Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure AD Conditional Access - Option to exclude all the guest and external users from the policy

    We are able to see there is an option to exclude the guest and external user from the conditional policy but it is in preview state. Since it is in preview, we can't use it in production environment. So request you to let know the release date for this feature.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Documentation about Conditional Access Policy Limits

    Currently, there is no documentation stating there is a silent limit of 100 Conditional Access policies that can be queried. This is causing frustration and unnecessary man-hours for customers to understand why their policies aren't evaluating even though they are passing the "What-If" query. My understanding is that limit is currently 100 and is being raised to 195 with code put in to limit the customers' abilities to create more than 195 conditional access policies so this issue does not occur. We would like to recommend that this limitation be added to customer facing documentation regarding Conditional Access policies in…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide Emergency GA account excluded from all CA policies and keep it disabled

    Provide Emergency GA account excluded from all CA policies and keep it disabled with Data protection Team to validate and enable it (ie. for 24 hours). it can be kept disabled again post X (ie. 24) hours.. Currently base line policy doesn't allow exclusion. If we are in locked out situation. go to some website or reach DP team to enable that GA account to unlock overselves or at least CA administrator level permission to disable CA policies.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow mobile device users to choose any browser for web apps which do not need Intune App Protections

    We require that users of mobile devices can choose to use whatever browser they want for personal use or web apps that do not specifically need Intune App Protections applied.

    We previously tried to enforce the use of Edge as the default browser for link handling from the Outlook app. However this was met by a strong push back from users.

    Therefore, through the use of Conditional Access we took the decision to only enforce the user of Edge for Exchange and SharePoint web browsing. However, due to this identified issue with SharePoint link handling, we currently has no plans…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. PowerShell AAD Conditional Access Block Logon (Outside US) Exclusion by user for only a date range

    A PS Azure command that allows you to add a user to the exclusion list for Conditional Access (Like a policy to block logins from outside the US) for a given date range. In short to allow a user who is travelling over seas to access Office 365 for only the date range they are away for.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. conditional access custom controls to integrate 3rd party MDMs

    Currently it is difficult to integrate secure mobile devices from other MDMs in O365 Security, specifically into Cond. Access. Would it be possible to user a similar concept for 3rd party MDMs as CA custom controls already today provide for 3rd party MFAs?
    I cannot demand every user that needs access to my SPO or ODfB to enroll into Intune, especially in the case where users from partners already enrolled their device in this partner's MDM.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable browser restriction in Conditional Access rules

    Currently there is only an option to include or exclude "browser". We need the ability to specify which browsers are allowed or blocked. For example, select Browser, and add sub-options to specify a specific Browser or ever higher or lower version number. Some apps only work properly on Chrome or Firefox. It would be great to specify the exact browser that is permitted, and all others blocked (or permitted).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Include Conditional Access in Microsoft 365 Business

    Include Conditional Access for Microsoft 365 Business customers without Azure Premium subscriptions.

    Right now, a lot of the compliance features that comes with the intune in M365 Business are useless because they cannot be enforced via Conditional Access, because CA is not included in the business edition of Microsoft 365.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Conditional Access for enrolled devices

    Provide a criterion of "Is managed by MDM". Currently the only option is to select whether a device is compliant or not. But a device may be enrolled and not compliant. It may be not compliant in a minor way, in which case you would continue to allow access while it is fixed.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow Phone sign in (preview) for Conditional Access (requireMFA)

    As the title says. For now it only works if MFA es enabled for O365

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow fine grained control over storage and containers with AAD users

    Azure Storage allows fine grained controls via sas tokens; however, this should also be available for AAD Users.

    In addition:
    * Allow read metadata but not file data
    * Allow write but not overwrite

    This would better suit blob drop scenarios where a service is responsible for writing data but cannot overwrite data once the file is present.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. conditional access device state include: only "all device states" available

    In conditional access rules in the device state part, you can only include all device states. We need to have the possibility to select the different device states: 1. hybrid azure ad 2. conform, 3. Not hybrid azure ad and not conform.

    Background:
    1. For Hybrid Azure AD devices, we want to allow Browser Access to all Office 365 Services.
    2. For not Hybrid Azure AD devices, we want to allow Browser Access only to Exchange Online.
    When we have These two rules and a not Hybrid Azure AD devices is using a browser to acces outlook.office.com (Exchange Online), this…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. allow conditional access "what if" tool to work with guest accounts and groups

    Allow for the "what if" tool to provide feedback on guest accounts. We are looking to enforce terms of use and MFA for guest accounts and currently you can only run the what if tool on members in the domain. It would also be nice if we could run the what-if tool on groups, such as a dynamic group that contains all guest users.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Improve administrator prompting for AAD CA Terms of use- accept on all devices

    I believe it should be made a little more clear that when you select the new AAD CA terms of service option, "require users to consent on all devices," requires that all devices be managed in the domain. I actually opened a case on this feature and even the AAD premier techs were not aware that this new feature required devices to be managed and compliant in intune. Also, the "what-if" should take this into consideration and list that devices won't be able to accept the terms of use if they are not managed in the domain.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add Microsoft Azure Signup Portal as an app

    Please add the possibility to block the app:

    Microsoft Azure Signup Portal
    8e0e8db5-b713-4e91-98e6-470fed0aa4c2

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. don't show CA policy that do not apply to user in Aad sign-in log.

    don't show CA policy that do not apply to user in Aad sign-in log.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. block or allow portal.office.com separately from the other applications in Conditional access

    block or allow portal.office.com separately from the other applications in Conditional access.

    Since I have about 300 apps, it's hard to select each one so users can login to portal.office.com.

    I would like to have the possibility in selecting All apps and exclude portal.office.com.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. 'What if' tool - ability to see how disabled policies affect users

    The 'what if' tool currently shows how policies will affect a user in a given situation, but only for enabled policies.
    I suggest that the tool should also show policies that WOULD affect the user, IF they were active. Currently all disabled policies just get added to the list of policies that will not apply.
    This would help when testing new policies, to get a view of the impact before actually enabling the policy.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. AAD certificate for CA policy for Admin access

    AAD certificate for CA policy for Admin access. Like Mcas has a certificate for additional authentication. the ask is AAD CA to support that too and supply an tenant azure certificate generated at CA policy for Admin access. tenant azure certificate generated can be used for many things.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base