Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. idp initiated

    IDP-Initiated SAML authentication is described in article: https://docs.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers#enable-identity-provider-initiated-flow-optional When this article is followed to the letter, we receive error that <Item Key="IdpInitiatedProfileEnabled">true</Item> is not set to true. After escalation to support team, said the feature is unsupported. This is a conflicting message. Please support IDP initiated SAML authentication as advertised.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Avoid Sign-in prompt on iOS by adding Redirect URI scheme for Apple device in Safe List

    When adding a new Microsoft Exchange account under Settings / Password & Accounts on an Apple iOS device to access O365, after authentication a consent page is displayed (see screenshot). This page is not clear to users, and we have seen cases where the device would be stuck on it (Continue or Cancel wouldn’t work)
    Looking at AAD logs and after opening a case, we found out that this page is displayed because the redirect URI that the iOS device sends back to AAD is not in the “Safe List” (http://, https://, msauth:// (iOS only), msauthv2:// (iOS only)…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add support for SAMLP extensions in logout requests in ADFS and AAD

    At the current time, logout requests from a relying party that supports the <samlp:Extensions> element in logout requests cause a failure in ADFS and sign-out is not achieved. I do not know if other requests or responses in the SAML protocol are affected.

    At very least, the server should be able to ignore SAML protocol extensions that it does not support. More ideal would be to also have a supported mechanism for extending the functionality of the IdP for extensions not supported out of the box.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Enable Azure AD Password Protection in Azure Government

    This is a feature available in Azure public, please add this feature to Azure Gov. With this enabled, we have much more flexibility in terms of make passwords maintenance easier for our users.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Since yesterday, I didn't receive the code Microsoft on my phone 37321973

    Since yesterday, I didn't receive the code Microsoft on my phone 37321973

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Make refreshing SSO sessions an option

    Currently, an SSO session has a fixed lifetime as configured by the SsoLifetime parameter, i.e., a user logs in, and once [SsoLifetime] minutes have passed, their SSO session ends, even if they were still active until minutes before.
    This is because a new SSO session is only created when an authentciation is performed, but as long as an SSO session is active, (of course) no authentication is performed.

    There are use cases, however, where we want the user to be able to extend their SSO session whenever they are active, provided that their current SSO session is still valid.

    It…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Restrict Azure AD user to have 1 concurrent session to Azure portal

    Currently, Azure AD allows concurrent login to Azure portal for the same user from different browser on the same workstation or from same/different browser on different workstations. It is good to have a feature to restrict concurrent login for the Azure portal to 1 for each user. That way at a time only 1 session for the Azure portal is active for the user.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Authentication issue

    How to get resolve this isue for my work school acount:

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. ADFS MFA adaptor to full support Alt Login ID

    Currently we have 2 forest domain in our environment and we have only 1 domain that is sync-ed up to Azure. We have enabled MFA via adfs for users but the forest domain that is not sync up to azure has issues with WIA. We would like MS to support the MFA adaptor for alternate id to allow both domain users using alternate id to be able to authenticate

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support Opera browser in device policy with Azure AD Conditional Access

    Without any warning, using the Opera browser for accessing Microsoft SharePoint sites has stopped working and the user is presented with a "You can't get there from here" error message including a message stating
    "The current browser is not supported, please use Microsoft Edge, Internet Explorer or Chrome to access this application."

    From what I can see, this is due to some new policy being applied and only the browsers listed at https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditions#supported-browsers can be used.

    This is quite limiting for the user's freedom to select any browser from any company. If there are well documented ISO standard that the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly

    I'm getting an error when connecting to AzureAD using Powershell 7.1

    The error is:
    Connect-AzureAD: One or more errors occurred. (Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.): Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. AAD authentication support for Azure ARC managed Linux machines/VMs

    Linux VMs already support AAD-based authentication, but only in Azure.
    The suggestion is to extend this support for any Linux machine managed by Azure ARC.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add support for Oauth3/GNAP

    Add support for OAuth3/GNAP authentication protocol. This is a IETF draft standard protocol for Authentication. https://oauth.xyz/

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. branding

    Our company would like to remove the "No account? Create one!", "Can't access your account?", "Sign-in options", and "Forgot my password" links from our branded Azure sign-ins.

    Each of the links creates confusion for our user population. For example, people believe they can create their own company account by following the "No account? Create one!" link. We provision accounts for our users, so don't want them to see such an option.

    The "Forgot my password" link -- which shows on the second "page" of the Azure sign-in after a person has typed their username -- is a similar story. Our…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Trouble signing in. AADSTS900561 : The endpoint only accepts POST requests. Received a GET request.

    Troubleshooting details:
    Request Id: 6cabe377-299a-4d94-8d64-41e909531c00
    Correlation Id: 85687eff-d367-4abb-b04b-c6ab1c21b75f

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Microsoft authenticator application is not containerized (Intune SDK)

    We would like the organizational data in the MS Authenticator application to be protected by the Intune SDK MAM controls. It is a business requirement that all offered applications have MAM DLP policies.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. make it so I can see my work calendar on my **** phone

    Login Error email server timed out. wow, I like Windows, but I guess my love affair with Microsoft ends right there. Outlook is horrid, Teams is weird and lacking, can't even see my calendar on my phone?!? ugh, ok, titanic

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. SAML Group claims customizable value

    In the source attribute menu, it could be good to be able to send a fully customizable claim value (not name) for a group like it is possible to do in ADFS.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 24 25
  • Don't see your idea?

Feedback and Knowledge Base