Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Need some way to deal with: "AADB2B_0001 : We cannot create a self-service Azure AD account for you because the directory is federated"

    Not all B2B invites can be redeemed successfully. Failures happen for reasons that are out of the inviters control (leading to an inability to fix the problem) and are not predictable (leading to poor user experience).

    I suspect this problem happens most frequently when a partner organization bungles taking ownership of their tenant. MSFT needs to make it much harder for people to render their production tenant in such a disfunctional state.

    63 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  2. B2B direct federation Custom IDP support for multiple target domains

    B2B direct federation documentation mentions it is only allowed for policies where the authentication URL’s domain matches the target domain, or where the authentication URL is one of these allowed identity providers (this list is subject to change): accounts.google.com pingidentity.com login.pingone.com okta.com oktapreview.com okta-emea.com my.salesforce.com federation.exostar.com federation.exostartest.com

    I have a case where my custom IDP need to support more than one target domain. My company works with number of small member organizations who does not have IT department to implement custom IDP. we would like to support all of them. Please add this feature to custom IDP implementation.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  3. Update UPN/Mail of B2B account

    Add possibility to update mail / UPN of Azure Guest account. That is required if mail of host user has been changed.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  4. Send As Option for B2B Invite Email

    Different Admins create B2B accounts so the invite emails will have a different sender which also displays the Admin account details.

    Send As option would allow a consistent name to be displayed for all B2B invites - shared mailbox for example which also prevents privileged account E-Mail Address details from being included in the email

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  5. View organizations where users are guest member

    Users can be guest member in different organizations. The user can view the organisions where they are guest member in https://account.activedirectory.windowsazure.com/r#/profile/organizations#organizations-section. But as a global admin I'm unable to view the guest memberships of a user in other Tenants. I would like to be able to view the organizations memberships of users and/or create an export of all users and their organizations memberships.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  6. Please reconsider removing support for redemption of invitations by creating unmanaged Azure AD accounts

    Per your Azure B2B documentation "Starting March 31, 2021, Microsoft will no longer support the redemption of invitations by creating unmanaged Azure AD accounts and tenants for B2B collaboration scenarios. In preparation, we encourage customers to opt into email one-time passcode authentication."

    This is a big issue for us because we develop SaaS applications and use this feature to create accounts for users that don't have Azure AD accounts. The passcode authentication that you recommend instead offers suboptimal user experience since access to email is required to sign in. I cannot imagine our customers being happy without option to create…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow B2B Guest users to authenticate on Windows 10 Azure AD joined Devices

    Allow B2B collaboration users (Guest users who signs in with an account that's managed by another Azure AD directory) login into Azure AD Windows 10 joined devices.

    Use case: Collaboration between an educational institution and a public library. Adding student Azure AD (AAD) accounts from the educational institution as AAD Guest accounts in the public library AAD tenant would allow students to use their educational institution AAD credentials to login into the public library Windows 10 AAD joined devices.

    31 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  8. Permit OTP for users who do have a corresponding Azure AD account

    We sometimes encounter situations where a user may actually have an existing Azure AD account (in another tenant) or and MSA - but we want to invite them as an OTP user.

    The reason for this - using the existing AAD account as an example - is that this may be an account that is the product of some abandoned POC that this other org did. And as a result, the user does not know the password and SSPR may not be enabled. The result is that the user is unable to redeem a non-OTP invite.

    For best flexibility, maybe…

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  9. Assigning roles to B2B Guest Users - M365 Workloads

    The owner of a CSP (Cloud Solution Provider) subscription must be associated to a specific tenant, and we want to keep our main corporate tenant separate for security purposes. We intended to invite necessary corporate users (or partner accounts) via B2B and allocate CSP roles to them.

    This (allocation of roles to B2B users) is currently impossible due to each M365 workload (EXO, SharePoint, etc) not yet support assigning roles to B2B users.

    As a result, we may have to maintain separate identities -- possibly for each of our customer's CSP tenants -- which is highly inconvenient and can represent…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  10. Show accounts in 'Delete/block accounts not used in last 30 days'

    SecureScore does not tell you which accounts are not used in the last 30 days, and there is no way to find out. It only says "You have XX accounts that have not been used in the last 30 days."

    Please include an easy way to show which accounts are not used. The suggested Powershell script does not do the job correctly, and is not very userfriendly.

    Ideally, i would like a notification if a useraccount has been unused for xx days.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  11. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  12. Guest invitation sender email customization

    Currently when Guest user is created in Azure AD invitation is ent to guest using "invites@microsoft.com" email address and due to this sometimes guest users ignore this email as spam. Instead of @microsoft.com domain , can we use our own company domain email here?

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add all options to bulk user import as well

    With Guest user invitation I can set user name, group, role, job title as well, with bulk import I do not have these options.
    I especially miss the group option, since I want to add them to a group during the invitation step, so I do not have to revisit the users and assign them afterwards.
    With bulk import it actually takes more time to import users because of this.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  14. B2B Scenario - the B2B Guest User should use the MFA or their autheticating tenant

    In a B2B scenario, I share information on ODfB or SPO with external users from another tenant and require MFA ot access this information.
    The B2B user would need to enroll into the MFA for my tenant, even though he already is setup to use MFA in his tenant. This would result in multiple Authenticator accounts for the same orignal Azure Account.
    I would expect the Service hosting Azure AD to accept the MFA of the users home tenant.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  15. Invite redemption url get

    We are able to invite new guest users into our AD Tenant using either PowerShell or Graph API. Using this approach we may choose not to send the Invitation E-Mail, in which case we would get the Invitation Redemption URL and we can send it to the "guest" in any way we choose allowing us to better control the first step of the overall invitation experience.

    The issue is that once we get the URL, we have no way to retrieve that URL back in the future. It is up to us to save that URL for future use or…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  16. Automatically sync users from one Azure AD to Azure AD

    Hi,

    Can we have an inbuilt Azure AD functionality to sync user from one or multiple azure ad to a central Azure AD (shared tenant) so that it removes the overhead burden of creating and deleting user in central Azure AD.

    You already have the concept ready it's just you need to provide an in-house functionality. (https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/scim-graph-scenarios)

    Also the available functionality like whitelisting the complete domain in B2b is not of great help because users leaves the home tenant and we don't have any sign of it also we need additional attribute like (Phone No. / Country /…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  17. Custom userinfo endpoint for Azure AD B2B

    We need to be able to override the userinfo endpoint in the tenant's OIDC metadata file. In our case we need the userinfo endpoint to be able to return userinfo from multiple sources. The current endpoint (https://graph.microsoft.com/oidc/userinfo) naturally only returns data from Azure AD. Our custom userinfo endpoint would be an api that we develop and host ourselves, protected with Azure AD. This would allow us to stay compliant with OIDC at the same time as we would get to customize userinfo to a greater extent, and even return aggregated userdata from multiple sources (such as LOBs)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  18. Set a due date for guest users

    Currently there are a lot of unneeded guest users in Azure AD.
    So I want to set a due date for guest users.

    For instance, Guest users don't sign in for 90 days, it is deleted or blocked automatically.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  19. I would like to restrict access Guset users who are Microsoft Account

    when I invite guest users, if he or she has both Microsoft Account and Work or School Account (has same upn), he or she can select which one user to access my tenant's resources.

    In order to strengthen a security, I would like to restrict access to Microsoft Account but Azure AD does not have this feature.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  20. For the user export function, I would also need the column source, especially for guest users this is a key attribute.

    For the user export function, I would also need the column source, especially for guest users this is a key attribute.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base