Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Conditional Access for Time Series Insights

    We wish for the possibility to set a Conditional Access for Time Series Insights.
    Currently, we set Conditional Access (with MFA) for the Management API, which affects login to Time Series Insights, which we do not want.
    Management API should not affect Time Series Insights and vice versa in Conditional Access.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add guest role excepions to the end user protection baseline policiy

    First of all: having those baseline policies at no cost is brilliant and will definitely help organisations that start into M365.
    The end user protection baseline policy is also great, since it balances security with usability (require MFA based on risk, not as default).

    BUT: since there are no exceptions to the policies, the end user protection baseline policy also applies to guest accounts, so guests need to register for MFA when accessing a shared document. This reduces usability. Also, for a guest account the risk status comes from the external tenant (of the guest account), which may be a…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. using AAD conditional access to manage some azure resource

    can we add the azure resource to the enterprise application? so that they can be managed by the Azure AD conditional access: such as

    Azure Machine learning service, Azure data factory service and storage account, etc

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Feedback for the Conditional Access policy team.

    Currently in Conditional Access policy > in Cloud Apps or Actions menu... for example, if I want to block OneDrive for Business access for a certain group of users, I had to select SharePoint Online as the cloud app... which also blocks access to various other cloud apps: Teams, OneNote, etc. If the cloud app selection option can be granular as the App Protection Policy menu that would be very helpful.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Shortcut to Azure AD audit logs from Conditional Access blade

    Please add a easy to use shortcut that jumps to Azure AD Audit logs blade and list all the policy changes for the last 30 days.

    It will make life a bit easier for IT administrators and provide an easy understandable way to find the changes made.

    /Peter Selch Dahl

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow Conditional Access Policy based on the used App

    Allow definitions based on the used app.
    Example:
    Exchange Online can be accessed either by Microsoft Outlook if you have a compliant device or
    Exchange Online can be accessed by a sandbox Mailclient (e.g. SecurePIM/BlackBerry) without compliant device but with MFA.

    Today only the backend (exchange online) can be chosen.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Conditional Access View - Unprotected Application

    Please create a view within Azure Active Directory\Conditional Access that shows all applications that do not have a CA Rule applied. Currently you have to click into each application separately to view if there is a CA Rule applied to that app.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Conditional Access Deny Message Change.

    After turning on Conitioanl Access via location to deny specific country's it works at denying access if I authenticate from an IP address from that country. The problem is that the access deny message not only confirms the credentials are correct but gives examples of why it is restricted. "Browser, app, or location that is restricted by admin." This needs to be changed so that on failed logins via conditional access failure gets as little information about the deny action as possible. A simple "Due to a policy set by the admin this access is restricted."

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Provide API to limit control access to Office 365

    There are 2 uses cases here: 1) Limit to devices that are connecting from corporate network, 2) limit access to approve mobile devices. I understand Azure AD Conditional Access provide this capability but only through the UI. Is there a way to do this programmatically? In addition, once access has been limited to approve devices, how do I prevent users for accessing personal Office 365 account on the same device? E.g., avoid user downloading file from corporate account and uploading to personal account.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Show details of audit log targets "Known Networks List" and "Default Policy".

    When I add a new location to a named location or update the location settings, the audit log target shows "Known Networks List", but I don't know which item has changed or how.

    Also,
    When you update a conditional access policy, the audit log target shows "Default Policy", but you don't know what item or how the ADD system changed.

    Since both are insufficient as audit logs, please improve the log so that at least which setting item can be identified from which location.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Ability to Exempt Tenant Locations from Conditional Access

    The ability to exempt connections between tenant services from conditional access policies. For example, making a connection from Azure Automation via PowerShell to Dynamics 365 using a dedicated service account in the same tenant should have the ability to be exempted from Conditional Access policies and/or be included as a condition for granting access. This could help other services like Flow and Logic Apps as well.

    Inter-tenant connections between services should have the ability to be exempted from CA policies and/or used as a condition to grant access.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. when an employee authenticate to join another teanant as a guest: Conditional access policy to action a session control

    if a an employee authenticate to connect to another tenant as a guest: redirect traffic to go through CASB ( CA session control)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. With the new Beta Edge, it is not passing the "join type" or device ID into Azure so some machines are getting MFA prompted due to CA rules

    The Edge Beta and Edge Canary versions of the new Edge browser built on the chromium platform do not pass the join type and/or device ID.

    We have CA policies that are based on being Hybrid AAD joined. Chrome and IE pass this info through where Edge Beta does not yet.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow the Teams mobile app while blocking Outlook app

    I have a scenario where I need to block all users from Outlook mobile except for users in the Corporate Phones AD group. This is set up and working as intended.

    I also need to be able to allow anyone in the BYOD AD group access to Teams mobile but at the same time be blocked from Outlook mobile.

    When users try to open Teams mobile and because there are interdependencies in Teams with Exchange, users are catching on the Deny Outlook Mobile policy and not allowed in Teams.

    Can this be separated out?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure AD Conditional Access

    Azure AD Conditional Access should have the following features:

    -Clone existing policies
    -Create policy templates from existing policies
    -Include/Exclude device MAC addresses under policy Conditions

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Include Privileged Role Administrator in the baseline policy: "Require MFA for admins"

    Seems like an oversight to not include the role Global Admins don't have access to.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow more granular access to the conditional acess 'what if' capability

    Allow wider use of the AAD Conditional Access 'What If'' capability without having the 'Conditional Access administrator' role. So far we have Global Admins and Conditional Access administrators trouble-shooting problems and the Helpdesk would like to run queries to troubleshoot problems but 'Conditional Access administrator' gives them too many privileges.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Able to add the third application to the approved app list

    I am a project manager from Foxit Software. My customer has set a conditional access policy on Azure. When he applied this policy on Foxit Android app, there is a prompt message which said "You can get there from here". The detailed message is shown in the attached image.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Authentication behavior within the SharePoint App

    When accessing URL of Forms linked in a page of SharePoint from iOS App, PRT is not properly passed and device information is not delivered.

    This problem occurs when you set the conditional access of "Require device to be marked as compliant".
    This problem does not occur when accessing SharePoint → Forms via a browser, not from a SharePoint app.
    There is no problem with other links on the SharePoint page.

    From the above, it can be considered that there is a problem in the operation related to access to Forms from SharePoint App.

    If the above problem occurs, the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure AD Conditional Access - Option to exclude all the guest and external users from the policy

    We are able to see there is an option to exclude the guest and external user from the conditional policy but it is in preview state. Since it is in preview, we can't use it in production environment. So request you to let know the release date for this feature.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base