Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Request for registration of OATH token and connection to user:

    We would like you to allow end users to register OATH token by themselves as well as other multi-factor authentication notifications (i.e. telephone and SMS)

    If our request above is not permitted, please consider the following to reduce the time and effort of the administrator:
    - Registering OATH token information prior to registration of associated user information
    - Connecting the user and OATH token by GUI operation from Azure portal instead of importing CSV
    - No entering authentication code when activating OATH token

    46 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Set MFA using Azure Active Directory Powershell Module

    Add support in Azure Active Directory PowerShell module to set Multi-Factor Authentication (MFA).

    Thanks

    52 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. MFA: remember device permanently (& remember per device, not per app)

    Please:
    1. Remove the 60-day (max) limit on remembering Office 365/Azure MFA authorisation for a device/app.
    2. Make it so that MFA is remembered once per *device* (well, per user account per device), not once per app (for all Microsoft apps that authorise across all kinds of devices).

    Rationale: Having to refresh the MFA authorisation periodically does not add to security, because we already know that the app or device is trusted and if that changes (e.g. device is lost or stolen), the correct procedure to follow is for the admin to immediately revoke the authorisation for the device and/or…

    145 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Combined security information registration (Preview) language issue

    The Combined Security Information Registration outlined in the follow documentation is not functioning as described.

    https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined

    The Language is not pulling from the browser. In my scenario if I set this up using French language and have my German users attempt the process they are receiving the security questions in French and not German. The documentation outlines the language settings are of the computer accessing the page. This is not what I am experiencing.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Conditional access validated prior to password

    Today, authentication validated the password before hitting the conditional access, therefore allow for password sprays to lock the accounts.

    Office 365 and Azure logins should take the password (as we do today), proceed with conditional access, even if the password is wrong, allowing conditional access to block password sprays. Then if the password is incorrect, deny the access or send for approval in the azure app or request the token, whatever is the preferred choice for MFA.

    Hope I was clear...

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. One-time Bypass in Azure MFA Cloud Only

    We need an option to allow for one-time bypass to allow users to reset their MFA if they dont have access to their Authenticator App (phone damaged or lost,stolen). Phone number as backup is not an option

    32 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Reset MFA Authenticator setup as an admin

    For several months now, the "Additional security verification" page (http://aka.ms/setupmfa) from Azure MFA has memorized the Authenticator app and the corresponding device. (See attachment)
    Please offer the possibility to the administrators to remove the old paired device and the associated Authenticator app.

    Reason (for us):
    To configure Windows Hello 4 Business the Authenticator app must be used. Many employees have connected an old device that they no longer own or use.
    We do not have the SMS option set to available, and have set Multi-Factor Auth to Enforced. Using the "manage settings" from the MFA portal is still…

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Show the Country and App/OS that triggered the MFA request via Authenticator app pop up

    If using the Microsoft Authenticator app with App Notifications for Azure MFA requests why can't we also have the Country and App or OS which has triggered the MFA request?

    This will help users from blindly always tapping Approve and also give them more info on what app has requested MFA.

    You can already see this info in the Azure AD sign in and audit logs so why can't it be pushed through to the app pop-ups too?

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. New method for automating onboarding of users in MFA

    Current onboarding mechanism in O365/Azurd AD requires that the users onboard themselves. They can choose MFA-method and telephone number themselves.

    We strongly suggest a new method of automate onboarding for end users. We would like to map telephone number from the organization AD and choose one of the MFA methods as preferred. We also would like to have a option to turn on/off the possibility for end users to change their MFA-profile (MFA method and telephone number).

    The benefit for all customers will be that the CA/MFA solution will be more secure since no onboarding for users can be done…

    37 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Block Azure MFA (cloud) Enrollment from External Networks

    I feel like I have been to the end of Google and back and thought I'd just reach out to this feedback hub.

    We would love the ability to block Azure MFA (cloud) enrollment from external networks with Azure Conditional Access Policies or another method.

    It doesn't look like the "MFA Setup" page is a "Cloud App" to build conditions on...

