Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Conditional access policies to block specific versions of windows

    We need the ability to apply Azure Conditional Access policies to specific Windows OS versions (XP, 7, 8, 8.1 and 10)

    While Azure Conditional Access policies can be currently applied to Windows, this includes all Windows operating systems. We need the ability to apply them to specific Windows OS versions as XP, 7 and 8.

    Having this functionality would allow for example to block Windows XP, 7 and 8 devices through CA policies, forcing users to use a safe, updated and supported OS.

    23 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Give customers option to exempt Foreign Principal from conditional access policies

    Foreign Principals access the customer tenants through Partner Center. Customers are currently unable to exempt the Foreign Principal account from conditional access policies like they can for regular users. Subjecting Foreign Principals to conditional access policies can create insurmountable hurdles because the Foreign Principal is from outside the organization and depends on Partner Center for access. Please give customers the option to exempt the Foreign Principal account from conditional access policies in Azure AD.

    27 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Fix tab order for B2C login

    Please fix the tab order for B2C logins. Currently tab goes from the username field to the "Forgot your password" link. It should go from username to password.

    43 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  4. Pronouns available across services

    Please add an optional Pronoun field to a user object type. Ideally, this would be able to be used across M365, such as in SharePoint About Me pages, in Contact Card experiences across Outlook and Teams, etc.

    55 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. Prompt users for account selection when opening different applications federated across multitenant environments in the same browser

    Our client has multiple Azure AD environments (dev, tst, stg, prod) which act as IDP for their applications which are mapped 1:1 (SP Dev env is integrated with AAD Dev, etc). When a user logs into an application that is federated using AAD Prod, then opens a new tab in the same browser and tries to access an application that is federated using AAD Dev, Stg, or Tst, they are not prompted to select their lower environment account or enter credentials. Instead, they are being directly signed into the AAD lower env using prod credentials which is causing an access…

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Fix Conditional Access Bug, wich prevents Teams to be excluded

    Within Conditional Access ( CDA ), you will be able to include office 365 and exclude dedicated apps, like sharpoint.
    But the exclude feature is not working with Teams, as described in Microsofts own documentation.

    Our Intention is to block Office 365 Web Apps, except to Teams.

    With the conditional access configurd with
    - Teams as exception
    or
    - Teams and all dependend apps, like documented by Microsoft

    the rule will not be applied successfully.

    Teams still kept blocked, while the dependend Apps like SharePoint were still wörking, from out the same CDA rule.

    MS documentaion to exclude office apps

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. 34 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  8. Enable OATH / Hardware Token as Second Factor in GCC High Environment

    Currently the Commercial Clouds support OATH hardware tokens (pre-programmed tokens that can serve as the second factor in MFA). This feature is sorely needed in GCC High as there are times when a user must login from a location where their phone is not available. Please add MFA/hardware token support to GCC High.

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. 44 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow Microsoft authenticator to transfer from Android to iphone

    Microsoft authenticator to transfer from Android to iPhone. Currently iPhones can only restore Microsoft Authenticator backups from iCloud.

    31 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Extend FIDO2 passwordless AAD support to mobile browsers on Android, iOS etc.

    Please extent support for FIDO2 passwordless AAD sign-in to mobile browsers. According to doc: https://docs.microsoft.com/en-us/azure/active-directory/authentication/fido2-compatibility no mobile browsers are currently supported. Mobile Edge is not even listed.

    We were looking forward to equip Android tablet-only users with Yubikeys to be able to do FIDO2 passwordless sign-in to Office 365 and 3rd party web services using Azure AD as an IdP. Especially those users could benefit most from a passwordless sign-in. However, the sign-in option 'Sign-in using a security key' is currently not available when using a mobile browser to connect.

    What are the plans? Will this become available in the…

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  12. Azure AD role to unblock or block MFA for users

    I am unsure if someone posted an idea about this, but is there an existing Azure AD role that allows an administrator to block or unblock MFA for users? As it seems today, only a Global administrator can unblock or block MFA for a user. If there an Azure AD role that does this today, please let me know. Otherwise, it would be nice to incorporate the block/unblock MFA permission with an existing role or create a new one. Just a thought! :)

    34 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add an additional less complicated data restore option that would allow the Azure support team to manage an AADDS restore

    In general, today an extensive AADDS backup and restore option exists and we worked with both the support group as well as the Product group to utilize this recently. Due to the complexity of this restore we would like to request the following:
    A more targeted restore that would allow for a restore/backup of the Domain Services data rather than an entire infrastructure DR type restore that would be in general a simpler second option.

    28 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  14. Include a Parameter/Indicator in Azure AD Sign-in Logs

    Requesting PG team to look into the Azure AD Sign-in Logs and include any indicator/parameter to state that the password entered was correct although the access to M365 resources were blocked. This will not only help us to detect brute force attacks but also to understand any account compromises.".

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  15. Enable Microsoft Autofill with Azure AD work and school accounts

    The Microsoft Autofill function in the Microsoft Authenticator is currently only available for Microsoft accounts.

    Enable the Autofill feature in the Microsoft Authenticator and Microsoft Autofill browser extension for Azure AD work and school accounts.

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable Temporary Access Pass use during AutoPilot enrollment

    I should be able to provide a Temporary Access Pass to a new user in order for them to drive the AutoPilot OOBE. So that they can enrol for Windows Hello for Business and passwordless authentication without having to use a password or register for MFA.

    It looks like you had it working perfectly but then took it away!
    https://www.inthecloud247.com/my-first-experience-with-temporary-access-pass-during-windows-autopilot-enrollment/

    "A Temporary Access Pass cannot be used with the Network Policy Server (NPS) extension and Active Directory Federation Services (AD FS) adapter, or during Windows Setup/Out-of-Box-Experience (OOBE) and AutoPilot."

    Note this flow works on Android so why not on Windows…

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  17. Update the Microsoft Graph Security API event when logic app add comment to Azure sentinel' incident

    Scenario
    1. Azure sentinel analytic rule trigger, then it creates the incident alert in Azure sentinel and then Microsoft Graph captured the incident alert info.
    2. Logic app playbook check if there is an incident alert, then query the data and then add it to the incident's comment.
    3. I tried to query the Microsoft graph security API in PowerShell and then discovered that the incident alert result was not updated for including the incident comment.
    4. I checked with various teams (Microsoft graph security team, Microsoft Sentinel Security Team, Microsoft Logic app Team ). the Microsoft Security API team…

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  18. dynamic membership for administrative units

    Managing user memberships for administrative units should be make possible by dynamic membership!

    So for instance the memberships should be auto-updated based on the department field of the user. (or any other attribute)

    81 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    21 comments  ·  Groups/Dynamic groups  ·  Flag idea as inappropriate…  ·  Admin →
  19. workday: allow writeback of matching user employee id from different ERP system

    The Workday Writeback connector needs the capability to writeback a users emplid from an adjacent ERP system. We are using WD HCM and WD financials, and we are using Peoplesoft Campus Solutions for student information system. We need a way to write the Peoplesoft Employee ID back to workday into a custom workday attribute.

    20 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure AD SSO with SAML2.0 should support the Relay State parameter

    SP-initiated SSO is working fine, but we're interested in doing IDP-initiated SSO with a RelayState. Our goal is to provide a seamless SSO experience for the user so that they can SSO from our application directly into an Azure component (Azure Synapse, Azure Data Factory, etc.) without having to first enter their UPN on the Azure AD login page. This feature is supported in AD, but not Azure AD.

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 305 306
  • Don't see your idea?

Feedback and Knowledge Base