Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow RDP access from a computer in a different AAD (Multi/Cross-Tenant Support)

    Currently the AAD access to an Azure VM only works if your client is connect via AAD to the same Azure directory/tenant.
    We support a multi-tenant environment which means my desktop/laptop is unlikely to be on the same directory that I am trying to authenticate against.

    There needs to be some added granularity to allow for this situation otherwise this facility is useless to us under a "service provider" role.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  2. Need a full manual page for dsregcmd.

    Dsregcmd is vital for troubleshooting Azure AD Join and Hybrid Azure AD join issues, yet MS has published no full manual page on how to use it. Using the /status switch is helpful, but I have to go to forums and blogs to get basic info on /join, /leave, and /debug. A command this important should be thoroughly documented.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  3. Saved Password on Azure AD Computers

    I hope I am here on the right place with my issue but form my perspektive it's unlikly a Teams Problem:
    If a device is joins the Azure AD after a User logs into his Teams Account on a shared Laptop (for Presentations etc...). After he loggt out from Teams he only neets to enter his username to login in again. To prevent this you neet to disconnect the Account in Settings\Account settings\access Work or school. This is not a very confortable way and makes the Teams Network vunerable if a User Stayed logged in on a public PC.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure AD Join for MacOS

    We only have option for MacOS to register to Azure AD.
    Customer needs to logon to MacOS by using Azure AD user, so they would like us to add functions for MacOS to Join to Azure AD.

    33 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow OTP users to update/change their source of authorization to AAD or Google federation

    When I turned on the OTP preview, it automatically forced users who did not have a domain listed in AAD or google to use an OTP, but it's rediculous to have to use OTP every time you log into an Extranet or Employee portal. I would like for users to use OTP as a last resort and be given the option to use or create a Microsoft account first, even if they used OTP previously with their current email address.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  6. 6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  7. Edit the Password Policy - Azure AD - 5 Attempt lockout, Password History at least 5

    Right now if a device is Azure AD joined there is no lockout policy and the password history is only compared to the most recent password set.
    In regular Microsoft Active Directory there are many more options you are given for a more secure password practice:
    -If 5 incorrect attempts are made into a device login it should lock for 1-2 minutes and there should be an option in Administrator to be able to unlock
    -Compare new password to past 5 passwords

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  8. What is Azure

    The page states “Download the Azure Portal App.”

    This page should provide information what exactly the Azure Portal is?
    I should not have to go searching for this information.

    Also, the only mobile device I have is my cell phone.
    Sorry, my cell phone is my personal phone and I do not have memory to download another app.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  9. Hybrid Joined Devices support with FIDO2

    I realise the support for FIDO2 logins with Azure AD was only just released recently, but what timeline is there for support for hybrid joined devices login?

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  10. Bulk import gives error after csv upload - example csv cannot be modified and uploaded - need a working csv

    a working downloadable csv bulk import sample file would be helpfull.
    You would expect a sample file to be ready to import right away - with no changes (execpt the email adresses) necessary.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow Dynamics 365 Business Central Cloud in Conditional Access

    Make sure that D365BC can be configured as one of the applications in Conditional Access.
    Currently, only Common Data Service (= Dynamics CRM) can be selected, but this does not apply to BC.
    We want to set up BC-only Conditional Access without refusing all cloud apps.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  12. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  13. system assigned managed identity enables Azure resources to authenticate to cloud services (e.g. Azure Key Vault) without storing credentia

    Please updat ehte documentation to reflect the fact that we need to enable this feature BEFORE se install the extention. as in a requiement.

    system assigned managed identity enables Azure resources to authenticate to cloud services (e.g. Azure Key Vault) without storing credentials in code. Once enabled, all necessary permissions can be granted via Azure role-based-access-control.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  14. Address VDI and M365 licensing

    Hello everyone, this is a requested change for the components of Azure AD machine join. The use case here is for clients to upgrade their existing Windows PC (7,8,10) to Windows 10 enterprise. Our customer base uses VMware's Horizon view for VDI. VMware's official supported license is KMS. Our clients would love to transition to a cloud based licensing model, but the Windows 10 E3 license does not work with the cloning technology for a couple of reasons.

    Horizon Cloning options & pool types:
    • Manual - VM is not built in Horizon, only brokered through it.
    • Full Clone…

    29 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow Windows Hello to be optional

    We're provisioning laptops in Intune for Students. Some of them, not all, wish to use Windows Hello so that they can make use of their fingerprint scanner.

    If we allow this in Intune then the Windows Hello enforcement is taken from Azure and everyone has to use Windows Hello. If we disable it in Intune, then no-one can use it.

    There's no happy medium. We can't make students use it, as some of them will find that very confusing, but disabling it also makes for some very unhappy faces. When really we don't mind if they want to use it…

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  16. Prevent Other Users from Logging into Azure AD Joined Computer

    When a computer is joined to Azure AD any user can log into it and use it. We need a way to prevent this from happening, limiting machines to only certain users or groups.

    18 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  17. Have Hybrid Azure AD joined devices show under users in azure active directory

    When a Hybrid Azure AD joined machine has an owner you would expect the device to show in that users devices but it does not.

    I would like the device to show there for convenience of being able to see what devices the user has.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  18. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  19. Need an easy way to Domain joined PCs to AzureAD Joined ONLY PCs.

    Need an easy way to AzureAD Join users on Domain joined machines. Currently in order to switch a user to AzureAD Join you have break their local domain account. This means the user loses their settings and profile. This is too disruptive to our end users at Corporate. We even enabled Hybrid Azure AD Join thinking it would allow us to connect to Azure AD and then disconnect the domain and allow the user's profile to stay intact. MSFT informed me that it doesn't work this way.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  20. New variables in Intune groups

    When creating groups in Intune I would like to see more dynamic variables to query from such as Apple Serial #. I have too many instances where my groups neeed to be tied to static devices when being enrolled.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base