Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

We have a new log in experience integrated with Azure AD, and we strongly recommend you log in with your Azure AD (Office 365) account. If your UserVoice account is the same email address as your Azure AD account, your previous activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable SSPR to reset Windows cached credentials

    In reference to - https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-sspr-windows

    Its great that SSPR can now be invoked from the login screen. This however seems like a relatively minor benefit to the average user since most have a mobile device with which they can follow the flow. I don't mean to demean the achievement since its definitely needed. However, what is a major issue (and which generates just as many support issues (and erodes IT credibility) as no SSPR at all) is the lack of SSPR for cached credentials when users are off the network/VPN. This happens to be the most common use case we…

    73 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  2. Update or remove the CAPTCHA verification in the SSPR

    The CAPTCHA verification in the initial SSPR portal page is most of the time really hard to read and it take 4-5 attempts to actually start the password reset or account unlock process and this frustrates our end-users.

    I understand the reason the CAPTCHA is there but maybe replace it by the reCAPTCHA with images instead of those hard to read letters.

    Ps. the current captcha is case-sensitive but there are no info in SSPR to highlight that :(

    23 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  3. SSPR - Allow user unlock from the windows 10 logon screen.

    You recently implemented the password reset from the Windows 10 logon screen. However, the possibility of unlocking the user when they remembered the password was lacking.

    I remember that this functionality already exists through the MIM or Azure reset link.

    82 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  4. Granular options for Self Service Password Reset Factors

    It would be nice to be able to configure self service password reset MFA with as much granularity as application MFA policies.

    1) Restrict what factors you can use based on trusted device, network location, etc.

    2) Specify different policies for different user groups. For example, administrative users who are not AAD administrators.

    3) Restrict by domain and have different rules per domains syncing up to the same tenant.

    17 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  5. Ability to to remove or customise the default message that we get during SSPR password reset via login screen for Win10 machines.

    Need the ability to remove or customize the default message that we get during SSPR password reset via login screen on Win10 machines. It says '8-16 characters, case sensitive, one number or symbol". This message is conflicting for the end-users as the organizations password policy may not be as stated in the hardcoded message. We need a way to customize it or remove it so that it doesn't confuse end-users.
    Also an important thing to note is that this message is not available when we use SSPR via the online link https://passwordreset.microsoftonline.com/ , its only available when the SSPR reset…

    9 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  6. Self Service Password Reset (SSPR) - Adding exception for users

    We have created many users through Application in Azure AD. And these users are not a part of any Azure AD groups.
    SSPR is not capable of adding exception for those users, who doesn't want to enable this functionality as they are not logging using WEB URL.
    If Azure platform could provide any conditional access just like MFA it would be of added advantage.

    6 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  7. Disable SSPR by group (exclude group from SSPR)

    Currently, you can configure SSPR to be enabled for your entire organization or for a specific group. It would be nice to have the ability to disable/exclude a specific group (e.g. enable for the entire organization except for a specific group(s)). The use case would be a scenario where almost the entire company should have SSPR but there are sensitive accounts that should not be enabled for it.

    17 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  8. Require PIN verification for office phone resets

    With modern open office floor plans a persons office phone might not be located in a secured area. As of now SSPR will simply call the office phone number and ask the user to press #. This creates a security issue in shared office space. Someone can easily from any computer type in a username, walk over to the desk, answer the phone and complete a password reset. An added layer of security should be setup where a user who sets up an office phone number is required to create a security PIN. Microsoft SSPR calls the number and request…

    4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  9. Self-service password reset (SSPR) - Lockout user account with multiple attempts Azure Active Directory Sign-In

    In self-service password reset (SSPR), to prevent users from multiple attempts to reset a password, if user try only five wrong password reset attempts it lock user for 24 hours. I would like to confirm, if there is a way for Admins to reset the counter for the locked user account and/or unblock user to login to the Azure portal?

    Reference article: https://docs.microsoft.com/en-us/azure/active-directory/authentication/active-directory-passwords-faq

    In the scenario, where a bad actor try to lock some user’s then it could easily be done by knowing the username and users will not be able to login for 24 hours. Is there a way…

    3 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  10. AAD Password Reset: Possibility for helpdesk for user verification

    We have users, which are registered for Azure AD Password Reset service. They have filled out the security questions and other options for using the AAD Password Reset self-service.0

    Sometimes the users have Problems to use the self-service in case of different things (forgotten smartphone, answers etc.). In this case, they can call the Helpdesk (ServiceDesk) for further assistant. Now, we are looking for a possibility to make a verification of the user, who is on the other end of the phone.

    Therefor a feature or possibility for members of the Helpdesk/ServiceDesk to verify the calling person with informations are…

    32 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  11. Make SSPR from login screen to work togheter with "Interactive logon: Don't display last signed-in" policy

    Even if in this document https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-sspr-windows it mentions that it interferes with SSPR this should be make to work. There are companies that use this policy across thousands of PCs for years to protect identity of logged on user when locked. Also this was Microsoft recommendation https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name

    If no user is displayed, we should ask for username exactly like login prompt does with this policy applied.

    5 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow use of custom controls/conditional access with self service password reset

    Allow one of the self service password reset options to be a custom control, such as calling Duo/Okta (currently allowed as a conditional access control). As a company that doesn't use Azure MFA it would be good to be able to use another MFA provider instead of requiring a second mobile application be enrolled, or using less secure methods like SMS.

    3 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  13. We need to display password reset guidance( Passsword complexity set in AD) in SSPR pages for end users

    Why azure doesn't have flexibility to include password parameters that are to be used while an end user resets his password through SSPR?

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure SSPR - Provide Message for Users when connecting to 802.1x networks

    For the most part, our users do not connect to 802.1x networks, but when they do SSPR simply fails without any feedback. To improve the user experience, please add an option to provide a custom message when SSPR fails.

    4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  15. Need an ability to force enrollment in AAD SSPR if a user logs in using a domain joined or Hybrid AD joined device.

    Need an ability to force enrollment in AAD SSPR if a user logs in using a domain joined or Hybrid AD joined device. Right now SSPR enrollment can be enforced for sign in to Azure AD joined apps only.

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow admin to reset a users security questions should they forget them

    Allow azure admin to reset a users security questions should they forget them

    1 vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  17. 1 vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  18. Password policies for cloud accounts should provide the same options as AD accounts

    Azure Active Directory Cloud-only accounts don’t adhere to our company's password policies. Notably the following company standards are not easily implemented (if at all possible) for cloud only accounts:

    Password ot derived from User ID
    Password history must be significantly different from the previous 24 passwords.
    No repeated characters (e.g. AAAAAbl$%)
    Exclude keyboard patterns (e.g. QWERTY789)
    Account lockout 6 times in a row during a 30-minute time period

    3 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  19. CA for SSPR

    Introduce conditional access for SSPR service so that users can reset their password only from known (Azure AD joined) devices.

    5 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  20. Link broken to the password reset registration page for Lindenwood

    Every time I try to update the “more information required” page for my office 365 account for college, it sends me to a page which says “an unexpected error has occurred”. I have visited the site multiple times throughout the last few weeks.

    1 vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base