Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. leaked credentials source

    Is it possible to add the source or a close approximation of source for a leaked credentials risky user hit? Having a possible site or even possibly the data breach that the hit was associated with can be useful to help the end users know where to start on changing credentials.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Most of the security questions for Password Recovery I don't know the answer to. Please consider a feature where I put my own questions in.

    Rather than you provide questions that don't have relevance such as "What is your youngest siblings middle name?" or "In what city was your mother born?", how about allowing me to create my own challenge questions.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Create the ability to generate email alerts for risky sign-ins by type, rather than severity

    Please, add the ability to generate email alerts for specific sign-in types (e.g. log-ins from anonymous IP addresses) to enable admins to refine their procedures based on what is deemed legitimate user behaviour.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Ability to export Risky Sign in policies programmatically

    We need a way to export/consult Risky sign in policies.

    In general, a feature should be released with its associated API to allow Microsoft customers to perform automation.

    Support case 119070422001895 confirmed this was not possible.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Respect exclusions for MFA registration vulnerability assessment

    Azure AD Identity Protection may show a medium risk vulnerability, "Users without multi-factor authentication registration", even though all in scope users are registered for MFA. The issue here is that excluded users appear to be factored into this vulnerability assessment.

    In our case, the only users not enabled for MFA are service accounts which shouldn't have MFA enabled (e.g. Azure AD Connect), and are thus explicitly excluded from our MFA registration policy in Azure AD Identity Protection.

    Apart from the warning on the Azure AD Identity Protection dashboard, this also results in getting a warning every week in our security…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Identify Anonymising VPN Services in risks/alerts differently

    We are seeing an increase of traffic from Anonymising VPN services from our end user base for publicly accessible applications that is generating a lot of alerts.

    Some of their are IP Addresses are listed, obviously given how they work, some of them won't be. but for the ones that are, this should display or alert differently than just the A-typical location alerts. Or at the least identify that it might be Anonymising VPN traffic in the alert.

    This may not be the easiest of tasks, but given the Anonymising VPN market growth and usage, it should be considered.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable Azure Active Directory Identity Protection integration with Service Now

    I consult for an Enterprise where Service Now is used to capture all DevOps work (tickets). I would like to see rather than an email alert from an Azure AD IP event the ability to raise a Service Now ticket

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure AD Identity protection - Reporting enhancement for multi tenant

    Reporting lacks any granularity for multi tenant in situations where each tenant may require their own individual notifications (e.g. CSPs).

    I would like to see granularity by organisation, e.g. UPN suffix, to be able to notify the relevant people. As with other suggestions, just adding the email/UPN by default would help break down the output.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Mark all events as "False positive"

    The report "Users flagged for risk". Today its only possible to Dismiss all events, effectively mark them as ignored. We need the ability to mark all events as “False positive” As a company in the travel industry a lot of our staff travel and sign in from a lot of new locations.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Risky sign-ins detection improvement

    We have a lot of FP detections related to Zoom service account. It performs sign-ins from different IP/locations. Is it possible to add additional parameters such as user agent or something else to reduce the FP rate?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure AD Identity Protection notification needs to support multi-language

    We can receive weekly digest or some alerts email in Azure AD Identity Protection, but it seems that it is only supported in English.
    It would be great for other language speakers, if we can select notification email language.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Make alerts in Sentinel coming from Identity Protection viewable in Azure AD/Identity protection

    We have the Azure AD identity protection connector enabled with our Sentinel subscription. Alerts in Sentinel with a source in Identity Protection can't be drilled down to within Azure AD/ identity protection.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Identity Protection IP Whitelist without using Trusted Locations

    Risky Sign-Ins triggering due to legitimate IP origin. Need a way to whitelist those IPs. Do not want to use Trusted Locations as Conditional Access Policies are used in some places to permit authentication. Perhaps an 'Exclude from Identity Protection' option on the Named Location separate from marking it as trusted.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Identity Protection - enable risk policies from graph api

    Hello, I need the ability to automate the enablement and configuration of the risk and Mfa registration policies, preferably through graph api.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Remove links to non-interactive logins

    As per documentation: "Identity Protection evaluates risk for all authentication flows, whether it be interactive or non-interactive. However, the sign-in report shows only the interactive sign-ins. You may see risky sign-ins that occurred on non-interactive sign-ins, but the sign-in will not show up in the Azure AD sign-ins report."

    https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk#risky-sign-ins

    This leads to "dead" kinks in the alert interface. This again leads to confusion and lack of trust in the product. Further as not all relevant login can be inspected, a meaningful verdict is impossible, and therefore false positives can't be trained out of the system. I have been informed…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Help leading disability

    Pass code number changes keeps coming up
    Don’t know which one is mine ?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Pessoal tenha conta opcional Microsoft nao te da suporte e so propaganda péssima empresa concorrência está 20 x a frente em termo suporte e

    Já tive minha conta raqueda 2 vezes nessa empresa mesmo com todas as provas que a conta é minha comprovando email e dados disseram que nao pode me ajudar 3 dias depois de vários pedidos de socorro.
    O racker pode usar seus dados porque ele tem livre acesso mais o cliente nemmoral tem porque para eles a desconfiança e do cliente e nao de quem está roubando seus dados infelizmente uma conta que tenho mais dez anos mas que nao faço mais questão a concorrência está 10 x a frente em relação suporte ao cliente uma vergonha Microsoft outlook

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Microsoft ê uma merda suporte 3 dias esperando conta raquada e vem me dizer que nao ppde me auxiliar sendo todas as provas claras que a con

    Microsoft é uma merda só propaganda pior empresa nao tem suporte infelizmente foi contente com voncorentes

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for reaching out to feedback suggestion forum. Please share more information around your scenario/use-case, how you are accessing, what type of devices etc. this will help us to understand and address your account broken issue quickly. Also, contacting your administrator will also help to resolve this issue as many settings are controlled and managed by administrator.

  19. Give global admins more control over User/sign-in risk levels

    Please give global admins more control over the logic for notifying/alerting and evaluating whether a sign-in is risky and which risk level.
    It would be nice to have a simple "if then" type control for specific instances where the client feels a sign-in attempt is a risk, but MS does not. For example; we have one non-MFA protected account that successfully supplied the password for that account from a blocked country per the conditional access policy. Though conditional access did block it, all the bad actor would have to do in this instance would be to attempt sign-in form a…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Guest users of Microsoft tenant should not evaluated by Microsoft under Identity protection or there should be option to excluded.

    Guest users of Microsoft tenant should not evaluated by Microsoft under Identity protection or there should be option to excluded.

    Guest users in Microsoft Tenant should not evaluated by MSFT under Identity protection once Admin from home tenant reset password, guest user are doing their daily task and not doing any suspicious activity but MSFT IDP making them risky sign-in/ risky users.
    so we want there should be option to exclude Guest user on request basis from Identity protection policy. (Broad commercial : posting this on behalf of customer as he insist)

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base