Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. group naming policy using extension attributes

    Please implement additional functionality to allow the use of Extension Attributes as part of a Group Naming Policy. This is required as the Department name is too large and many organisations have a shortened department code which they apply via an Extension Attribute. Using a long department name in a Group Naming POlicy creates names that are too long to be useful, but using a shortened department code plus group name means that the group can be easily identified and attributed to a department without cluttering the name space.

    e.g. Information and Communication Technology has a short code of ICT…

    140 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enable support for dynamic mail-enabled security groups

    Dynamic security groups are great, mail-enabled groups are great too wouldn't it be great to have both. We have a requirement to create security groups (or distribution groups) based on employee attributes (i.e. Active Full-time, Active Parttime, etc...). These attributes live in Azure AD but aren't accessible in Exchange Online so I cannot create a dynamic distribution group. I am able to create a mail-enabled security group but the membership cannot be dynamic. And any dynamic group I create can't be mail-enabled unless it's a unified group but for the purposes we need the groups for Unified groups aren't appropriate.…

    128 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    22 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  3. Introspection endpoint for Azure Active Directory

    Hi,
    Times, there will be cases when the user logs out but the token associated with the user on the client doesn't expire and so when the Resource Servers/APIs invoked with these tokens gets serviced/honored. It would be great to have an introspection endpoint with AAD to check the validatity of the token (as mentioned in RFC 7662 https://tools.ietf.org/html/rfc7662) so that all APIs/Resources can leverage it and accept or reject the token instead of creating a custom repository at our end to blacklist these tokens.

    53 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support roaming/sync of start menu layout

    There is a desire for Enterprise State Roaming to support the roaming of the start screen/start menu as was done in Windows 8.x with MSA.

    52 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  5. Invalidate JWT Token

    Need a way to invalidate JWTTokens that have been issued to a user to prevent the user from accessing the AAD with the token after issuing the OAuth logout request:
    (https://login.windows.net/{{tenant}}/oauth2/logout?post_logout_redirect_uri={{RedirectUri}})

    42 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  6. Disable new features, which impact all AzureAD users, per default

    We always appreciate new Features in AzureAD, but if a new feature impacts all our users, we would like to be completely in control of enabling the feature once our organization is ready.
    I specifically refer to the "LinkedIn Integration in AzureAD" which will be enabled by default.
    When deploying future releases, please keep in mind that there are organizations out there, which have strict processes for enabling new features for their employees. Enabling a new feature, which impacts all AzureAD users by default is really disruptive!

    35 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  7. CSP subscription transfer between tenants

    Eneblemnt of Azure CSP subscription tranfer between AAD tenants.

    31 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow Azure AD to Azure AD Trust

    Add the ability to trust another 365 tenant like exists with on prem active directory. The scenario is a company that has an establish 365 acquires another company that has a 365 environment. In a on prem scenario a domain trust would be put in place, however federation and external user access is the only options. This capability needs to be in place for Azure AD to trust another Azure AD.

    26 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  9. Release AADLoginForLinux source

    I would like to see the source code for Microsoft.Azure.ActiveDirectory.LinuxSSH.AADLoginForLinux released. It would fit nicely into the https://github.com/Azure/azure-linux-extensions repository

    25 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  10. Backup Azure Active Directory

    I would like the ability to backup my Azure Active Directory. This could be a feature provided by Microsoft, or allowing a configuration file to be exported locally.

    If my users maliciously deleted application registrations among other things, there is no easy way to restore this currently.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  11. Improve Device Listing Page - Export, sort, filter

    The All Device listing in Azure Active Directory has good information but you can not export it, sort it or filter efficiently.

