Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Pronouns available across services

    Please add an optional Pronoun field to a user object type. Ideally, this would be able to be used across M365, such as in SharePoint About Me pages, in Contact Card experiences across Outlook and Teams, etc.

    39 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. 43 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add an additional less complicated data restore option that would allow the Azure support team to manage an AADDS restore

    In general, today an extensive AADDS backup and restore option exists and we worked with both the support group as well as the Product group to utilize this recently. Due to the complexity of this restore we would like to request the following:
    A more targeted restore that would allow for a restore/backup of the Domain Services data rather than an entire infrastructure DR type restore that would be in general a simpler second option.

    27 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  4. Password sent from MIM to OpenLDAP is not hashed

    MIM is sending Passwords to OpenLDAP in a clear text instead hashing. Encrypting it at the target (OpenLDAP) using a SSHA password store scheme module which still opens up a risk of OpenLDAP / Linux admins retrieving the password before reaching SSHA module.

    23 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  5. workday: allow writeback of matching user employee id from different ERP system

    The Workday Writeback connector needs the capability to writeback a users emplid from an adjacent ERP system. We are using WD HCM and WD financials, and we are using Peoplesoft Campus Solutions for student information system. We need a way to write the Peoplesoft Employee ID back to workday into a custom workday attribute.

    20 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add ability to select Microsoft Adresses in Named Locations

    I'm trying to limit our service accounts access to Azure services, so they are only allowed to logon to Azure services from the actual location they are used.

    I also have a number of service accounts used in Azure ´to login to another azure service (Think it's some click dimentions, used to login to some CRM/Dynamics). These service accounts login from Microsoft IP Adresses.
    It would be nice if it was possible to select Microsoft IP addresses as a named location, and maybe also other cloud providers amazon, google ect.
    I have downloaded a lidt of all Microsofts public IP…

    27 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure AD SSO with SAML2.0 should support the Relay State parameter

    SP-initiated SSO is working fine, but we're interested in doing IDP-initiated SSO with a RelayState. Our goal is to provide a seamless SSO experience for the user so that they can SSO from our application directly into an Azure component (Azure Synapse, Azure Data Factory, etc.) without having to first enter their UPN on the Azure AD login page. This feature is supported in AD, but not Azure AD.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. 16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  9. Fix tab order for B2C login

    Please fix the tab order for B2C logins. Currently tab goes from the username field to the "Forgot your password" link. It should go from username to password.

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  10. Include custom attribute store as in ADFS

    Azure AD doesn't support use of Custom attribute store for claim processing as in ADFS. In ADFS, I can have logic (say derive location based on incoming IP from a table/excel sheet) in custom attribute store and fetch that data during claim transformation

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add Provision on demand for Groups

    There is a provision on demand option which has provided the ability to provision user on demand, but as I'm currently trying to troubleshoot a group provisioning issue to ServiceNow, I could really do with a provision group on demand rather than have to wait the three days the logs indicate it will be before this specific group is retried

    27 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning to Applications  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow Azure administrator to send a push notification to user and verify it is approved.

    Being able to manually send a push notification to end users is a good way of verifying someone's identity (such as during a helpdesk password reset). It's also helpful in troubleshooting issues or confirming successful configuration of the MFA app.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. dynamic membership for administrative units

    Managing user memberships for administrative units should be make possible by dynamic membership!

    So for instance the memberships should be auto-updated based on the department field of the user. (or any other attribute)

    49 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Groups/Dynamic groups  ·  Flag idea as inappropriate…  ·  Admin →
  14. Programmatically adjust admin consent requests

    As an MSP, we have lots of clients which we manage as a delegated admin (70+ active 365 tenants). Microsoft brought in the adjustment to automatically disable users to consent to access to company data from 3rd party apps (Which is a good thing).

    Without the ability to adjust the 'admin consent' setting programmatically is not practical. Therefore there should be an option to use Powershell or MSGraph to adjust and configure the 'admin consent' settings, including selecting the global admin responsible, the email notification and the expiry of the request. (Screen shot added for detail)
    The section I am…

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow users to personalize their MyApps portal

    Implement the possibility for users to personalize their MyApps user experience by making it possible for them to hide and unhide tiles on their MyApps portal of applications that they don't use and make it possible for them to rearrange tiles, so that their often used applications can always be accessed directly from the top of the page.

    25 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  MyApps portal  ·  Flag idea as inappropriate…  ·  Admin →
  16. Eliminate delays when activating the SharePoint Administrator role in PIM.

    Currently it can take up to 1 hour or more to wait for permissions to be propagated in the SharePoint environment after activating the SharePoint Administrator role. Logging out, closing all browser windows -- nothing helps.

    This results in lost work time for administrators that require these permissions to do their daily job. And is even worse when there is an issue during off-hours. It does not help your relationship with a business client to tell them that you have to wait for the system to "kick in" and cannot provide an estimate for how long that may take.

    Any…

    83 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  13 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Ability to prevent users from approving themselves

    Ability to block users from reviewing their own access. In other words, if one user is a member of a group, but they are also a reviewer, it should be possible to prevent that specific user from providing feedback on their own membership.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  18. Support PIM for service principals

    We apply and update our Azure infrastructure through a CI workflow with ARM templates. To do this the CI authenticates with a service principal.

    We often deploy resource-group wide or subscription-wide deployments which require Owner or Contributor permissions to apply ARM templates. To up the security we would like support for PIM both through the CLI and for service principals.

    This way we can tell something is wrong if suddenly our CI is assigned the "owner" role and we have not run a CI job for a while.

    54 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  4 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow a multi-tenant application registration to default to hidden in myapps

    By default, every multi-tenant app that is signed into will display on the myapps portal. Some multi-tenant application registrations are not meant to be signed into directly such as ones that use device code auth flow.

    It would be very desirable to allow the author of a multi-tenant app registration to add a value to the app manifest (or through the UI) to change the default behavior and hide the app from MyApps by default.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  MyApps portal  ·  Flag idea as inappropriate…  ·  Admin →
  20. Audit sign-ins from CSP

    Currently, for an end-customer in CSP, there's no way to track sign-ins by partners.

    Users from a partner with the Admin Agent or Helpdesk Agent role can access a customer tenant. The authentication will be done against their partner Azure AD, not the customer Azure AD. Therefore, a customer won't see the sign-ins in the Azure AD Sign-in Activity Reports. This is a major issue, as customers need to know who's accessing their infrastructure/data for auditing purposes.

    Please include partner sign-ins in the customer tenant reporting, comparable with Azure B2B accounts.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  CSP  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 252 253
  • Don't see your idea?

Feedback and Knowledge Base