Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Make SPN (non-interactive) login events logged and available
Currently in Azure AD when using SPN (non-interactive) logins via code (.Net, Powershell, etc.) for automated processes (server to server communication/API) that interact with Azure, there is no event in Azure AD logs to show that this login has occurred. Please make this exposed in the logs in the same fashion that an interactive user login is logged. This is not only beneficial for troubleshooting, but more importantly from a security, compliance, and risk audit trail standpoint.
158 votesWe are working on this but we don’t have a public ETA to share at this time. We will keep you updated as we get closer.
-
please show "Users with Leaked Credentials" with a zero count even if there are none detected
in the azure active directory risk events section please show "Users with Leaked Credentials" with a zero count even if there are none detected.
It would be ideal to set up a mail alert with this alert as well.The logic would be:
if this alert shows up then we know it is working. if it doesnt show up then there is a problem with setup11 votes -
Fix signin resulttype 50053
In your documentation you say that signing error ID 50053 is "Account is locked because the user tried to sign in too many times with an incorrect user ID or password." however, when i search for this error using loganalytics i also get the description "Sign-in was blocked because it came from an IP address with malicious activity."
Can this be fixed?
10 votes -
Provide more detail in audit logs
It would be good if some of the AzureAD audit log Activity categories had more detail, eg "Set Company Information" - that's all that is logged for this activity, with no detail into what property was changed.
9 votes -
Add the ability to filter with an "Equals" or "Does Not Equal" operator in the Sign-in activity reports in the Azure Active Directory portal
Currently, the filters for the Azure Active Directory "Sign-Ins" log only allows for filtering with values that equal the input. It would be beneficial to have the option to have the "does not equal" operator for this filtering so that the user could also filter out values that commonly occur in the log. Example: filter would be "Client app" DOES NOT EQUAL "Browser" ... or "Operating System" DOES NOT EQUAL "Windows 10" ... or "Location" DOES NOT EQUAL "US".
8 votes -
Adhere to ISO27001 compliance obligations for Office365
Per https://servicetrust.microsoft.com , Microsoft's cloud services including Exchange Online adhere to ISO27001 and have been audited against ISO27001.
However, I have been informed that there is no log generated when an end-user or customer signs-out of their account: 'Customer is asking for a new feature, sign-out logs, that today is not supported.'Specifically, ISO27001 states in section 12:
ISO 27001 – A.12.4 – Logging and Monitoring
Objective: To record events and generate evidence.
Control 12.4.1 A.12.4.1 Event logging – Event logs recording user activities, exceptions, faults, and information security events shall be produced, kept and regularly reviewed.
I contend that…
6 votes -
Audit log
Extend the audit logs to allow for retention for more than 30 days to 90 days.
6 votes -
Reporting of IP addresses blocked by Smart Lockout
It would be beneficial if an admin could have insight into what IP addresses are being blocked by Smart Lockout. If a user is experiencing connectivity issues it would be nice to be able to query a report for their IP address to validate that Smart Lockout is not denying them access.
5 votes -
Provide reporting around Passwordless Phone sign in
Reporting/management on Passwordless phone sign in including who its available to, who has enabled it, frequency of use, and management options to administratively enroll/unenroll users from it.
3 votes -
Audit logs for azure ad policies
assigning Azure AD policy to service principal and application registration should be consistant from the audit log entry perspective. There are different type of policies and by info from Microsoft at the some point they should be assigned to Service principals i.e. HDR and as they are assigned they create the entry into Audit log (there is different issue as those entries are generic and will not tell you what change was done on service pricinpal). On the other hand for SAML1.1 type of policy, we were notified to assign the policy to App registration, and this activity is not…
3 votes -
2 votes
-
Add ability to filter out more than just startswith in Password Reset - Usage & Insights
We have service account and accounts sourced from other sources that show up in Azure AD. We'd like to be able to see what accounts tied to just our permanent people have not registered for SSPR. Currently, you can only filter Name in the reporting with a StartsWith search. Please add the ability to filter by wildcards or EndsWith or even regular expressions.
2 votes -
Display DEPARTMENT in Sign-ins Report and Filtering capability
We need to be able to filter the Sign-In Activity Reports/Logs by the DEPARTMENT field. We are currently utilizing the DEPARTMENT field in a User's Profile in Azure AD to identify the user's organization and today, there is no way to filter those Activity logs using that field.
Would be great to have the DEPARTMENT as one of the fields that is displayed in the report. Having a built-in filter for DEPARTMENT in the Portal would be even better.
2 votes -
Alerting to non-admin mailboxes
Current alerts of Azure AD can only be send to Tenant administrators. As it is a good security practice not to use your administrative credentials in a production environment it is not wise to use a mailbox either. So the request is to enable other email contacts that are not tenant administrators, or even distribution groups.
This means that employees that are involved in the security process can not really receive emails, without having one tentant administrator having forwarders on a mailbox (= also bad practice to have forwarders)
Why using the workarounds cannot be used (use an admin account…
2 votes -
Bring back "Sign-ins after multiple failures" report OR createa new policy to alert users/admins of when an account has been compromised.
I have too many users whom accounts are getting targeted from foreign IP address. For example, no part of our business operates in China thus I know all attempts to access a users account from this region are malicious attacks. I can see when attempts are being made on an account, but I cannot see when a successful attack has been made.
It would be fantastic to create a policy that will send out an email after x failed attempts within y minutes and 1 successful login.
I believe you could previously view "Sign-ins after multiple failures" in Classic Azure,…
2 votes -
Insights - Authentication methods registration details should Show Default Method
The preview report 'Insights - Authentication methods registration details
' is great but would be very useful if it showed the default MFA method registered also.1 vote -
Sign Out report
Azure Active Directory admin centre > Users > Sign-ins report is useful
But having the same for Sign-outs would be great
Having a 3rd that tallys the hours signed in per day would be better1 vote -
Reports for Risky Detections - Would like to see the selected Columns keep your settings or items selected each time.
Reports for Risky Detections - Would like to see the selected Columns keep your settings or items selected each time. Every time I go back to the reports, I have to re-select each column item I want to see.
For Example: Risk Level default is set to None. I have to pick High, Medium or Low each time I look at the report.
Detection Type default is set to None Selected. I would like it to keep what I have set each time.
1 vote -
Sign-In Logs - Record Client's Private IP if X-Forwarded-For header is present
Due to security reason, we need to capture the private IP information when intranet user is accessing cloud resource.
Our device can support X-Forwarded-For header so private IP information can be sent out via this header.
Please consider to add the private IP information in Sign-in reports.
1 vote -
Warn when exceeding max export size of sign-in log
When downloading the results of the Azure AD sign-in log to CSV, if the number of entries exceeds the maximum 5000 entries that can be exported in at any one time, the export is silenty truncated to 5000 entries with no warning to the user.
Bearing in mind sign-in logs may be exported for security-related analysis or auditing, it's important that the user is made aware that the generated export is incomplete.
I'm reporting this for the sign-in activity log as this is where I noticed the issue, but it may well apply to other exports within the Azure Portal.
1 vote
- Don't see your idea?