Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow Conversion of AD Synced Accounts to "In Cloud Only"

    Up until recently, we were able to convert a user which was AD Synced to a cloud account by moving it to an OU in AD which was not synced.
    After the next sync, Office 365 would move it into the deleted folder. If you recover it, it goes into a cloud account. As of a few weeks ago, Microsoft disabled this.

    Looking at countless threads around the internet, and speaking with representatives from Microsoft Office 365 support, everyone is frustrated with this change, and wants it changed back to the way it was.

    479 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    90 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →

    We are aware of the requirement to be able to convert a synced user to cloud only and are designing that feature, but we have no timelines to share right now.
    We reverted the change that would block the “hack” to delete and restore a user to change a user to “Cloud Only”.

  2. Need to be able to distinguish Federated and PTA/PHS Login

    Need to be able to distinguish Federated and PTA/PHS Login while in the process of migrating users with staged rollout feature.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  3. Azure AD Cloud Provisioning: Add support for Exchange Hybrid

    Currently Cloud Provisioning does not support Exchange Hybrid. This makes syncing disconnected forests much harder, especially when the foreign domain involves Exchange Hybrid.

    When using Cloud Provisioning, currently Exchange has to be migrated using third party tools and in a "big bang" migration. Support for Exchange Hybrid would allow a slower move of exchange and thus an easier and faster rollout of Cloud Provisioning

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  4. ADSync Cmdlets Fail with Remote PowerShell

    The ADSync cmdlets do not work with remote PowerShell. A command such as Get-ADSyncRunProfileResult works fine when executed on the computer with an interactive logon but fails when run using WinRM with Invoke-Command or Enter-PSSession.

    When called with Remote PowerShell the cmdlets fail when establishing a connection to net.pipe://localhost/ADSyncManagement.

    Since WMI was taken away, we really need a way to access the ADSync module without having to logon interactively.

    Here is the error:

    Invoke-Command -ComputerName myAADConnectServer -ScriptBlock {Get-ADSyncRunProfileResult}

    There was no endpoint listening at net.pipe://localhost/ADSyncManagement that could accept the message. This is often caused by an incorrect address or SOAP…

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  5. All AzureAD Connect modules & scripts should be signed by Microsoft

    In more restrictive environments powershell execution policy set to "AllSigned" is quite common.
    Currently (AzureAD Connect Version 1.5.42.0) not all script/configuration files of AzureAD Connect Wizard are digitally signed by Microsoft. ADSYnc.psd1 is signed but AADConnector.psm1 is not signed.
    -> Please sign all your Powershell script/configuration you deliver with AzureAD connect.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  6. AAD Connect Cloud Provisioning: Add support for password writeback

    Currently Cloud Provisioning does not support password writeback, so using Azure AD SSPR with on-Prem synched passwords is not possible.

    Would be great to have that as one of the first enhancements of Cloud Provisioning

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  3 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure MFA requests are the same for all apps. I would like the ability to set some apps to require MFA with each login but not for all the a

    I would like to be able to set the MFA requirement per application and not globally. Same for caching tokens, to be set per application.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  8. Sync Dynamic Security groups to On Prem AD

    I would like to see Azure AD Dynamic groups be synced to on Prem AD. Currently you can sync distribution groups but not security groups. I would love to be able to set up dynamic groups and have my on prem groups reflect changes to things like position changes while staying synced with their counterparts in the cloud.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  9. Sync onPrem AD OUs to AAD Administrative Units

    Managing membership of AAD administrative units for any large group with regular churn has a high amount of administrative overhead for keeping that membership up to date. With no dynamic membership for administrative units currently, users have to be added/removed manually via powershell. It would be convenient if azure active directory connect sync'd on-prem AD OUs and their membership --> populated AAD administrative units. As rights delegation often occurs at the OU level in on-prem AD similar to how administrative units function with delegated roles, the structure for scoping already exists for distinct user populations within the org.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  10. Account Lockout sync to Azure AD

    Any chance to sync account lockout on-primise attribute to AzureAD. If on-premise AD account get lockout, user can still access the cloud service externally.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  11. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  12. Stop using MD5 when FIPS mode is on.

    The article says it's for compatibility. FIPS mode is domain wide. This means it is disabled for all machines and there is no other machine running MD5 that you would need to be compatible with. If you are using SHA256 later in the chain, just skip the MD5 step and use SHA256 all the time. This will allow Azure AD Connect to operate correctly in a FIPS environment.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  13. Writeback of directory fields to On-premise

    To enable use of tools like Power Platform connector we need the ability to write back organizarion and directory information. Names, addresses, managers, etc should be updatable both on-prem and in the cloud from both Azure AD and Exchange.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure AD Cloud Provisioning: Add support for device sync

    Currently devices are not synchronized by Cloud Provisioning, not having that makes it unable to do Win10 hybrid device join as the computer need to authenticate to AAD.

    From my point of view this is the Nr. 1 topic to implement.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  15. swiftui and MSAL

    Please add SwiftUI sample to MSAL samples. I can see only storyboard samples in the MSAL projects. It will help developers to hook new iOS 14 to Azure much easier.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  16. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  17. this sucks

    this sucks

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  18. Fix feedback email address for AD Connect troubleshooting script

    The AD Connect troubleshooting script displays a notice saying "Please send any feedback, comment and suggestions by email to: troubleshootaadc@microsoft.com"

    Attempting to email that address results in a non-deliverable message stating the below:

    "Your message to syncenginedev@microsoft.com couldn't be delivered.

    The group syncenginedev only accepts messages from people in its organization or on its allowed senders list, and your email address isn't on the list."

    I'm not sure if the message wasn't delivered at all, or if the "syncenginedev" group is just a member of "troubleshootaadc@microsoft.com" and it was delivered but not to that specific group member,…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  19. BUG: Azure AD Connect troubleshoot scripts fail if on-prem CN contains a comma

    When running the object synchronization troubleshooting scripts you are required to enter the DN of the on-prem object you're troubleshooting. If the object CN contains a comma (for example Lastname, Firstname) it is escaped in the DN using a backslash. When exporting the report it then fails because it is trying to create a path using the DN as the filename, which fails because of the extra backslash. The script should recognize that the filename contains an escaped character and remove it before generating the report path.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  20. Enable notification and tracking on AD connect configurations. Send automatic notification as and when AD configuration updated

    Yum uses the Azure Active Directory globally and any changes on Azure Connect configuration make huge impact globally. There are too many administrator that can make changes on that because of global nature. And general change management process doesn't help to track what changes being done Azure Connect. would it be possible to configure automatically notification whenever any configuration changes happened on Azure AD connect and send it to support team ?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7 8
  • Don't see your idea?

Feedback and Knowledge Base