Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. “test_test_” prefix name for a tenant

    The OMS code doesn't allow name changes for the tenants that starts with "testtest".
    This is an standard naming convention for test tenants, and the code enforce this rule to ensure that test tenants do not get renamed.
    Would be great to add this to the public information, this should be a "must know" before creating a tenant.

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  2. Multiple Active UPNs - One User Active in Multiple Disconnected On Prem Forests

    Some organizations are federated for purposes of identity/branding only. Multiple disconnected on-prem forests ma exist with a single joined attribute such as email/samaccountname. Password synchronization may also already exist. Users then may exist and be active in multiple on premise forests. Allowing for Multiple Active UPNs in one Azure AD would allow better allocation of entitlements in these organizations. SSO could be directed to the appropriate Azure AD connect agents for seamless SSO. Hopefully, features such as WHfB and Hybrid device join could fit into this paradigm. Since Azure AD is modern and more flexible, this would negate a need…

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  3. Protect user attributes

    Allow for protection of attributes within Azure AD like on-prem AD allows through confidential configuration. Some claims could be easier to generate with data that would be preferable to not share with prying eyes within the directory.

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  4. 14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow multiple accounts with the same MAIL attribute and don't send email to UserPrincipalNames

    We use separate accounts for user and administrative activities. For our admin accounts we don't provision separate mailboxes, so we would want emails to our admin accounts to go to our "user" accounts, but Azure AD Connect reports that Azure AD requires that the mail attribute be unique (i.e. can't be the same on the admin and user accounts). Because of this our administrative accounts don't have a populated mail attribute. Unfortunately, Azure AD's reaction to this is to email alerts intended for those admin accounts to their UPN - which isn't an email address and does not have any…

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  6. show computer membership

    Possibility to display membership on device object like we can do on user object.
    Without that, it's very hard to find out which group a device is member.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add Devices to Administrative Units

    Since BitLocker Keys are stored on the device Object, it would be beneficial to be able to add devices to Administrative units as well, besides groups and users which is currently possible.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  8. "hybrid" groups - Static + Dynamic membership

    Allow for both static and dynamic membership of groups at the same time.

    allow the static membership of groups to be delegated, but the dynamic membership rules locked.

    For example, include all teachers at test elementary school with dynamic rules. I want to then use static to add the principal of the school. Also, some teachers who work at multiple schools, where we cannot set multiple locations in AD. Then be able to delegate the static group membership to the school secretary.

    include and exclude ability for dynamic rules.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  9. AADDS - Please add the support for service endpoint of Microsoft.AAD/DomainServices

    Dear Microsoft,
    please add the support for service endpoint and service tags of Microsoft.AAD/DomainServices service. It would bring the possibility to break the network security down. Now it is too permissive when the AADDS subnet requires route 0.0.0.0/0 -> Internet. Instead of DomainServices -> Internet.

    And the Service tags can be integrated with NSG or Azure Firewall.

    AADDS, Azure Active Directory Domain Services

    Peter

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow blocking accounts from connecting to AzureAD and MSOnline

    Tenant admins can block AAD portal access, or 'Microsoft Azure Management' and Graph Explorer via conditional access policies. However, currently there is no mechanism to block accounts in a tenant from connecting to AzureAD (AAD) or MSOnline using PowerShell module.

    Accounts within a tenant with no privileged roles can harvest other accounts within the tenant to retrieve the same attribute information as a Global Admin performing the same action.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add a service principal as an owner of another service principal

    My issue has to do with the behavior of "az aks update --attach-acr". The account that runs this needs to either be an owner of the AKS SP or have the Application Owner directory role. We don't want to grant too many things the app owner and we deploy AKS via ADO. I'd like to either be able to make an SP an owner on another SP or know what the technical limitation is.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  12. Capture the actor "Change Tenant Name"

    Currently when you make the operation rename your Azure AD Tenant, from properties. Such operation does not register who is the actor of this operation.