    My other thought is the ability to build out a dynamic group based on if a user has enrolled, but the Azure Dynamic group queries seem limited at this point.

    48 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Authenticator Backup for Android

    Hello,

    Could we get an update on the back up feature for the authenticator app please? Your article last year stated it was coming soon and the feature doesn't appear to have landed yet. This is effecting the take up of MFA as when people change their device they loose their 2FA tokens.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Improve Azure MFA NPS extension logging

    We had an issue deploying the Azure MFA NPS extension recently as per this thread - https://social.msdn.microsoft.com/Forums/en-US/6fd88b14-8353-4eac-be42-501ce1986c11/troubleshooting-azure-mfa-extension-for-nps-issue?forum=windowsazureactiveauthentication.

    After a number of weeks trying to solve it, we ultimately had to move NPS to new servers as we could not find a solution. This was mainly because the logging from the extension is great when it is functioning relatively normally (successful logons, simple failures like missing certificates, ACCESS-REJECT messages received etc.), but for less well defined failure modes there seems to be a complete lack of useful logging.

    In the case of the above issue, we had verbose logging turned…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow Azure AD Sync to Prepopulate the Authentication Phone Number from an Onpremise AD Object, and prevent users from entering their own.

    Allowing a User to set their own mobile number in MFA, completely negates the purpose of the Technology, in an Azure AD Connect environment.

    For a Secure environment, The Administrator would set the Mobile Number as the source of Truth in Active Directory, and it should prevent a potential attacker, from changing the mobile number as they see fit.

    If a user, who has not registered for Azure MFA yet, credentials are compromised, then an attacker could supply their own Authentication Number, and Azure MFA becomes ineffective.

    We should have the ability to set the Authentication Number in AD, and…

    95 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow Applications to be Protected by MFA through CA

    Allow the following appliations to be protected by MFA through Conditional Access:

    • Office365 Shell WCSS-Client
    • Microsoft Office 365 Portal
    • O365 Suite UX

    These applications are related to the Office Portal.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow users with MFA to login via CLI (az login)

    az login currently does not work with Microsoft accounts or accounts that have two-factor authentication enabled, see: https://docs.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest#az-login

    Following the idea of Infrastructure-as-Code (IaC), we pro-grammatically use `az login` to set up our infrastructure. However, we would highly prefer using user account when running such scripts manually compared to service principals:
    a) Audit logs on Azure should show *who* (= real user) triggered infrastructural changes
    b) MFA-backed accounts are more secure

    See also: https://github.com/Azure/azure-cli/issues/6962

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Azure Multi-Factor Authentication (MFA) - Microsoft Authenticator code reset options

    Provide us with the ability to ensure the MFA code reset password can be chopped up and sent to multiple individuals.

    I.e. the first half of the code gets sent to you and the second half gets sent to the IT Security Manager, System Admin or other Manager.

    Reason being is that I updated my work phone and needed to reset my Microsoft Authenticator code through the authentication web page. I followed the prompts to have it reset and the code was sent to my phone, from there I was able to scan the QR code on the screen and…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Migrating from Azure MFA Server to MFA Cloud

    Need a migration method for migrating from Azure MFA Server to Azure MFA Cloud, without all our users having to re-register.

    46 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Update MFA number using Graph API

    I've seen various articles/requests for the ability to modify MFA number using the Graph API.

    All of these are dated early-mid 2018.

    I have not seen any progress or information that it is possible yet.

    What are the plans/roadmap for this feature? The need is becoming more important for us, and we've been waiting for this.

    Any information would be helpful.
    Thanks, Ricky

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow the creation of custom administrator roles in Azure Active Directory

    Allow the creation of custom administrator roles in Azure Active Directory. In our case we want to assign rights to our helpdesk to allow them to reset users MFA forcing them to proof up. The Authentication Administrator role allows for this but also grants too many other permissions that we don't want to give. Creating a custom role allowing for just MFA reset would resolve this

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. 28 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 13 14
  • Don't see your idea?

Feedback and Knowledge Base