Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. In Conditional Access Policy or Azure AD Identity protection, block is based on risk level not based on risk detection. For example, I wante

    In Conditional Access Policy or Azure AD Identity protection, block is based on risk level not based on risk detection. For example, I wanted to block “Sign-ins from anonymous ip address” but wanted to allow “Sign-in from unfamiliar location”. Since most of my users travel to different places so we wanted to allow “Sign-in from unfamiliar location”. How can I achieve that using Conditional Access Policy or Azure AD Identity protection or any other method?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Show details of audit log targets "Known Networks List" and "Default Policy".

    When I add a new location to a named location or update the location settings, the audit log target shows "Known Networks List", but I don't know which item has changed or how.

    Also,
    When you update a conditional access policy, the audit log target shows "Default Policy", but you don't know what item or how the ADD system changed.

    Since both are insufficient as audit logs, please improve the log so that at least which setting item can be identified from which location.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Ability to Exempt Tenant Locations from Conditional Access

    The ability to exempt connections between tenant services from conditional access policies. For example, making a connection from Azure Automation via PowerShell to Dynamics 365 using a dedicated service account in the same tenant should have the ability to be exempted from Conditional Access policies and/or be included as a condition for granting access. This could help other services like Flow and Logic Apps as well.

    Inter-tenant connections between services should have the ability to be exempted from CA policies and/or used as a condition to grant access.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. when an employee authenticate to join another teanant as a guest: Conditional access policy to action a session control

    if a an employee authenticate to connect to another tenant as a guest: redirect traffic to go through CASB ( CA session control)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. With the new Beta Edge, it is not passing the "join type" or device ID into Azure so some machines are getting MFA prompted due to CA rules

    The Edge Beta and Edge Canary versions of the new Edge browser built on the chromium platform do not pass the join type and/or device ID.
    We have CA policies that are based on being Hybrid AAD joined. Chrome and IE pass this info through where Edge Beta does not yet.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Conditional Access policy for Authentication

    Today, users are allowed to login from apps like Lens, Remote Desktop, Citrix ... on iOS and Android. Means, they are able to go to "Setting and Add work account".
    Users should not be allowed to login using work account from these apps which are not part of approved client apps.
    There should be conditional access policy to prevent Authentication also.

    Today, Conditional Access policy grant the access to the resources (Authorization) based on approved client apps. Like to have same applied to Authentication as well.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. I need to change my cellphone number but I can't access by web or by Authenticator

    I need to change my cellphone number but I can't access by web or by Authenticator

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. When will custom controls become general availability? It's been in preview for 2 years

    When will custom controls become general availability? It's been in preview for 2 years

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow Conditional Access Policy for Azure AD Joined devices (not just Hybrid)

    We don't want any device that is not enrolled in Azure AD to have access to any data in Azure/365. In the CA policy, there is the option to apply this to Hybrid Azure AD Devices but not just Azure AD Joined devices. We have a lot of startup companies who have never had an on-prem existence.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Ability to add notes or descriptions to Conditional Access policies.

    It would be useful to add to add notes or descriptions to Conditional Access policies. So actually describinmg what the policy does together with the policy.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add Dynamics 365 CRM Online to CA cloud app list

    As Dynamics CRM holds sensitive customer data, want to enforce MFA to secure the service

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow the Teams mobile app while blocking Outlook app

    I have a scenario where I need to block all users from Outlook mobile except for users in the Corporate Phones AD group. This is set up and working as intended.

    I also need to be able to allow anyone in the BYOD AD group access to Teams mobile but at the same time be blocked from Outlook mobile.

    When users try to open Teams mobile and because there are interdependencies in Teams with Exchange, users are catching on the Deny Outlook Mobile policy and not allowed in Teams.

    Can this be separated out?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Azure AD Conditional Access

    Azure AD Conditional Access should have the following features:

    -Clone existing policies
    -Create policy templates from existing policies
    -Include/Exclude device MAC addresses under policy Conditions

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Include Privileged Role Administrator in the baseline policy: "Require MFA for admins"

    Seems like an oversight to not include the role Global Admins don't have access to.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. for conditional access, there is no way to filter the condition by app client. even the client can be identified by Azure AD already.

    for conditional access, there is no way to filter the condition by app client. even the client can be identified by Azure AD already.
    in this case, we have no option to allow only the approved 3rd party MDM email/sharepoint client to access the resource

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Create custom sync rules based on local AD group membership

    I'd like to be able to create custom join rules based on users group membership in AD. I can do this currently based on other fields (employee type, OU, etc....) but in our environment and I'm assuming others doing being able to do this simply based on current group membership would be preferred.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow more granular access to the conditional acess 'what if' capability

    Allow wider use of the AAD Conditional Access 'What If'' capability without having the 'Conditional Access administrator' role. So far we have Global Admins and Conditional Access administrators trouble-shooting problems and the Helpdesk would like to run queries to troubleshoot problems but 'Conditional Access administrator' gives them too many privileges.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Able to add the third application to the approved app list

    I am a project manager from Foxit Software. My customer has set a conditional access policy on Azure. When he applied this policy on Foxit Android app, there is a prompt message which said "You can get there from here". The detailed message is shown in the attached image.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Authentication behavior within the SharePoint App

    When accessing URL of Forms linked in a page of SharePoint from iOS App, PRT is not properly passed and device information is not delivered.

    This problem occurs when you set the conditional access of "Require device to be marked as compliant".
    This problem does not occur when accessing SharePoint → Forms via a browser, not from a SharePoint app.
    There is no problem with other links on the SharePoint page.

    From the above, it can be considered that there is a problem in the operation related to access to Forms from SharePoint App.

    If the above problem occurs, the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Provide API (or Powershell cmdlet) to feed use cases to Conditional Access "What If"

    My policy configuration is driven by Use Cases (I have almost 100). It would be really awesome if I could take my use cases and be able to feed them to an API\PowerShell cmdlet that would return the same output that the WhatIf tool returns. The idea being when I want to make some design changes I can quickly determine how that change might impact\interact with other existing policies.

    For example, in Excel I have a column for each possible field in the WhatIf tool. I'd like to take that Excel document (or CSV) and feed it to an automated…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base