Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow Guest users to change their MFA

    Guest (B2B) users should be able to reset/change their MFA options. Currently when a guest user gets a new phone, they have no way to fix the Authenticator app. Currently Guest can only try and find a contact at the tenant org and have them reach out to IT in order to reset. This is very confusing for all users.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  3. Guest account registration french translation issue

    Guest account registration
    When we register a guest account in Azure Active Directory, the text of the autorizations revision is not the same en fr-FR and fr-CA. In fr-CA, the word Photos is plural and this is incorrect and not well received by users. Only the profile photo is accessible. In fr-FR, photo is singular.

    I think that, for all languages versions, the text should be more specific saying «Your profile photo» / «Votre photo de profil». Guests don't want to share too much information.

    Thanks

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  4. 451123828@ minia3.moe

    نسيت كلمة السر

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow customization for OTP account verification code email

    The OTP email that is sent once daily to OTP Azure B2B guests is, quite frankly, ugly. We would like to brand this email with our firm's logo as well as put some friendly language that specifies what application they're trying to sign into so it does not look as much like a phishing email. Please allow us to customize this email and make it more friendly looking as opposed to a very operational security email that may confuse less-than-savvy users.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  6. Need some way to deal with: "AADB2B_0001 : We cannot create a self-service Azure AD account for you because the directory is federated"

    Not all B2B invites can be redeemed successfully. Failures happen for reasons that are out of the inviters control (leading to an inability to fix the problem) and are not predictable (leading to poor user experience).

    I suspect this problem happens most frequently when a partner organization bungles taking ownership of their tenant. MSFT needs to make it much harder for people to render their production tenant in such a disfunctional state.

    86 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  7. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  8. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  9. B2B direct federation Custom IDP support for multiple target domains

    B2B direct federation documentation mentions it is only allowed for policies where the authentication URL’s domain matches the target domain, or where the authentication URL is one of these allowed identity providers (this list is subject to change): accounts.google.com pingidentity.com login.pingone.com okta.com oktapreview.com okta-emea.com my.salesforce.com federation.exostar.com federation.exostartest.com

    I have a case where my custom IDP need to support more than one target domain. My company works with number of small member organizations who does not have IT department to implement custom IDP. we would like to support all of them. Please add this feature to custom IDP implementation.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  10. Fix New guest user invite SharePoint MFA

    Right now if you invite a new guest user through SharePoint with a conditional access policy enabled the guest will get an error the first time they try to setup MFA on the tenant they are invited to. If they try to set it up a second time the error is gone and they are able to setup MFA.

    Please fix this issue.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  11. Hide BitLocker key from the users

    Bitlocker encryption keys are found on laptops running windows on https://myaccount.microsoft.com/device-list. These can be abused either by an attacker with access to the machine, or by the final user since it has everyone read permissions on icacls. Furthermore a privilege escalation is possible by reconecting the disk to another computer and change files in order to achieve persistance and higher privileges, since the final user has is bitlocker keys, he can decrypt and see/change other files in another computer.

    Details:

    https://sec-consult.com/en/blog/2019/04/windows-privilege-escalation-an-approach-for-***********-testers/

    A machine that does not encrypt the Windows partition and allows booting from CD, USB or a pre-boot…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  12. One-time passcode authentication for B2B guest users - Is it possible to reduce user session expiry time from 24 hours

    While reviewing the public preview feature of One-time passcode authentication for guest users, it was observed that the guest user session expires only after 24 hours. This seems to be a longer window and we will prefer to have the user session time to be something like 8 or 9 hours. The guests will be signing in from their environment and we don't know how secure their environment is and how secure is the email account that they are using. Leaving the user session open for 24 hours seem to be risky and we will prefer to have an option…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  13. Reset my guest account - to fix post migration lost B2B access

    URL in AAD where a user can reset their guest account access. We've just gone through a tenant migration and the manual nature of the reset process is painful. It's basically a Delete and Re-invite process to the same e-mail address that is already in AAD.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  14. Proper error-code and messages in the Invite redemption failed page

    We use the Graph API to register users, send Invite link to user. User opens the link, grants permission to application to access the data, and from then on user will be able to access our application using the Azure Single Sign-on.

    Currently, while signing-up(opening the Invite link), in case of any problem, it shows a Request ID, Co-relation ID, and Timestamp.
    It would be better if an error message and error code too can be displayed in this page. This would be really helpful for us. As of now we need to reach out the Azure support team for…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add B2B collaboration and Guest Access for GCC-H

    Please add the ability for GCC-H users to add Guests into Microsoft Teams or provide a way to add them into Azure AD as organizational Guests in GCC-H. This capability was a selling point while using the commercial version, but now we are trying to work around this issue. Please implement this feature as soon as possible.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  16. Please reconsider removing support for redemption of invitations by creating unmanaged Azure AD accounts

    Per your Azure B2B documentation "Starting March 31, 2021, Microsoft will no longer support the redemption of invitations by creating unmanaged Azure AD accounts and tenants for B2B collaboration scenarios. In preparation, we encourage customers to opt into email one-time passcode authentication."

    This is a big issue for us because we develop SaaS applications and use this feature to create accounts for users that don't have Azure AD accounts. The passcode authentication that you recommend instead offers suboptimal user experience since access to email is required to sign in. I cannot imagine our customers being happy without option to create…

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  17. Update UPN/Mail of B2B account

    Add possibility to update mail / UPN of Azure Guest account. That is required if mail of host user has been changed.

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  18. OTP: Allow a guest and a contact with same email address

    Guest Account is not able to sign-in with OTP if an Exchange online contact exists with the same email address and the guest tries to sign-in to the my apps portal.
    Error “AADSTS50020
    If the guest use the link from the invitation he received by email, there is no issue.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  19. B2B Scenario - the B2B Guest User should use the MFA or their autheticating tenant

    In a B2B scenario, I share information on ODfB or SPO with external users from another tenant and require MFA ot access this information.
    The B2B user would need to enroll into the MFA for my tenant, even though he already is setup to use MFA in his tenant. This would result in multiple Authenticator accounts for the same orignal Azure Account.
    I would expect the Service hosting Azure AD to accept the MFA of the users home tenant.

    95 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  20. Force OTP method for B2B for certain organisation to mitigate double MFA

    The OTP method in preview works well. We want to avoid the heaviness of B2B with MFA setup where OTP to a trusted domain is sufficient given they have their own MFA etc. (perhaps not available to gmail/msa accounts.)

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7
  • Don't see your idea?

Feedback and Knowledge Base