Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Create Custom Controls for Azure AD conditional policies without offline process

    First of all thank you very much for the Custom Controls functionality for Azure AD.
    I just found through an Azure Support channel that today, you need to contact Microsoft to become a "valid" provider for custom controls.
    It would be great if you could make the registration process online and automated as I see a lot of potential for customers to want to implement their own validation logic during the authentication pipeline.

    Having to offline register with Microsoft in order to have a compatible service will make it much harder to push this feature forward.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Azure audit logs that show 'PolicyDetail' data being changed and who changed it on a conditional access policy

    Azure audit logs that show 'PolicyDetail' data being changed and who changed it on a conditional access policy

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Conditional Access granularity -- We need support for "and/or" scenarios for conditions, and more granularity for client/device types.

    We are in the process of moving to Exchange Online from an on-prem environment, with the following assumptions:

    A) We are already a Duo shop for MFA and management does not want to have a second MFA strategy (Azure AD MFA)

    B) We use Passthrough Authentication for authentication into Azure AD. We do not wish to deploy ADFS for only O365.

    With these assumptions, our way of adding MFA to our logins in O365 is with Conditional Access and a custom control for our Duo 2FA.

    We have created policies that only allow connections from clients that support Modern Authentication,…

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Conditional access policy - Cloud Apps - All 3rd Party Applications

    Provide a simple radio buttons for

    "All Non-Microsoft Applications" ("All 3rd Party Applications")
    "All Microsoft Applications"
    "All Cloud Applications"

    to be used in Inclusion and Exclusion rules under Cloud App for Conditional Access Policies.

    Currently does not seem to be possible to block just 3rd party apps. It is not possible to select all of the Microsoft applications in the Exclusion rules as they are not presented for selection unless registered with a URL.

    And if it were possible to select everything required for Microsoft applications, it would still be an administration burden to continue to update the whitelist with…

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →

    Can you give a bit more detail about why you would want to block 3rd party apps? Why are there 3rd party apps registered in your directory, that you want to block? I’m just wondering if there is a bigger issue here. Please add any feedback to the Azure feedback item.

    Thanks

  5. Delve as an Approved App

    Delve isn't listed as either an 'approved client app', or a 'policy protected client app', so we're struggling to get this configured on our BYOD devices when the conditional access policy requires either approved or policy protected. Can this app and sure all apps that are part of the O365 suite be approved.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. conditional access rules should be searchable instead of waiting for load

    Conditional Access policy cannot be searched. If you have a lot of CA, you have to click load more, wait, wash, rinse, repeat.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable conditional access for registered native apps

    Enable the use of Conditional Access when using AAD Interactive login in native desktop apps. For example RDM in this scenario: https://help.remotedesktopmanager.com/index.html?datasourcesadvancedsqlazure_configuresqlazureforadconnections.htm

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support Azure Conditional Access for Azure SQL Server

    Allow clients with a Azure Conditional Access compliant device to access the Azure SQL database independently of the IP location.

    Basically great a just-in-time access for Azure AD compliant devices that are able to authenticate using some kind of PKAuth (Public Key Authentication Protocol) against the Microsoft Azure SQL server that allows access for that specific client.

    @Caleb

    https://feedback.azure.com/forums/908035-sql-server/suggestions/35919877-support-azure-conditional-access-for-sql-connectiv

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the suggestion Peter. Can you give a bit more detail on the use case? You can apply conditional access policy to Azure SQL today. Is the additional requirement here to lock down access to specific devices (for example: not all compliant devices)?

    -Caleb

  9. 8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Document conditional access supportability matrix

    The supportability matrix on which operating systems and web browsers (including full-mode vs. in-private mode) are supported by conditional access should be publicly available.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Display Summary of Conditional Access Assignments

    Instead of requiring admins to click every Assignment to see the details of the CA rule they created, show a summary of what the policy does, in the users native language.

    See attached file to get an idea of what I'm saying.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Conditional access policy by location should be standard feature

    Conditional Access policies to block access from countries should be a standard security feature and organizations should not have to upgrade to E5 or Azure P2 to use this feature. We see failed sign in attempts everyday from countries such as China and Russia. It would block out 99% of the malicious sign in attempts if we could simply implement a conditional access policy by location.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow access to specific O365 portals (Teams call queue site for example) but restrict access to all others

    We would like the ability to restrict access to all online O365 services but be able to exclude access to the Teams call queue site (https://aka.ms/cqsettings) so that users can opt in/out of call queues during their day to day activities. At the moment it appears to be only an all or nothing policy. Thx!

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Merge the IP Adress range page in Cloud App Security and Conditional access - Named locations IP Ranges

    Currently we have to maintaine the same IP address ranges on two different Admin Centers to avoid false positive impossible traveling alerts. It would make sense to have only one page where you maintain ip address ranges and enable them for both: the Conditional Access rules and for the Cloud App Security.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Ability to customize email messages that are auto-generated

    Whenever admin uses Azure Conditional Access policy to either:


    1. Block Exchange ActiveSync (Legacy Auth)
      or

    2. Enforce MFA on Exchange ActiveSync

    End user would receive the following email notification on their IOS/Android devices when trying to login Outlook email using ActiveSync with Legacy Auth (IOS and Android Native Mail Client, Gmail App).

    Please see attachments for email message details. When end users click on "Learn More" link, it would direct them www.microsoft.com that contains Microsoft Ads which is unacceptable. It would be ideal if i directs to MFA article or the company's internal link.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Conditional access api with at least What If capability

    Create an API for conditional access that only displays the policies, but also enables you to perform 'What If' to test the them.
    It will significantly help create automations by overseeing what might get blocked. A response should be a detailed report like in the Azure Portal.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. RSOP for CAPs

    Have a way to determine the net effect of ALL conditional access policies on a given user, like a resultant set of policies do with GPOs.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Support for accessing SharePoint onprem files through Application Proxy from Android and IOS Office Apps

    Problem:
    - Access are blocked (You cannot open the document) when Approved Client App is a requirement in the CA policy (You cannot get there from here message)
    - After trying to authenticate (and being blocked) the Office app needs to be restarted to be responsive again.

    Possible solutions:
    - rewrite the authentication flow to use the auth token saved on the device - instead of trying to reauthenticate with webkit browser
    - use Edge browser inside the apps to reauthenticate
    - Treat webkit as an approved app when inside an office app

    Since all the users recent documents are…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Indicate when conditional access policy was not applied due to lack of license

    When viewing the details of an individual entry in the sign-in log within the Azure AD Portal, the "Conditional Access" tab allows you to see which conditional access policies were applied to the sign-in attempt and the result for each.

    In the case where the user in question does not have a license assigned that includes conditional access functionality, the tab simply says "No policies". Support have advised me in the past that CA policies will not be applied to users who do not have the appropriate license applied, which is presumably why the list is empty in such situations.…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. 6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base