    Would really appreciate the typical 'Export' option.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow custom link for "can't access your account"

    We use Azure AD connect to sync our local Active Directory with Azure AD/Office 365. As such, we don't want users trying to change their password using the "Can't access your account" link on the login.microsoftonline.com page, but would like to direct them to our on-premise password management system instead. It would be great if we could enter a custom URL for "Can't access your account" as part of the branding options. We've tried putting some text in the "Sign in text" area to let users know where to change their password, but the text is so tiny that users…

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add Intune management capability for the Authenticator mobile app

    Just like other Microsoft mobile apps that can be managed by Intune, it would be good if we could use Intune to manage the Azure Authenticator mobile app.
    For example, only allow Authenticator to be used on "healthy" devices - or only allow certain features (OTP) if the device has a passcode or in encrypted.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure databricks to support Exec Stored Procedure on SQL sources

    We use advanced SQL and T-SQL queries that includes stored procedures to carry out ETL activities on SQL.
    We cannot any support or documentation on how to run Exec Sproc activities on Databricks. This is a push-down mechanism as shown below but it fails to run Exec Sp Sql commands.
    https://docs.databricks.com/spark/latest/data-sources/sql-databases.html

    val pushdown_query = "(select * from employees where emp_no < 10008) emp_alias"
    val df = spark.read.jdbc(url=jdbcUrl, table=pushdown_query, properties=connectionProperties)
    display(df)

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  15. Win32 app support for roaming

    Azure AD Enterprise State Roaming for Windows 10 does not support syncing of Win32 apps settings/data. Current version only supports UWP modern app and OS settings. Most of organization have vast deployment win32 apps

    For Win32 app support, current approach is to deploy User experience virtualization (UEV). Add support for Win 32 app setting - provide one integrated cloud based tool - Enterprise state roaming.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add group as owner on Azure AD Application and Service Principal

    When managing Application and Service Principal objects in Azure Active Directory, it's difficult to provide granular access controls.

    Azure currently supports adding "Users" as Owners through the Azure Portal, and we can also assign other "Service Principals" as Owners using PowerShell (or by creating the new SPN with an existing SPN), however it's not possible to add a Group.

    When you try to do this, you get the following error message:

    ###############################
    PS C:\> Add-AzureADApplicationOwner -ObjectId <removed> -RefObjectId <removed>
    Add-AzureADApplicationOwner : Error occurred while executing AddApplicationOwner
    Code: Request_BadRequest
    Message: The reference target 'Group_<removed>' of type 'Group' is invalid for the…

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  17. Azure AD with automatic join during deployment

    I want to join my devices to azure ad during the Installation with SCCM or MDT

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  18. Office 365 Stream Group Channels: Assign Access with Azure AD Groups

    Currently you can configure access to an Office 365 Stream Channel as companywide or group. When using the 'Group Channel' option you cannot specify an existing Azure AD Group.

    Assigning access to 500 out of 1000 people would require creating a Stream Group and manually adding the required 500 users. This would then have to be manually maintained when new users come along.

    It would be much better to be able to use an existing Azure AD group synced from on premises AD via AD connect.

    Please make it possible to assign access to Stream Channels using Azure AD Groups

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow ESR admin to reset user synced data

    Admin control to reset user synced data through the Azure AD portal. Useful for debugging, troubleshooting, and starting clean.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  20. Improve Exchange online administration via Graph API

    The following 8 fields of on-premise users cannot be read or updated by using the Microsoft Graph API.
    1. altRecipient
    2. mDBUseDefaults
    3. msExchRBACPolicyLink
    4. msExchPoliciesExcluded
    5. protocolSettings
    6. homeMDB
    7. ntSecurityDescriptor (DACLs)
    8. msExchDelegateListLink
    The following fields cannot be updated by using the Microsoft Graph API.
    1. proxyaddresses
    2. mdbStorageQuota
    3. mdbOverQuotaLimit
    4. mdbOverHardQuotaLimit
    5. msExchHideFromAddressLists
    6. msExchELCMailboxFlags
    7. msExchExternalOOFOptions
    8. msExchOmaAdminWirelessEnable

    Two possible solutions :
    • All listed fields will be included in the AAD-sync tool so that these fields are synchronized
    • All listed fields will be included in the Microsoft Graph API and can be administrated…

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 16 17
  • Don't see your idea?

Feedback and Knowledge Base