Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Bulk import gives error after csv upload - example csv cannot be modified and uploaded - need a working csv

    a working downloadable csv bulk import sample file would be helpfull.
    You would expect a sample file to be ready to import right away - with no changes (execpt the email adresses) necessary.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow RDP access from a computer in a different AAD (Multi/Cross-Tenant Support)

    Currently the AAD access to an Azure VM only works if your client is connect via AAD to the same Azure directory/tenant.
    We support a multi-tenant environment which means my desktop/laptop is unlikely to be on the same directory that I am trying to authenticate against.

    There needs to be some added granularity to allow for this situation otherwise this facility is useless to us under a "service provider" role.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  4. Edit the Password Policy - Azure AD - 5 Attempt lockout, Password History at least 5

    Right now if a device is Azure AD joined there is no lockout policy and the password history is only compared to the most recent password set.
    In regular Microsoft Active Directory there are many more options you are given for a more secure password practice:
    -If 5 incorrect attempts are made into a device login it should lock for 1-2 minutes and there should be an option in Administrator to be able to unlock
    -Compare new password to past 5 passwords

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  5. system assigned managed identity enables Azure resources to authenticate to cloud services (e.g. Azure Key Vault) without storing credentia

    Please updat ehte documentation to reflect the fact that we need to enable this feature BEFORE se install the extention. as in a requiement.

    system assigned managed identity enables Azure resources to authenticate to cloud services (e.g. Azure Key Vault) without storing credentials in code. Once enabled, all necessary permissions can be granted via Azure role-based-access-control.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  6. Members of the "Guest inviter" role can invite guests, but unable to add First Name/Last Name

    Members of the "Guest inviter" role can invite guests, but unable to add First Name/Last Name.

    Logged with MS O365 Support 120012725000253, response: Wed 19/02/2020 14:43

    "The update from the product team is that the Guest inviter role will not be able to invite guest users successfully filling out the other details. He would need either ‘Global administrator’ or ‘User administrator’ role in order to do that."

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  7. Re-enable bulk invite from Azure Portal (B2B guests

    The bulk invite (preview) functionality to invite multiple B2B guests was available on Azure Portal and was working fine. It has been disabled since 22nd Dec with no current deadline/timeline to re-enable it.

    When I checked with Microsoft Product team they asked me to raise this as an idea here and that they will re-enable if there was enough community support.

    Refer this for the functionality that I am referring to https://docs.microsoft.com/en-us/azure/active-directory/b2b/tutorial-bulk-invite

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow Dynamics 365 Business Central Cloud in Conditional Access

    Make sure that D365BC can be configured as one of the applications in Conditional Access.
    Currently, only Common Data Service (= Dynamics CRM) can be selected, but this does not apply to BC.
    We want to set up BC-only Conditional Access without refusing all cloud apps.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  9. Azure AD availability in windows server 2019

    Is it possible to join the windows server 2019 in to azure AD using azure ad join?

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  10. 6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  11. Migrate User and Computer to Azure AD

    Microsoft needs to provide a command-line option or built-in feature that allows the ability to migrate existing AD user and computer objects to Azure AD.


    • Hybrid join does not stay AAD joined if you remove from AD.

    • Bulk enrollment only works for OOBE (new device0 and not existing devices.

    • USMT does not support AAD accounts, requires profile to be manually logged on first to create Windows Profile. There is no way to get the AAD user SID to try and pre-create profile for USMT.

    There either needs to be a tool or built-in mechanism to "switch" from AD to AAD…

    31 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  12. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  13. Let's do it automatic instead

    Manual join a VM to a domain and manual disjoin domain to a domain before removing/deleting the VM is too much . Giving the current state of the art , it should be possible to do it in the console when creating the VM or removing it. It will resolve orphans.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  14. Passwordless Sign in for Azure Active Diretory using Fido 2 security Keys

    As the machines are joined to local domain I am not able to join the machines to Azure AD to implement this service. Can you guys guide me the way how to Join the machines which are joined to local domain without changing the ndomain

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add Angola to the list of countries for creation of tenant

    While trying to create my Azure AD/Tenant, I have noticed that my location (Angola) is not available in the list of countries or regions. It is clear that I cannot choose a random country/region now because I won't be able to alter it later, therefore, could you please add this country to the list?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  16. Hybrid Joined Devices support with FIDO2

    I realise the support for FIDO2 logins with Azure AD was only just released recently, but what timeline is there for support for hybrid joined devices login?

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow Windows Hello to be optional

    We're provisioning laptops in Intune for Students. Some of them, not all, wish to use Windows Hello so that they can make use of their fingerprint scanner.

    If we allow this in Intune then the Windows Hello enforcement is taken from Azure and everyone has to use Windows Hello. If we disable it in Intune, then no-one can use it.

    There's no happy medium. We can't make students use it, as some of them will find that very confusing, but disabling it also makes for some very unhappy faces. When really we don't mind if they want to use it…

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  18. Do we have a powershell method to activate Azure Resource roles ( not Azure AD roles )

    Do we have a powershell method to activate Azure Resource roles ( not Azure AD roles )

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  19. automate disjoin

    With a mass deployment to be able to use Intune MDM management, our devices needs to be joined and registered correctly. However, most of our devices are in "Pending" state and we would like the ability to do a bulk disjoin, remove the email account under Access work or school settings, and then be able to re-register the device successfully to be later enrolled in Intune MDM management.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure AD Join for MacOS

    We only have option for MacOS to register to Azure AD.
    Customer needs to logon to MacOS by using Azure AD user, so they would like us to add functions for MacOS to Join to Azure AD.

    33 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base