Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Introspection endpoint for Azure Active Directory

    Hi,
    Times, there will be cases when the user logs out but the token associated with the user on the client doesn't expire and so when the Resource Servers/APIs invoked with these tokens gets serviced/honored. It would be great to have an introspection endpoint with AAD to check the validatity of the token (as mentioned in RFC 7662 https://tools.ietf.org/html/rfc7662) so that all APIs/Resources can leverage it and accept or reject the token instead of creating a custom repository at our end to blacklist these tokens.

    71 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  2. Invalidate JWT Token

    Need a way to invalidate JWTTokens that have been issued to a user to prevent the user from accessing the AAD with the token after issuing the OAuth logout request:
    (https://login.windows.net/{{tenant}}/oauth2/logout?postlogoutredirect_uri={{RedirectUri}})

    56 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  3. CSP subscription transfer between tenants

    Eneblemnt of Azure CSP subscription tranfer between AAD tenants.

    49 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  4. Disable new features, which impact all AzureAD users, per default

    We always appreciate new Features in AzureAD, but if a new feature impacts all our users, we would like to be completely in control of enabling the feature once our organization is ready.
    I specifically refer to the "LinkedIn Integration in AzureAD" which will be enabled by default.
    When deploying future releases, please keep in mind that there are organizations out there, which have strict processes for enabling new features for their employees. Enabling a new feature, which impacts all AzureAD users by default is really disruptive!

    36 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  5. Notify before App Registrations Client secret expiry

    For secrets and certificates in Azure Key Vault we can set up certificate contact and "EmailAtNumberOfDaysBeforeExpiry".

    For App Registrations with client secrets, they just expire (and we get outages).

    Please make it possible to get notifications about everything that expire in AAD before they expire, so that we can keep our services running.

    No, this can't be monitored/pulled from outside of Azure, as we e.g. run in national clouds where we don't have access on our own.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  6. Release AADLoginForLinux source

    I would like to see the source code for Microsoft.Azure.ActiveDirectory.LinuxSSH.AADLoginForLinux released. It would fit nicely into the https://github.com/Azure/azure-linux-extensions repository

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  7. Backup Azure Active Directory

    I would like the ability to backup my Azure Active Directory. This could be a feature provided by Microsoft, or allowing a configuration file to be exported locally.

    If my users maliciously deleted application registrations among other things, there is no easy way to restore this currently.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  8. Improve Device Listing Page - Export, sort, filter

    The All Device listing in Azure Active Directory has good information but you can not export it, sort it or filter efficiently.

    Would really appreciate the typical 'Export' option.

    24 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow custom link for "can't access your account"

    We use Azure AD connect to sync our local Active Directory with Azure AD/Office 365. As such, we don't want users trying to change their password using the "Can't access your account" link on the login.microsoftonline.com page, but would like to direct them to our on-premise password management system instead. It would be great if we could enter a custom URL for "Can't access your account" as part of the branding options. We've tried putting some text in the "Sign in text" area to let users know where to change their password, but the text is so tiny that users…

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure databricks to support Exec Stored Procedure on SQL sources

    We use advanced SQL and T-SQL queries that includes stored procedures to carry out ETL activities on SQL.
    We cannot any support or documentation on how to run Exec Sproc activities on Databricks. This is a push-down mechanism as shown below but it fails to run Exec Sp Sql commands.
    https://docs.databricks.com/spark/latest/data-sources/sql-databases.html

    val pushdownquery = "(select * from employees where empno < 10008) empalias"
    val df = spark.read.jdbc(url=jdbcUrl, table=pushdown
    query, properties=connectionProperties)
    display(df)

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add Intune management capability for the Authenticator mobile app

    Just like other Microsoft mobile apps that can be managed by Intune, it would be good if we could use Intune to manage the Azure Authenticator mobile app.
    For example, only allow Authenticator to be used on "healthy" devices - or only allow certain features (OTP) if the device has a passcode or in encrypted.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add Redis Cache Support for Managed Service Identity

    Allow managed service identity to be used for connections to redis cache via the redis session state provider

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  13. Win32 app support for roaming

    Azure AD Enterprise State Roaming for Windows 10 does not support syncing of Win32 apps settings/data. Current version only supports UWP modern app and OS settings. Most of organization have vast deployment win32 apps

    For Win32 app support, current approach is to deploy User experience virtualization (UEV). Add support for Win 32 app setting - provide one integrated cloud based tool - Enterprise state roaming.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure AD with automatic join during deployment

    I want to join my devices to azure ad during the Installation with SCCM or MDT

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow ESR admin to reset user synced data

    Admin control to reset user synced data through the Azure AD portal. Useful for debugging, troubleshooting, and starting clean.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  16. Support SAML 2.0 NameIDFormat urn:oasis:names:tc:SAML:2.0:nameid-format:transient

    http://technet.microsoft.com/en-us/library/dn641269.aspx

    Says: "Azure AD currently supports the following NameID Format URI for SAML 2.0:urn:oasis:names:tc:SAML:2.0:nameid-format:persistent."

    I would like to have NameIDFormat urn:oasis:names:tc:SAML:2.0:nameid-format:transient supported.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  17. Improve Exchange online administration via Graph API

    The following 8 fields of on-premise users cannot be read or updated by using the Microsoft Graph API.
    1. altRecipient
    2. mDBUseDefaults
    3. msExchRBACPolicyLink
    4. msExchPoliciesExcluded
    5. protocolSettings
    6. homeMDB
    7. ntSecurityDescriptor (DACLs)
    8. msExchDelegateListLink
    The following fields cannot be updated by using the Microsoft Graph API.
    1. proxyaddresses
    2. mdbStorageQuota
    3. mdbOverQuotaLimit
    4. mdbOverHardQuotaLimit
    5. msExchHideFromAddressLists
    6. msExchELCMailboxFlags
    7. msExchExternalOOFOptions
    8. msExchOmaAdminWirelessEnable

    Two possible solutions :
    • All listed fields will be included in the AAD-sync tool so that these fields are synchronized
    • All listed fields will be included in the Microsoft Graph API and can be administrated…

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  18. Unlink directories from Microsoft Account

    For the last few years a lot of people added me as co-administrators for their accounts. Now that I don't need to have access to their accounts anymore, I wish there were a way to unlink directories without having to go ask them to remove me from the directory.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  19. "Users at risk detected" messages need more detail

    Provide an option to include more detail in the "Users at risk detected" messages. Receiving these alerts is nice, but it doesn't include enough detail, like the user, risk factors that tripped the alert. etc.

    I know from an "output sanitization" perspective less is better, but we'd at least like the >option< of having more details forthcoming in the initial message. Thanks!

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  20. Self Service Password Write Back to on premise ad for all O365 users for free or a lower lower price than aad premium.

    Self Service Password Write Back to on premise ad for all O365 users for free or a lower lower price than aad premium.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 16 17
  • Don't see your idea?

Feedback and Knowledge Base