Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable SSPR to reset Windows cached credentials

    In reference to - https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-sspr-windows

    Its great that SSPR can now be invoked from the login screen. This however seems like a relatively minor benefit to the average user since most have a mobile device with which they can follow the flow. I don't mean to demean the achievement since its definitely needed. However, what is a major issue (and which generates just as many support issues (and erodes IT credibility) as no SSPR at all) is the lack of SSPR for cached credentials when users are off the network/VPN. This happens to be the most common use case we…

    107 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow use of custom controls/conditional access with self service password reset

    Allow one of the self service password reset options to be a custom control, such as calling Duo/Okta (currently allowed as a conditional access control). As a company that doesn't use Azure MFA it would be good to be able to use another MFA provider instead of requiring a second mobile application be enrolled, or using less secure methods like SMS.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow Users to Change Password in portal.office.com

    The Microsoft Corp. CSP Office 365 Business Premium license does not allow a user to change their password if they are a hybrid Azure AD Connect synced user with write-back enabled.

    We have a case where we have remote sales people with BYOD devices not joined to our domain and they don't have a way to change their password.

    We can't create them as o365 cloud only users because I need to be able to run export reports from AD for bill-back purposes.

    Please open this up so they can change their passwords. Thank you.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  4. Update or remove the CAPTCHA verification in the SSPR

    The CAPTCHA verification in the initial SSPR portal page is most of the time really hard to read and it take 4-5 attempts to actually start the password reset or account unlock process and this frustrates our end-users.

    I understand the reason the CAPTCHA is there but maybe replace it by the reCAPTCHA with images instead of those hard to read letters.

    Ps. the current captcha is case-sensitive but there are no info in SSPR to highlight that :(

    26 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  5. Additional notification settings "Notify manager on password resets"

    Currently there are 2 notification settings on SSPR: [Notify users on password resets] and [Notify all admins when other admins reset their passwords].

    Could you add "Notify manager on password resets" so that user's manager is notified when the user reset his/her password?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  6. Disable SSPR by group (exclude group from SSPR)

    Currently, you can configure SSPR to be enabled for your entire organization or for a specific group. It would be nice to have the ability to disable/exclude a specific group (e.g. enable for the entire organization except for a specific group(s)). The use case would be a scenario where almost the entire company should have SSPR but there are sensitive accounts that should not be enabled for it.

    30 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  7. Need [exclude] option on Password reset properties.

    That'll be nice if administrators could exclude specific user or group for password reset.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  8. Multiple self-service password reset (SSPR) policies

    A customer wants to enable the SSPR for shops. The users in the shop should be able to reset their password with one authentication method (office phone). They also want to enable the password reset for administration personnel in there HQ. They should be able to reset there password with the other options (Mobile phone, mobile app code, notification) but NOT the office phone.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  9. Spelling error in dutch error message Azure AD Password Reset

    There is a spelling error in a dutch error messege for Azure AD password reset. It concerns the error messege the user will get when the user wants tot reset the password while he is not registered for Azure AD Password Reset

    'U **** uw eigen wachtwoord niet opnieuw instellen omdat u zich niet het geregistreerd voor wachtwoordherstel'

    The word 'het' should be replaced by 'heeft'

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  10. SSPR - Allow user unlock from the windows 10 logon screen.

    You recently implemented the password reset from the Windows 10 logon screen. However, the possibility of unlocking the user when they remembered the password was lacking.

    I remember that this functionality already exists through the MIM or Azure reset link.

    95 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  11. SSPR - Allow password reset from Windows 10 login screen when connected to wifi

    This suggestion is related to the SSPR functionality at the Windows login screen. The process is described here:
    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-windows

    The password reset screen loads fine and a user is able to reset his AD password when connected to LAN (computer authentication)

    However, when connected to wifi (computer and user authentication / user re-authentication occurs) the password reset screen says that there's no internet connection.

    SSPR needs to be allowed on wifi networks using 802.1x authentication thar have the option “Perform immediately before user logon” disabled.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  12. Password Reset not sending code

    Password Reset not sending code if it is requested by phone, only if you add a number 1 in front of the number, I tried two times without it and never got a code, once I added it I got it.
    Please add a note right next to the input field for the phone number stating that the number one is needed.
    Thanks.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  13. SSPR should prevent the use of previous historic passwords used on the account for “X” times (as is standard for on-premise systems)

    Office 365 tenant is a managed domain with all cloud based accounts. Users within the tenant tend to register on private company websites (fitness trackers, consumer purchases, etc.) using their enterprise email address from the tenant. Some of the public company sites get compromised and expose their passwords in clear text, which are then sold on the black market. When those Office 365 accounts are identified as “compromised”, meaning an attacker logs in using the login ID and password from the exposed site the tenant administrator resets those affected passwords to random passwords. The users do not know the password…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  14. Granular options for Self Service Password Reset Factors

    It would be nice to be able to configure self service password reset MFA with as much granularity as application MFA policies.

    1) Restrict what factors you can use based on trusted device, network location, etc.

    2) Specify different policies for different user groups. For example, administrative users who are not AAD administrators.

    3) Restrict by domain and have different rules per domains syncing up to the same tenant.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  15. mon compte bloque free

    comment débloque mon compte bloque

    merci

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow setting the number of authentication methods a user is required to add during interrupted registration

    Currently the wizard only guides the user to setup up a max of 2 authentication methods. Please make that configurable so you can guide the user to setup all methods instead of having them manually go back into the portal and setup a 3rd or 4th.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enable SSPR on a Windows 10 device that is not Azure AD joined or Hybrid Azure AD joined.

    Due to technical limitations, we’re unable to Azure AD join or implement a Hybrid Azure AD join on our Windows 10 devices. It would be great if Windows 10 had the ability to launch a secure Web browser session to a backend portal (https://aka.ms/sspr) from the Windows 10 login screen “Reset Password” or “Forgot Password” link without the Azure AD joined or Hybrid Azure AD joined requirement.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  18. Require PIN verification for office phone resets

    With modern open office floor plans a persons office phone might not be located in a secured area. As of now SSPR will simply call the office phone number and ask the user to press #. This creates a security issue in shared office space. Someone can easily from any computer type in a username, walk over to the desk, answer the phone and complete a password reset. An added layer of security should be setup where a user who sets up an office phone number is required to create a security PIN. Microsoft SSPR calls the number and request…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  19. Unlock account from SSPR without resetting password

    Allow users to unlock their account without them having to reset their password.

    In our organisation, accounts get locked out due to various other reasons and not just because of forgotten password. Option to unlock account should be provided to users who remember their password by asking them for their password, if they choose to just unlock their account.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  20. Can change method

    Hello,

    We find a problem with SSPR.
    In our first test we authorize :
    -Mobile app code
    -Mobile app notification
    -Email
    -Mobile Phone
    -Office Phone

    We required 2 methods for reset.
    Until there no problem.
    We made some test and it works.
    But we ask us to desactivate the Mail method and add security questions as a valid method.

    We did it.

    For someone that don't have register yet, no problem, but for someone that had already register we have a problem.
    He can't add questions method.
    We test with the preview version of SSPR registration:
    https://docs.microsoft.com/fr-fr/azure/active-directory/authentication/howto-registration-mfa-sspr-combined

    We can delete…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base