Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Pronouns available across services
Please add an optional Pronoun field to a user object type. Ideally, this would be able to be used across M365, such as in SharePoint About Me pages, in Contact Card experiences across Outlook and Teams, etc.
39 votes -
Disable user's ability to change password (via cloud/portals) disable service self for any one
Disable reset password :https://account.activedirectory.windowsazure.com/ChangePassword.aspx
for all students43 votes -
Add an additional less complicated data restore option that would allow the Azure support team to manage an AADDS restore
In general, today an extensive AADDS backup and restore option exists and we worked with both the support group as well as the Product group to utilize this recently. Due to the complexity of this restore we would like to request the following:
A more targeted restore that would allow for a restore/backup of the Domain Services data rather than an entire infrastructure DR type restore that would be in general a simpler second option.27 votes -
Password sent from MIM to OpenLDAP is not hashed
MIM is sending Passwords to OpenLDAP in a clear text instead hashing. Encrypting it at the target (OpenLDAP) using a SSHA password store scheme module which still opens up a risk of OpenLDAP / Linux admins retrieving the password before reaching SSHA module.
23 votes -
workday: allow writeback of matching user employee id from different ERP system
The Workday Writeback connector needs the capability to writeback a users emplid from an adjacent ERP system. We are using WD HCM and WD financials, and we are using Peoplesoft Campus Solutions for student information system. We need a way to write the Peoplesoft Employee ID back to workday into a custom workday attribute.
20 votes -
Add ability to select Microsoft Adresses in Named Locations
I'm trying to limit our service accounts access to Azure services, so they are only allowed to logon to Azure services from the actual location they are used.
I also have a number of service accounts used in Azure ´to login to another azure service (Think it's some click dimentions, used to login to some CRM/Dynamics). These service accounts login from Microsoft IP Adresses.
It would be nice if it was possible to select Microsoft IP addresses as a named location, and maybe also other cloud providers amazon, google ect.
I have downloaded a lidt of all Microsofts public IP…27 votesThank you for sharing your feedback. This is planned and in Azure Active Directory product backlog.
-
Azure AD SSO with SAML2.0 should support the Relay State parameter
SP-initiated SSO is working fine, but we're interested in doing IDP-initiated SSO with a RelayState. Our goal is to provide a seamless SSO experience for the user so that they can SSO from our application directly into an Azure component (Azure Synapse, Azure Data Factory, etc.) without having to first enter their UPN on the Azure AD login page. This feature is supported in AD, but not Azure AD.
10 votes -
Cross tenant support for managed identity
Please add support for cross tenant use of managed identities. Reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/known-issues#can-i-use-a-managed-identity-to-access-a-resource-in-a-different-directorytenant
16 votesThank you for reaching out to feedback suggestion forum. Please share more information around your scenario/use-case, end goal, what type of tenants/directories etc. this will help us to understand need and design this integration.
-
Fix tab order for B2C login
Please fix the tab order for B2C logins. Currently tab goes from the username field to the "Forgot your password" link. It should go from username to password.
13 votes -
Include custom attribute store as in ADFS
Azure AD doesn't support use of Custom attribute store for claim processing as in ADFS. In ADFS, I can have logic (say derive location based on incoming IP from a table/excel sheet) in custom attribute store and fetch that data during claim transformation
9 votes -
Add Provision on demand for Groups
There is a provision on demand option which has provided the ability to provision user on demand, but as I'm currently trying to troubleshoot a group provisioning issue to ServiceNow, I could really do with a provision group on demand rather than have to wait the three days the logs indicate it will be before this specific group is retried
27 votesThanks for the feedback. We plan to support this.
/Arvind
-
Allow Azure administrator to send a push notification to user and verify it is approved.
Being able to manually send a push notification to end users is a good way of verifying someone's identity (such as during a helpdesk password reset). It's also helpful in troubleshooting issues or confirming successful configuration of the MFA app.
9 votes -
dynamic membership for administrative units
Managing user memberships for administrative units should be make possible by dynamic membership!
So for instance the memberships should be auto-updated based on the department field of the user. (or any other attribute)
49 votes -
Programmatically adjust admin consent requests
As an MSP, we have lots of clients which we manage as a delegated admin (70+ active 365 tenants). Microsoft brought in the adjustment to automatically disable users to consent to access to company data from 3rd party apps (Which is a good thing).
Without the ability to adjust the 'admin consent' setting programmatically is not practical. Therefore there should be an option to use Powershell or MSGraph to adjust and configure the 'admin consent' settings, including selecting the global admin responsible, the email notification and the expiry of the request. (Screen shot added for detail)
The section I am…6 votes -
Allow users to personalize their MyApps portal
Implement the possibility for users to personalize their MyApps user experience by making it possible for them to hide and unhide tiles on their MyApps portal of applications that they don't use and make it possible for them to rearrange tiles, so that their often used applications can always be accessed directly from the top of the page.
25 votes -
Eliminate delays when activating the SharePoint Administrator role in PIM.
Currently it can take up to 1 hour or more to wait for permissions to be propagated in the SharePoint environment after activating the SharePoint Administrator role. Logging out, closing all browser windows -- nothing helps.
This results in lost work time for administrators that require these permissions to do their daily job. And is even worse when there is an issue during off-hours. It does not help your relationship with a business client to tell them that you have to wait for the system to "kick in" and cannot provide an estimate for how long that may take.
Any…
83 votes -
Ability to prevent users from approving themselves
Ability to block users from reviewing their own access. In other words, if one user is a member of a group, but they are also a reviewer, it should be possible to prevent that specific user from providing feedback on their own membership.
9 votes -
Support PIM for service principals
We apply and update our Azure infrastructure through a CI workflow with ARM templates. To do this the CI authenticates with a service principal.
We often deploy resource-group wide or subscription-wide deployments which require Owner or Contributor permissions to apply ARM templates. To up the security we would like support for PIM both through the CLI and for service principals.
This way we can tell something is wrong if suddenly our CI is assigned the "owner" role and we have not run a CI job for a while.
54 votes -
Allow a multi-tenant application registration to default to hidden in myapps
By default, every multi-tenant app that is signed into will display on the myapps portal. Some multi-tenant application registrations are not meant to be signed into directly such as ones that use device code auth flow.
It would be very desirable to allow the author of a multi-tenant app registration to add a value to the app manifest (or through the UI) to change the default behavior and hide the app from MyApps by default.
7 votes -
Audit sign-ins from CSP
Currently, for an end-customer in CSP, there's no way to track sign-ins by partners.
Users from a partner with the Admin Agent or Helpdesk Agent role can access a customer tenant. The authentication will be done against their partner Azure AD, not the customer Azure AD. Therefore, a customer won't see the sign-ins in the Azure AD Sign-in Activity Reports. This is a major issue, as customers need to know who's accessing their infrastructure/data for auditing purposes.
Please include partner sign-ins in the customer tenant reporting, comparable with Azure B2B accounts.
8 votes
- Don't see your idea?