Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Conditional access policies to block specific versions of windows

    We need the ability to apply Azure Conditional Access policies to specific Windows OS versions (XP, 7, 8, 8.1 and 10)

    While Azure Conditional Access policies can be currently applied to Windows, this includes all Windows operating systems. We need the ability to apply them to specific Windows OS versions as XP, 7 and 8.

    Having this functionality would allow for example to block Windows XP, 7 and 8 devices through CA policies, forcing users to use a safe, updated and supported OS.

    20 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Prompt users for account selection when opening different applications federated across multitenant environments in the same browser

    Our client has multiple Azure AD environments (dev, tst, stg, prod) which act as IDP for their applications which are mapped 1:1 (SP Dev env is integrated with AAD Dev, etc). When a user logs into an application that is federated using AAD Prod, then opens a new tab in the same browser and tries to access an application that is federated using AAD Dev, Stg, or Tst, they are not prompted to select their lower environment account or enter credentials. Instead, they are being directly signed into the AAD lower env using prod credentials which is causing an access…

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Pronouns available across services

    Please add an optional Pronoun field to a user object type. Ideally, this would be able to be used across M365, such as in SharePoint About Me pages, in Contact Card experiences across Outlook and Teams, etc.

    48 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  4. Give customers option to exempt Foreign Principal from conditional access policies

    Foreign Principals access the customer tenants through Partner Center. Customers are currently unable to exempt the Foreign Principal account from conditional access policies like they can for regular users. Subjecting Foreign Principals to conditional access policies can create insurmountable hurdles because the Foreign Principal is from outside the organization and depends on Partner Center for access. Please give customers the option to exempt the Foreign Principal account from conditional access policies in Azure AD.

    20 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. 44 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable OATH / Hardware Token as Second Factor in GCC High Environment

    Currently the Commercial Clouds support OATH hardware tokens (pre-programmed tokens that can serve as the second factor in MFA). This feature is sorely needed in GCC High as there are times when a user must login from a location where their phone is not available. Please add MFA/hardware token support to GCC High.

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Fix tab order for B2C login

    Please fix the tab order for B2C logins. Currently tab goes from the username field to the "Forgot your password" link. It should go from username to password.

    24 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add an additional less complicated data restore option that would allow the Azure support team to manage an AADDS restore

    In general, today an extensive AADDS backup and restore option exists and we worked with both the support group as well as the Product group to utilize this recently. Due to the complexity of this restore we would like to request the following:
    A more targeted restore that would allow for a restore/backup of the Domain Services data rather than an entire infrastructure DR type restore that would be in general a simpler second option.

    28 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  9. Fix Conditional Access Bug, wich prevents Teams to be excluded

    Within Conditional Access ( CDA ), you will be able to include office 365 and exclude dedicated apps, like sharpoint.
    But the exclude feature is not working with Teams, as described in Microsofts own documentation.

    Our Intention is to block Office 365 Web Apps, except to Teams.

    With the conditional access configurd with
    - Teams as exception
    or
    - Teams and all dependend apps, like documented by Microsoft

    the rule will not be applied successfully.

    Teams still kept blocked, while the dependend Apps like SharePoint were still wörking, from out the same CDA rule.

    MS documentaion to exclude office apps

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. workday: allow writeback of matching user employee id from different ERP system

    The Workday Writeback connector needs the capability to writeback a users emplid from an adjacent ERP system. We are using WD HCM and WD financials, and we are using Peoplesoft Campus Solutions for student information system. We need a way to write the Peoplesoft Employee ID back to workday into a custom workday attribute.

    20 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  11. 18 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  12. Azure AD SSO with SAML2.0 should support the Relay State parameter

    SP-initiated SSO is working fine, but we're interested in doing IDP-initiated SSO with a RelayState. Our goal is to provide a seamless SSO experience for the user so that they can SSO from our application directly into an Azure component (Azure Synapse, Azure Data Factory, etc.) without having to first enter their UPN on the Azure AD login page. This feature is supported in AD, but not Azure AD.

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add ability to select Microsoft Adresses in Named Locations

    I'm trying to limit our service accounts access to Azure services, so they are only allowed to logon to Azure services from the actual location they are used.

    I also have a number of service accounts used in Azure ´to login to another azure service (Think it's some click dimentions, used to login to some CRM/Dynamics). These service accounts login from Microsoft IP Adresses.
    It would be nice if it was possible to select Microsoft IP addresses as a named location, and maybe also other cloud providers amazon, google ect.
    I have downloaded a lidt of all Microsofts public IP…

    28 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow Microsoft authenticator to transfer from Android to iphone

    Microsoft authenticator to transfer from Android to iPhone. Currently iPhones can only restore Microsoft Authenticator backups from iCloud.

    20 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure AD Portal - Synced user domain

    Would be really helpful for Multidomain forest synced into AD to have visibility of the synced user domain.

    We had experience of having synced user not meeting ConfigMgr user for MEM admin portal, and it would had been really easy to identify that user on ConfigMgr was not the synced, if the AD domain would be visible under (synced) user properties, as part of

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  16. dynamic membership for administrative units

    Managing user memberships for administrative units should be make possible by dynamic membership!

    So for instance the memberships should be auto-updated based on the department field of the user. (or any other attribute)

    65 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Groups/Dynamic groups  ·  Flag idea as inappropriate…  ·  Admin →
  17. Azure AD role to unblock or block MFA for users

    I am unsure if someone posted an idea about this, but is there an existing Azure AD role that allows an administrator to block or unblock MFA for users? As it seems today, only a Global administrator can unblock or block MFA for a user. If there an Azure AD role that does this today, please let me know. Otherwise, it would be nice to incorporate the block/unblock MFA permission with an existing role or create a new one. Just a thought! :)

    22 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Tag MFA Methods With Provider Name

    Methods displayed on Mysign-in page Securityinfo should be tagged with relevant Provider information (Azure MFA Tenant Name , On-prem MFA server name ..etc ) like its done on the MS Authenticator app to make it easier for end users to distinguish .

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add support for the "@" in the application identifier value

    There is an issue with Azure Active Directory App Integration and Development, where users are unable to login to the application through Single Sign-on (SSO) - currently ESTS ignores everything after @ within an application identifier.

    Attempting to escape it with %40 also fails.

    Please add support for "@" in the application identifier value for Azure Active Directory App Integration.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add hardware token support in GCC high tenants

    Please add hardware tokens support in GCC high tenants.

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 266 267
  • Don't see your idea?

Feedback and Knowledge Base