ef&scope=openid+offlineaccess+profile+User.Read+Mail.Read+Calendars.Read+Contacts.Read&redirecturi=http%3a%2f%2flocalhost%3a8080%2fauthorize.html&responsetype=code+idtoken&state=717b3297-2692-4a3a-a22c-ade52010e24b&responsemode=formpost&nonce=adc6829c-c4c3-4895-818a-99e5f9574381&display=popup&uaid=94f304002ecd487cb72a708b8d14fb52&msproxy=1&issuer=mso&tenant=common&uilocales=en-US&loginhint=arnab30dutta%40outlook.com

    But same don't work when hit from Spring Boot App.
    Redirect URI never receives any response.

    Code Attatched

    Plz Plz Plz provide solution of - How to get the Authorization Code ?

    "I…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. WHR Parameter: Make Azure AD recognise a tenant "SAML Entity ID" in whr

    The change I'm suggesting is to make AzureAD recognise a tenant's "SAML Entity ID" as a valid value for whr, in addition to the list of registered domains.

    Reason:
    When authenticating to a third party with AzureAD as the identity provider we provide them a SAML Entity ID of: https://sts.windows.net/{tenant-guid}/

    The third party is using AD FS. To avoid their home realm discovery page we can specify whr=https://sts.windows.net/{tenant-guid}/ in the URL we use.

    The third party then redirects back to https://login.microsoftonline.com/{tenant-guid}/wsfed?wa=wsignin1.0&wtrealm=....&whr=https://sts.windows.net/{tenant-guid}/

    The problem is our users who are already logged in to AzureAD are asked to start the login…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. SVG Login Buttons

    Branding guidelines are available which offer up login buttons to be used in web applications that use Azure AD for authentication. The branding guidelines are here:

    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-branding-guidelines

    The buttons on that page are PNGs. It would be good to publish SVG versions of these buttons, as many web apps incorporate SVGs rather than binary files served up statically.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Custom Attribute for Cloud Only users

    Recently had an issue where I was populating Exchange Online Cloud Only user mailboxes customattribute1. I wanted to leverage that field to pass that customattribute value to a SaaS provider which had a requirement for a unique id. There is not field to enter a unique id in Azure AD. My request would be to allow the ability to have a custom attribute field that is not dependent on Exchange Online, since it has been found via support that the Exchange Online team, by design, does not pass those values for Cloud Only users.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. automate authentication fallback from ADFS to password-sync for SSO

    Please add automated authentication fallback for ADFS federated domains to password-sync in case on-premise ADFS services are not reachable/available
    or
    provide way for ADDConnect password-sync enabled domain to use AzureAD as true SSO for on-premise domain joined devices in regards to O365 applications (Exchange, Sharepoint, RichClients)

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support certificate authentication in MyApps for iOS

    I would like to be able to log into MyApps using ADFS and Certificate authentication. I can log into Safari using Certificates, but I can not use the native MyApps application on iOS.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. branding

    Our company would like to remove the "No account? Create one!", "Can't access your account?", "Sign-in options", and "Forgot my password" links from our branded Azure sign-ins.

    Each of the links creates confusion for our user population. For example, people believe they can create their own company account by following the "No account? Create one!" link. We provision accounts for our users, so don't want them to see such an option.

    The "Forgot my password" link -- which shows on the second "page" of the Azure sign-in after a person has typed their username -- is a similar story. Our…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. SAML token. Login ID look up in Claim management - source attribute.

    With the new option to sign-in to Azure AD with email as an alternate login ID (preview), it would be great to have access to the login ID in the source attribute when adding a new claim. It may be useful to able to pass the login ID in a SAML claim when it's different from user.email and UPN, especially if an account has multiple ProxyAddresses that can be used as login ID.
    Dynamic source attribute and an attribute lookup function in the transformation would be handy as well.
    Thank you.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Update the combined MFA/SSPR Registration's to not be dependent on 3rd-party cookies

    Apple has enabled Prevent Cross-site Tracking by default in iOS 13.4. As noted in the article, users get a "Sorry, we can't sign you in" message when 3rd-party cookies are blocked. As a result, MFA/SSPR Registration is broken by default on iOS 13.4. A manual intervention is now required to allow 3rd-party cookies because the setting cannot be managed on a supervised device. Apple has provided prescriptive direction on how update apps. Please update the combined MFA/SSPR Registration's to not be dependent on 3rd-party cookies.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Please make error message more meaningful

    Please make the error messages more meaningful.

    I was doing an Azure AD SAML enterprise application connection and got the message "Message: AADSTS7500525: There was an XML error in the SAML message at line 2, position 498. Verify that the XML content of the SAML messages conforms to the SAML protocol specifications". In fact, it turned out to be the Isuer that was missing.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. We would like to use PowerShell (AzureAD) to expose the expiration dates of SSO SAML certs? I would identify apps with expiring certs so th

    As we use Azure Ad Enterprise application to onboard cloud/SaaS application for Single Sign-On with SAML. Generally SAML certificate for each application is expired after certain period of time, So, we would like to use PowerShell (AzureAD) to expose the expiration dates of SSO SAML certs? I would identify apps with expiring certs so they can be renewed in a timely fashion. Or is there a report or something else in Azure that can be run to expose this?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Make the OIDC Front-Channel Logout feature adhere to spec

    Azure AD supports OpenID Connect Front-Channel Logout (not really apparent from the documentation, but it appears to be what the configured Logout URL of a registered app is used for). It however appears to always send a "sid" parameter (which it may) but without sending an "iss" parameter (which the specification states is required if the "sid" parameter is included).

    The reason why the "iss" must be included is that the "sid" is only guaranteed to be unique in the context of a particular issuer.

    From the spec (https://openid.net/specs/openid-connect-frontchannel-1_0.html#RPLogout):
    The OP MAY add these query parameters when rendering…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
1 2 5 7 9 22 23
  • Don't see your idea?

Feedback and Knowledge Base