    These are the details in the AAD Audit Logs so you can filter it after you have repro this.

    --ACTIVITY TYPE: Update company
    --CATEGORY: DirectoryManagement
    --TYPE: Directory

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  13. Admin consent for Custom App Roles application type scopes

    This currently requires Global Administrator consent. This introduces an overhead for something which is not sensitive permissions as these are arbitrary scopes in Azure AD and used only in the target application.

    It would be great if Global Admin does not need to consent but instead App Owner is sufficient to define the required App Roles.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  14. Please document all available user and computer attributes in Azure AD

    There is no documentation about all available user and computer attributes in Azure AD. It would be very helpful to know what attributes exist. A documentation similar to https://docs.microsoft.com/en-us/windows/win32/adschema/c-user and https://docs.microsoft.com/en-us/windows/win32/adschema/c-computer

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  15. certificate-based authentication in Azure Active Directory RootCert <= 4KB possible

    If you follow the instruction to add root/intermediate CA certificates >4KB files size to AAD it fails.
    Currently the value of <=4KB file size for certificates (root and intermediate) is a hard coded value in Azure. (Microsoft Case 120090224000696)
    https://docs.microsoft.com/en-us/azure/active-directory/authentication/active-directory-certificate-based-authentication-get-started#step-2-configure-the-certificate-authorities

    If the file size of your Root CA certificate is >4KB you cannot use certificate-based authentication in Azure Active Directory.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  16. Give Global Reader true Global Read Permissions

    Global reader still has gaps reading certain blades that require global admin. For example:

    Microsoft _ AAD _ ERM
    -TermsOfUseSummaryBlade
    -AccessReviewsSummaryPart

    Microsoft _ Azure _ ELMAdmin
    -EntitlementListBlade
    -CatalogListBlade
    -PartnerListBlade
    -UserScopeListBlade
    -UserResourceListBlade
    -CommonSettingsBlade

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  17. Limit who can create security groups

    While AAD gives the ability to stop non-admins from creating security groups via the portal, they can still create security groups via PowerShell. There should be a setting which disallows non-admins from creating security groups via any means.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  18. coin master spins

    coin master spins
    https://www.freespinandcoins.com/
    How you can get every day coin master 100 spins

    Everyone is amped up for the coin master game nowadays, various people like to play the coin master game, everyone needs to complete their town quickly, and each game player needs more spin every day, today we will influence you, how you can get bit by bit coin master 100 spins.

    Coin Master 100 spin Gift

    You can send and get each little advance in turn coin master 100 spins by gift elective. Give your embellishments the improvement of a spin every day and they can…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support enforcing unique AAD group names

    Support something like "Enforce unique Azure AD group names" which prevents new groups to be created, if a group with the same display name already exists.

    This should be enforced on the API level.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  20. (#%PokerStars%#) Chips and Throwables Hack Cheats

    PokerStars Online Hack Generator and get free Chips & Throwables now! So without much time, here are the links for PokerStars Cheat code Generator

    Click Here To Get Chips & Throwables 👉 https://www.gamesplatformhub.com/fd99969

    pokerstars chips,pokerstars usb chip,pokerstars free chips,play money pokerstars,pokerstars chip set,pokerstars real money,pokerstars play money,pokerstars real money app,pokerstars vr real money,pokerstars cash games,pokerstars throwables,pokerstars no deposit bonus,cheat pokerstars,pokerstars hack,pokerstars chips generator,pokerstars throwables generator,pokerstars money generator,pokerstars free throwables,pokerstars free money,pokerstars unlimited chips,pokerstars unlimited throwables,pokerstars unlimited money,pokerstars money,pokerstars home games play money,pokerstars cash,pokerstars buy chips,pokerstars real,pokerstars chips for sale,pokerstars free cash,jackpot poker free chips,pokerstars play money chips,pokerstars poker chips,pokerstars poker…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base