Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow for customized error messages in Azure AD Conditional Access policies

    Allow for an administrator to create customized error messages to replace the generic AAD conditional access "you do not meet the criteria." For example, if I have a conditional access policy that blocks access for Windows devices based on a specific criteria, I could display a custom error message that would offer links to support sites, or IT support #. In addition, allow for multiple custom error messages to be defined, and linked to specific policies that block access. For example, we could display a different error message on PC, iOS, or Android devices that are blocked via a conditional…

    486 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    40 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow blocking "Sign-ins from anonymous IP addresses"

    I would like to be able to block ALL sign-ins from anonymous IP addresses.

    312 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    54 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Change tracking for Conditional Access Policies

    Support some kind of change tracking or auditing in regards to changes made for Conditional Access Policies?

    244 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    31 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support conditional access for MyApps.microsoft.com

    We need myapps.microsoft.com (Access Panel) to support conditional access. Currently it is a quit bad user experience when accepting an Azure B2B invite in a tenant that have implemented Azure Conditional Access that does not have the option to exclude "myapps.microsoft.com (Access Panel)"

    @Adam Steenwyk

    204 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  32 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support for 3rd party EMM solutions when requiring device compliance

    We use Airwatch for managing mobile devices. We want to use conditional access policies to ensure the device has been marked as compliant by Airwatch before allowing access to certain applications.

    Currently Azure AD Conditional Access Policies only supports InTune for checking device compliance as described @ https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-policy-connected-applications#trusted-devices. This should be extended to support 3rd party EMM solutions.

    183 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    36 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for your feedback. Microsoft is currently working with third party MDM providers to enable this scenario. We will update this thread once we have more information to share.

  6. Conditional Access blocking Office Activation and signin.

    When the Conditional Access Policy is configured with All cloud Apps option, Office activation is also blocked, although there isn´t any cloud app dedicated for Office activation exclusion. Please create one dedicated cloud app for Office activation.

    181 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  14 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Option to enforce authentication every time you access a SSO app (e.g. SaaS app)

    Add a option to enforce authentication every time you access a SSO app (e.g. SaaS):
    - Option could be possible per app
    - Option could be 1) re-enter password (ignore SSO) 2) guaranteed MFA prompt (ignore MFA token)

    Use case:
    Shared PCs, Personal Logins, SaaS App has sensitive payroll data, Concern: People don't log off -> anyone can walk to the PC and get into SaaS app via SSO. As of now even MFA doesn't help due to MFA token or Windows Hello strong auth. You could only play with token life-time.

    180 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    26 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Restricting Access Of Azure Service Principals – Using Conditional Access

    If anyone has the below information, can connect to Azure from any network and issue Azure PS commands.
    <#
    Display Name : MS-PoC-ServicePrincipal
    APP ID : XXXXXXXXXXXX
    Tenant ID : YYYYYYYYYYY
    Object ID : ZZZZZZZZZZZZZ
    Key : oooooooooo
    MS Link
    https://github.com/squillace/staging/blob/master/articles/resource-group-authenticate-service-principal.md

    >

    Best possible scenario is to restrict is using RBAC. Agreed.
    An extra layer of conditional access to the Azure Service Principal would be good. This security flaw can compromise the AAD data, since most of the Service Principals have OAuth2 enabled and Read access to AAD.
    Can MS look into this please.
    I had raised case with MS…

    117 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. to introduces priorities for Azure AD Conditional Access policies

    Hello all,

    can you please introduce the possibility to set priorities for Conditional Access policies.

    In complex environments (with different CA policies for different use cases) it's very hard to create CA polices without any open doors. Therefore it would be fantastic if you can create a catch all CA policy and allow selective one service after another (like on a firewall).

    Many Thanks

    88 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add Microsoft Authenticator to Approved Client App

    Currently the "Require approved client app" list of apps does not include the Microsoft Authenticator app, thus preventing adoption of cool features such as 'passwordless sign-in' which is apparently signing in as the user and therefore getting blocked.

    84 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. 84 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add support for User-Agent Client Hints

    User-Agent string is being retrieved as part of Azure\o365 audit log. The User-Agent is being used by security tools.

    Google is planning to deprecate the User-Agent string in their Chromium engine (will affect Chrome, Edge and any app or browser that users Chromium). more info can be found here: https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/-2JIRNMWJ7s/yHe4tQNLCgAJ. the current timeline is mid of 2020. Instead of the User-Agent string, they plan to add the User-Agent Client Hints as described here: https://wicg.github.io/ua-client-hints/

    Need to have the new User-Agent information available in the audit log and the APIs.

    83 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Provide "Conditional Access" on a SharePoint Online Site Collection Level

    It would be great, if any future "Conditional Access" provided for SharePoint Online could be done on a per. Site Collection Level.

    Talk to the SharePoint Online team regarding this

    73 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  5 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. 62 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  7 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Abilty to sort Conditional Access Policies alphabetically

    It would be usefull to be able to sort Conditional Access Policies alphabetically.

    So, for example if the naming conventon starts with ALLOW: or BLOCK: then when you create new ones and sort alphabetically they will all be in the right order. Right now they are listed in the order of creation.

    60 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  9 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add Microsoft Intune Company Portal to Cloud apps list in Conditional Access policies

    Add Microsoft Intune Company Portal to Cloud apps list in Conditional Access policies

    58 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  12 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. 49 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  9 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow the possibility to assign Dynamics Device Groups to Conditional Access policies

    I'd like to enforce enrollment for Corporate devices but not for Personal devices; for the same user account. So I can create Dynamics Device Groups but I if I assign these groups to Conditional Access policies, it doesn't work.

    44 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  5 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support comments/description for Conditional Access policies

    Support comments/description for Conditional Access policies

    42 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  3 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add the option to block only one drive and not the hole sharepoint

    Many large organizations that move to Office 365 have the need to block One Drive for certain users, but leave them the ability to use Sharepoint Online. After opening a support case, the responce was that it is currently not supported and the only option is to block both One Drive and Sharepoint Online.

    39 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  5 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 11 12
  • Don't see your idea?

Feedback and Knowledge Base