Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add passwordless sign-in for Apple Watch

    The password less sign-in option only works with the authenticator app on the phone and not on the Apple Watch ("Request type not supported on your watch"). It would be most convenient to be able to have this supported on the Apple Watch as well.

    63 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  2. Passwordless Signon with single device and multiple accounts

    The current implementation of Azure AD passwordless signon only permits one account per device, per tenant. So I can have my "regular" Office 365 account protected and passwordless using the MS Authenticator app, but I can't also setup my Office 365 Admin account (or vice versa). For the typical user with only one account this is fine, but as an admin I would prefer the security benefits of going passwordless on my admin account as well.

    58 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  3. Adding YubiKey Support to Azure AD and Edge on iOS/iPadOS

    YubiKey's 5Ci security keys allows password-less authentication via Lightning connector. It's the first security key that can plug into a iPhone or iPad Lightning port and USB-C port. Several apps supports authentication such as Brave, a browser app based on Chromium.
    https://brave.com/partnership-with-yubico/

    It would be great if Azure Active Directory and Edge supports the YubiKey for password-less authentication.

    There is also an upcoming SDK to support the new NFC authentication capabilities in iOS. This will allow FIDO2 authentication over NFC and Lightning as well.
    https://www.yubico.com/2019/09/yubico-ios-authentication-expands-to-include-nfc/

    52 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  4. Adding Touch ID Support for MFA/password-less on Chromium (macOS)

    Google has added fingerprint authentication on Chrome including support of Apple's biometric sensors "Touch ID" last year:
    https://www.chromestatus.com/feature/5962264427364352

    This seems to be implemented via Web Authentication API.
    It would be awesome to use Touch ID as 2nd Factor or password-less option in Azure Active Directory. Currently you are able to choose between NFC and USB only (tested on lastest build of Chrome).

    It would be even better if Edge Chromium supported the built-in fingerprint of MacBooks. :)
    However, it seems to be a limitation of Azure Active Directory.

    20 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  5. Mandate the use of FIDO2 security key

    Hello,

    let us mandate a specific login method. E.g. login only possible via security key.

    As it is now, security keys are only optional and ADD-ON to the existing methods. For configuring a security key in the first place, one needs to set-up MFA with SMS/Phone before.

    But what good is a security key if a malicious somebody can just choose "sign in with another method" and then choose SMS, when SMS based MFA is discouraged everywhere because of security concerns.

    I would like to see something as in Google's advanced protection programme. True, this is not passwordless, but then…

    18 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  6. 11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  7. Passwordless Support in Remote Desktop Using Windows Hello for Business Key Trust Model

    Currently, when WHfB is deployed, a Remote Desktop session is supported using PIN/Fingerprint, but only in a certificate trust scenario. For key trust, we must continue to enter a password. This is an obstacle in our way to go passwordless one day, so I think it is worth considering the implementation.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  8. fido2 registration without MFA-requirement

    Allow users to register fido2 keys without second authentication factor. Or alternatively as someone suggested, provisioning via powershell.
    We don't want to force our users to register a MFA-method that they don't plan on using anyway.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable Temporary Access Pass use during AutoPilot enrollment

    I should be able to provide a Temporary Access Pass to a new user in order for them to drive the AutoPilot OOBE. So that they can enrol for Windows Hello for Business and passwordless authentication without having to use a password or register for MFA.

    It looks like you had it working perfectly but then took it away!
    https://www.inthecloud247.com/my-first-experience-with-temporary-access-pass-during-windows-autopilot-enrollment/

    "A Temporary Access Pass cannot be used with the Network Policy Server (NPS) extension and Active Directory Federation Services (AD FS) adapter, or during Windows Setup/Out-of-Box-Experience (OOBE) and AutoPilot."

    Note this flow works on Android so why not on Windows…

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  10. Passwordless User Provisioning

    Add support for true passwordless AAD user provisioning. All of the passwordless authentication methods (Hello, FIDO2, and Authenticator) currently require the user to sign in with an initial password before he can self-enroll into passwordless.
    This could be achieved by different methods, like OTP, enrollment smart cards, enrollment FIDO2 keys, managed FIDO2 provisioning, administrative initial device approval etc.
    This would allow us to achieve a state when employees do not even know/have their AAD passwords.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  11. Extend FIDO2 passwordless AAD support to mobile browsers on Android, iOS etc.

    Please extent support for FIDO2 passwordless AAD sign-in to mobile browsers. According to doc: https://docs.microsoft.com/en-us/azure/active-directory/authentication/fido2-compatibility no mobile browsers are currently supported. Mobile Edge is not even listed.

    We were looking forward to equip Android tablet-only users with Yubikeys to be able to do FIDO2 passwordless sign-in to Office 365 and 3rd party web services using Azure AD as an IdP. Especially those users could benefit most from a passwordless sign-in. However, the sign-in option 'Sign-in using a security key' is currently not available when using a mobile browser to connect.

    What are the plans? Will this become available in the…

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enable "Sign in with a security key" option from any sign-in page (e.g. in case of frequency passed)

    End-user experience of password-less sign-in options is broken in some user scenarios.

    Example: The "Sign in with a security key" option is not available on sign-in page after the sign-in frequency passed (Conditional Access session policy).

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  13. Passwordless Authentication FIDO2 security key not working on Linux

    Using Azure AD Authentication. Fido 2 security key passwordless authentication support to be extended to Non-Windows Platforms.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  14. Provide ability to prevent sign in with a password when passwordless is enabled

    Want to stop users being able to login with a standard password (with or without MFA) when passwordless has been enabled.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  15. Login with printable badges for K-3 students to SSO applications.

    We'd like the capability to login with printable badges for K-3 students to SSO applications in Azure AD. So that they can simply scan their badge that the teacher made for them and get into the application. Similar to the https://clever.com/products/badges. This would fit into the passwordless signon but not require phones as students may not have phones.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  16. Adding serial number fido2 to achieve a company management

    Currently in the record information there is no information about the serial number of the key FIDO2.

    Currently to manage the serial number of fido2 keys we have to manage them outside of azure.

    with the powershell command we have a serial number information on the yubico keys but it does not match the serial number behind the key.

    Do you think it is possible to upload the information in azure.

    "the serial number which is indicated behind the key and also present in the software of the different providers"

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  17. Security Key Sign-in for third party VPNs

    Hi all,
    we are starting supporting customers on implementing third party VPN appliances log on using Azure Ad accounts.
    The reference document is this one:
    https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/secure-hybrid-access#sha-through-vpn-and-sdp-applications

    The actually implemented scenarios are working very well with Modern Authentication and Azure MFA as a second factor.
    The actual limit seems that triyng to use a FIDO2 security key is not an available option. The security key sign-in is missing from the modern authentication form.
    Is this feature in roadmap?

    Thanks,
    Marco

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  18. Enable self-service PIN reset for WH4B in GCC/GCC-H tenants

    Please enable the Windows Hello for Business Self-Service PIN reset feature for gov cloud tenants.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  19. Passwordless authentication after password expiry

    Currently, it is possible to sign in to Azure AD using passwordless even if the password is expired. Although this ok, the overall ecosystem is not yet where Password can be completely removed. So when the password expires for Azure AD/O365, irrespective of the sign-in method users should be forced to set a new password.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add supervision on dashboard azure

    Key supervision works well

    The supervision of the keys works well can you add the possibility to add supervision on dashboard.
    Azure Active directory - Security -
    Authentication methods - Activity

    Pin to dashboard Registration & Usage

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base