Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. enable conditional access creation for A1 plans

    A1 plans allow the conditional access page to be viewed, like it will let you setup a condition, but when you start doing so... you find that a couple of sections are greyed out. one being the conditions tab. Is it possible to use powershell to garner the same results as the gui? There doesnt seem to be much info out there on this.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Fix Conditional Access exclusions Office365 Apps and Web Entry points.

    In the document: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps#office-365, It says that:

    "The Office 365 app makes it possible to target these services all at once. We recommend using the new Office 365 app, instead of targeting individual cloud apps to avoid issues with service dependencies. Targeting this group of applications helps to avoid issues that may arise due to inconsistent policies and dependencies.

    Administrators can choose to exclude specific apps from policy if they wish by including the Office 365 app and excluding the specific apps of their choice in policy.”

    However, when you create the exclusion for other apps, like PowerApps, Teams,…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Search Criteria/Sorting on Conditional Access Policy

    Hi Team,

    Is seems that the Conditional Access Dashboard is not user friendly. I always have to click on load more to get what policy I'm looking for which is a pain.

    @Microsft, is there way to have search option as well as sorting option on the CA.

    Thanks,
    Suresh

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Conditional Access integration with multiple MFA providers at ADFS

    Improve integration of Conditional Access Policies with ADFS for multiple MFA providers

    We have RSA configured at ADFS. We also have Azure Conditional Access integrated with ADFS (supportsMFA = True) so that MFA prompts can leverage our on-prem RSA infrastructure.

    Currently there is no method to seamlessly test ADFS-integrated Azure MFA. We're presented with the following options to move forward
    1) Introduce an MFA provider choice during authentication for 15,000 O365 users
    2) Move Conditional Access settings to ADFS, which does not support as many features and/or is more abstract to configure vs. CA
    3) Moving RSA to Azure, which…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. The Conditional Access Policies Insights and Reports feature (in Endpoint Management) should show the riskiest logins from highest to lowest

    The Conditional Access Policies Insights and Reports feature (in Endpoint Management) should show the riskiest logins from highest to lowest priority, the the lower-right area of the right-hand pane.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Provide the feature ,disabling the ‘Keep Me Signed In’ option at specific application level

    Currently there is only option to disable the ‘Keep Me Signed In’ for tenant level. Provide an option to specific application level also.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Please help me to login for school

    Please help me to login for school classes

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Bulk enable 'enable browser access' in Authenticator or Company portal on Intune managed Android device

    When customer enabled device based conditional access policy for SPO requiring compliant device, Android device need to enable option 'Enable Browser Access‘ in order to avoid certificate prompt. Currently, user needs to manually enable on each of client device. It is a block for big-organization to enjoy conditional access policy and device management Intune solution.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Restrict access to all admin portals, Exchange, SharePoint, Teams, flow, Endpoint, etc

    Would like the ability to restrict all admin portals to on-prem network or compliant\trusted devices. Similar to the azure management portal. Add SharePoint admin, Teams admin, Endpoint Manager admin, Power Automate Admin, Power BI, Security, MSDATP, etc

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. The MFA-Enabled list is inaccurate

    When enforcing MFA through Conditional access, the MFA list is inaccurate as to who is registered.

    https://account.activedirectory.windowsazure.com/usermanagement/multifactorverification.aspx shows everyone as "Disabled" when in fact almost every user has MFA set up.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Please have documentation as to which conditions and properties can be assessed by which legacy protcols.

    a. From our research and my testing to date, it seems the a conditional access policy that is attempting to act specifically on legacy protocols cannot “see” the device state of the device (e.g. if it’s hybrid joined—which is unfortunate as I wanted to exclude blocking based upon that state) but, we think, can see an IP address “location” (which is good, if it can, as that will be a “must” for one of our applications). Recommendation/Request: Please have documentation as to which conditions and properties can be assessed by which legacy protcols.
    b. Only the legacy “Active Sync” protocol…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Option to include Azure backbone IP addresses to Named (trusted) Locations by default

    We are seeing a maintainability issue with respect to Conditional Access rules and Named Locations. Whenever our users create a Service Endpoint on a subnet to include AAD, we need to manually update the Named (trusted) Locations. This is becoming burdensome and we are concerned by the implication of this as we look to automate more and more across all manner of services in Azure. Another example is users of Cloud Shell being rejected because they present from the Azure IP which isn't trusted by default. The request is for Named Location rules to allow trusting Azure Services in a…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Enterprise Application SAML 2.0 - Prompt Sign-in always

    We are in a retail business, we have shared computers within our brick stores, used by multiple users. where store employees access some business application via AzureAD which uses SAML, we wish to force sign-in always for those applications so that previously logged in user sso session is not persisted on shared computer.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add "All Directory Roles" option when creating Conditional Access Policies

    When creating a Conditional Access Policy to require all admin roles to use MFA, there should be an "All Directory Roles" option to tick so you don't have to keep going back and checking if new roles have been added.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Mobile apps running on iPadOS should present themselves as iOS instead of MacOS for auth purposes

    We use a Conditional Access Policy to prevent access from Windows PCs and MacOS devices from outside trusted locations. However, this policy is causing issues when users attempt to authenticate from iPad devices running iPadOS as these are presented as MacOS thus are blocked from authenticating to resources, We need Microsoft to find a way or work with Apple for iPad devices to be presented as iOS, not as MacOS.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Include Token Lifetime for Azure AD SAML federated applications in Condition Access

    The "sign in frequency" control in Azure Conditional Access doesn't appy to SAML authentication. The MS documentation state that it only applies to OAuth and OIC.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. glass

    Would be great if break-glass account functionality was built-in to Azure AD somehow. Right now there's a lot of manual setup and monitoring work involved in this. Would be nice to be able to create accounts and designate them as "break-glass" accounts. Then setup is automatic after that...excluded from Conditional Access Policies, monitoring for changes, etc.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Giving options to solve specific problems

    I had a business account which was cancelled, then I created and paid for a personal account but now I cannot access to Microsoft Teams apparently because it is not linked with Outlook.
    What can I do?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. JIT

    I have one question that I want to ask. With regards to setting JIT access on a VM I wanted to know if users who connect to a VM at a certain set time and from a specified IP address (because of JIT conditions set) can also be an authenticated user also? So someone else who knows all of the rules cant connect. I would like JIT conditional access to be more restrictive.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base