Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Conditional access policies to block specific versions of windows
We need the ability to apply Azure Conditional Access policies to specific Windows OS versions (XP, 7, 8, 8.1 and 10)
While Azure Conditional Access policies can be currently applied to Windows, this includes all Windows operating systems. We need the ability to apply them to specific Windows OS versions as XP, 7 and 8.
Having this functionality would allow for example to block Windows XP, 7 and 8 devices through CA policies, forcing users to use a safe, updated and supported OS.
20 votes -
Prompt users for account selection when opening different applications federated across multitenant environments in the same browser
Our client has multiple Azure AD environments (dev, tst, stg, prod) which act as IDP for their applications which are mapped 1:1 (SP Dev env is integrated with AAD Dev, etc). When a user logs into an application that is federated using AAD Prod, then opens a new tab in the same browser and tries to access an application that is federated using AAD Dev, Stg, or Tst, they are not prompted to select their lower environment account or enter credentials. Instead, they are being directly signed into the AAD lower env using prod credentials which is causing an access…
16 votes -
Pronouns available across services
Please add an optional Pronoun field to a user object type. Ideally, this would be able to be used across M365, such as in SharePoint About Me pages, in Contact Card experiences across Outlook and Teams, etc.
48 votes -
Give customers option to exempt Foreign Principal from conditional access policies
Foreign Principals access the customer tenants through Partner Center. Customers are currently unable to exempt the Foreign Principal account from conditional access policies like they can for regular users. Subjecting Foreign Principals to conditional access policies can create insurmountable hurdles because the Foreign Principal is from outside the organization and depends on Partner Center for access. Please give customers the option to exempt the Foreign Principal account from conditional access policies in Azure AD.
20 votes -
Disable user's ability to change password (via cloud/portals) disable service self for any one
Disable reset password :https://account.activedirectory.windowsazure.com/ChangePassword.aspx
for all students44 votes -
Enable OATH / Hardware Token as Second Factor in GCC High Environment
Currently the Commercial Clouds support OATH hardware tokens (pre-programmed tokens that can serve as the second factor in MFA). This feature is sorely needed in GCC High as there are times when a user must login from a location where their phone is not available. Please add MFA/hardware token support to GCC High.
11 votes -
Fix tab order for B2C login
Please fix the tab order for B2C logins. Currently tab goes from the username field to the "Forgot your password" link. It should go from username to password.
24 votes -
Add an additional less complicated data restore option that would allow the Azure support team to manage an AADDS restore
In general, today an extensive AADDS backup and restore option exists and we worked with both the support group as well as the Product group to utilize this recently. Due to the complexity of this restore we would like to request the following:
A more targeted restore that would allow for a restore/backup of the Domain Services data rather than an entire infrastructure DR type restore that would be in general a simpler second option.28 votes -
Fix Conditional Access Bug, wich prevents Teams to be excluded
Within Conditional Access ( CDA ), you will be able to include office 365 and exclude dedicated apps, like sharpoint.
But the exclude feature is not working with Teams, as described in Microsofts own documentation.Our Intention is to block Office 365 Web Apps, except to Teams.
With the conditional access configurd with
- Teams as exception
or
- Teams and all dependend apps, like documented by Microsoftthe rule will not be applied successfully.
Teams still kept blocked, while the dependend Apps like SharePoint were still wörking, from out the same CDA rule.
MS documentaion to exclude office apps
…9 votes -
workday: allow writeback of matching user employee id from different ERP system
The Workday Writeback connector needs the capability to writeback a users emplid from an adjacent ERP system. We are using WD HCM and WD financials, and we are using Peoplesoft Campus Solutions for student information system. We need a way to write the Peoplesoft Employee ID back to workday into a custom workday attribute.
20 votes -
Cross tenant support for managed identity
Please add support for cross tenant use of managed identities. Reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/known-issues#can-i-use-a-managed-identity-to-access-a-resource-in-a-different-directorytenant
18 votesThank you for reaching out to feedback suggestion forum. Please share more information around your scenario/use-case, end goal, what type of tenants/directories etc. this will help us to understand need and design this integration.
-
Azure AD SSO with SAML2.0 should support the Relay State parameter
SP-initiated SSO is working fine, but we're interested in doing IDP-initiated SSO with a RelayState. Our goal is to provide a seamless SSO experience for the user so that they can SSO from our application directly into an Azure component (Azure Synapse, Azure Data Factory, etc.) without having to first enter their UPN on the Azure AD login page. This feature is supported in AD, but not Azure AD.
11 votes -
Add ability to select Microsoft Adresses in Named Locations
I'm trying to limit our service accounts access to Azure services, so they are only allowed to logon to Azure services from the actual location they are used.
I also have a number of service accounts used in Azure ´to login to another azure service (Think it's some click dimentions, used to login to some CRM/Dynamics). These service accounts login from Microsoft IP Adresses.
It would be nice if it was possible to select Microsoft IP addresses as a named location, and maybe also other cloud providers amazon, google ect.
I have downloaded a lidt of all Microsofts public IP…28 votesThank you for sharing your feedback. This is planned and in Azure Active Directory product backlog.
-
Allow Microsoft authenticator to transfer from Android to iphone
Microsoft authenticator to transfer from Android to iPhone. Currently iPhones can only restore Microsoft Authenticator backups from iCloud.
20 votes -
Azure AD Portal - Synced user domain
Would be really helpful for Multidomain forest synced into AD to have visibility of the synced user domain.
We had experience of having synced user not meeting ConfigMgr user for MEM admin portal, and it would had been really easy to identify that user on ConfigMgr was not the synced, if the AD domain would be visible under (synced) user properties, as part of
6 votes -
dynamic membership for administrative units
Managing user memberships for administrative units should be make possible by dynamic membership!
So for instance the memberships should be auto-updated based on the department field of the user. (or any other attribute)
65 votes -
Azure AD role to unblock or block MFA for users
I am unsure if someone posted an idea about this, but is there an existing Azure AD role that allows an administrator to block or unblock MFA for users? As it seems today, only a Global administrator can unblock or block MFA for a user. If there an Azure AD role that does this today, please let me know. Otherwise, it would be nice to incorporate the block/unblock MFA permission with an existing role or create a new one. Just a thought! :)
22 votes -
Tag MFA Methods With Provider Name
Methods displayed on Mysign-in page Securityinfo should be tagged with relevant Provider information (Azure MFA Tenant Name , On-prem MFA server name ..etc ) like its done on the MS Authenticator app to make it easier for end users to distinguish .
6 votes -
Add support for the "@" in the application identifier value
There is an issue with Azure Active Directory App Integration and Development, where users are unable to login to the application through Single Sign-on (SSO) - currently ESTS ignores everything after @ within an application identifier.
Attempting to escape it with %40 also fails.
Please add support for "@" in the application identifier value for Azure Active Directory App Integration.
7 votes -
Add hardware token support in GCC high tenants
Please add hardware tokens support in GCC high tenants.
16 votes
- Don't see your idea?