Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Set an AzureAD account to expire on a specified date

    Just like in active directory allow accounts to be set to expire on a specified date. Our company policy is to set network accounts for non-employees (consultants, contractors, temporary employees, interns) to expire at a certain interval after they are created. We want the same functionality within Office 365.

    385 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  2. Support plus-addressing in emails, which is invaluable for testing

    We need to create many users for our testing environments. Normally, the way we do this is to use 'plus-addressing'. This is a convention by which you can add a '+' sign and then anything afterwards to an email address, and it gets delivered to the recipient as if the + and everything after did not exist i.e. the following two email addresses are different but get delivered to the same place:

    me@gmail.com
    me+foo@gmail.com

    This is a standard called 'sub-addressing' which is supported by quite a few mail providers, including Google Gmail, Google Apps, Yahoo! Mail, Outlook.com, and quite a…

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  3. AAD Usernames need to support all character sets

    Many customers allow usernames with special characters, double byte characters and Asian character sets. AAD Connect and Azure AD do not support all of these character sets. Not all customers use Active Directory on premise as their main identity store. Thus identities with special characters cannot be synchronized into AAD. For customers with hundreds of thousands of usernames with special character sets, it is a horrible user experience and very costly to try to rename all these logins.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  4. Block Sign In Source-of-Authority issue

    It is very confusing for customers that they have the option to change the "Block Sign In" state, when the users source-of-authority is "Windows AD Server" (Active Directory).

    Why is this not disabled like all other attributes. It doesn't make any sense to have the control enabled, when the UserAccountAttribute overwrite the setting during Azure AD Connect sync.

    You should at least have a popup box telling the users that this setting will be overwritten by Azure AD Connect sync, if the Azure AD Connect is configured to update the AccountEnabled value based on the UserControlControl state in the local…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  5. workday to Azure AD automatic user provision

    We are implementing the Workday Azure AD automatic user account provisioning for our client and we are facing below issues.

    https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/workday-inbound-tutorial

    *Workday account username is employeeID. As of now, the employeeID attribute is blank at Azure

    Issue 1: Automatic provisioning creates the duplicate user record at Azure with email id as userid@domain(20955@clientdomain.com), whereas the client is using their own logic to create the email ids (firstname+MiddleName_Lastname@clientdomain.com). After provisioning of accounts, we are getting duplicate records with different email ids.

    Issue 2: Automatic Provisioning is not updating the employeeId attribute in the Azure user account even when…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  6. Multiple User/Group Delete in Azure AD

    Hi.

    For testing/dev/learning purposes it would be an welcome feature to enable multiple Azure AD User/Group delete.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Today on the list of All users you can select the checkbox for multiple users, and then click the delete button to delete all the selected users. Does this meet your requirement? If not, would you let us know the details of the scenario you’d like to be easier for you to accomplish in our admin portal?

  7. 3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  8. Have automated alerts for User/Group deletions - Especially for Managed Groups

    It would be really nice to have the ability to set alerts (email) for User/Group deletions.

    This is especially useful for security management when Security Groups are assigned owners, usually regular users, for membership management but can accidentally delete the Security Group.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  9. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  10. Reset Enterprise State Roaming Data

    Please provide an ability to reset the Enterprise State Roaming data for individual users.

    Scenario, we are in the middle of a new Windows 10 rollout, where users already have ESR enabled, we want to provision a new profile though for each user, where we set some settings in a default user profile on the machine. With ESR enabled - we cannot set some default settings though.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  11. Access to edit user disconnected session timeout settings in AD users and computer

    We should have the access to edit user disconnected session timeout settings in AD users and computer in AADDS users OU.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  12. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  13. Native support for all Active Directory Attribute Field Actual names

    Please add the full on-premise Active Directory Attribute Field Actual name list to Azure AD.

    Many Orgs have fields mapped for critical company apps like employeeType but since that does not exist in Azure AD I have to map it to an extentionAtributeXX.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  14. respeito as diferenças

    Segurança geral da internet,inteligência emocional e artificial juntas em armonia na administração interna,externa,local e internacionais,com confiabilidade,sabedoria,saúde,responsabilidade,Amor frateno com os direitos de interatividade para todos os meios de comunicações no mundo inteiro para todos nós...

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  15. PowerShell to remove user from all Office 365 Groups (UnifedGroupLinks)

    When a user leaves the company we would like to clean up all the Office 365 Groups they belong to. The way the "Remove-UnifiedGroupLinks" works you need to know what Groups they belong to. That information is not relevant, I know the user and just want to remove them from all UnifiedGroups. Here is the example given in the Microsoft documentation to remove a member:

    Remove-UnifiedGroupLinks -Identity "Legal Department" -LinkType Members -Links laura@contoso.com,julia@contoso.com

    I'd like to be able to do something like what I use on premise AD:

    Get-ADUser ALIAS -Properties MemberOf | ForEach-Object {$_.MemberOf | Remove-ADGroupMember -Members…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  16. Office My account Login

    Office My Account - if you are a existing user login office.com/myaccount, New user can create your office here. Once you account ready you can download and install MS Office in your device.

    https://www.msofficekeyoffice.com/my-account/

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  17. Better instructions for choosing password in the AAD B2B Redemption Page

    Provide better error information or apply password policies so that the users do not create a weak password in the B2B redemption page scenario as explained in the below link.

    The password rules mentioned here[https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts] are not available to the user while choosing the password, as a result, the page throws an error with no specific error information or work around.

    https://stackoverflow.com/questions/55592569/password-complexity-issue-with-b2b-invitation-redemption-page/55603737#55603737

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  18. Implement Application Permission 'Directory.ReadWrite.OwnedBy' in AAD

    We want to implement an automation job to update the token in Azure AD synchronization API (Provisioning in Enterprise Application). According to the documentation in this link: https://docs.microsoft.com/en-us/graph/api/resources/synchronization-overview?view=graph-rest-beta#authorization, we need to give the service principal Application Permission Directory.ReadWrite.All to work with the synchronization api. This Application permission is too powerful since it will have access to all directories. We don't want to give a service principal this power due to the risks it may raise. Thus, we hope an Application Permission like Directory.ReadWrite.OwnedBy can be implemented in the design, so that we can use the service principal writing to…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  19. azure AD connect clear failed exports

    I recently got stuck with bad thumbnail photos trying to sync to AAD from AD. After changing them on premise, changing them in the cloud, trying to set the field to NULL with sync transforms, I couldn't get it to get past these failed exports. AAD Connect needs the ability to clear these failed exports as opposed to wiping the whole thing out and starting over.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  20. Alias

    After I entered my phone number. I went to enter an email. Then I decided I didn’t need to use that email as I do not really monitor the email entered. I went to remove said email to just stick w/ my phone muber for my window user profile. Now windows is making me keep the email I barely use as my new alias and not remove without adding another email. I do not like this at all. Not everyone has a bunch of emails plus I want my phone number to be my original alias. Give me that option…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  • Don't see your idea?

Feedback and Knowledge Base