Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure AD SSO with SAML2.0 should support the Relay State parameter

    SP-initiated SSO is working fine, but we're interested in doing IDP-initiated SSO with a RelayState. Our goal is to provide a seamless SSO experience for the user so that they can SSO from our application directly into an Azure component (Azure Synapse, Azure Data Factory, etc.) without having to first enter their UPN on the Azure AD login page. This feature is supported in AD, but not Azure AD.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. idp initiated

    IDP-Initiated SAML authentication is described in article: https://docs.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers#enable-identity-provider-initiated-flow-optional When this article is followed to the letter, we receive error that <Item Key="IdpInitiatedProfileEnabled">true</Item> is not set to true. After escalation to support team, said the feature is unsupported. This is a conflicting message. Please support IDP initiated SAML authentication as advertised.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Group Claim Adjustment

    adjust SSO SAML Application AD claims to allow adding group Claim to send specific AD groups not assigned to application ( EX : we need to send in Group Claim All AD groups started with " vf-organzation name-group "

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Date dependent Company Branding Theme

    What I am thinking is date dependent Company Branding. During summer, a summer theme. When we welcome new students, a theme that reflects this. During winter, the Northen light, snow...

    Others can use this during events, changes in the company profile, etc. Or simply, you just want to change the background picture on a regular basis. I think there is a lot of use cases.

    One profile can be marked as default, while others runs from a specific date and ends at a specific date.

    Just for the example: 01. september 2021 to 30. september 2021 - Students welcome theme.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Provide "Sign-Up" User Flow

    Related issues have opened and closed and/or been worked-around via custom policies. But in adherence to Microsoft’s own sensible recommendation to stick w/ canned B2C User Flows…

    Use Case: SaaS client wants to present end-users w/ a landing page that has 2 discreet panels.

    • Panel 1: “New to Our Community? Register for Free!”

    • Panel 2: “Already a Member? Sign in Here!”

    That requires mutually exclusive end-user journeys. How is the combination of both sign-up and sign-in available out-of-the-box, but not separately? Yes, there are ways to hack this and I’m settling for the least bad one for now.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Adjust Azure AD Sign in prompts so it reduces ability for account enumerations

    The sign in prompts for Azure AD provide attackers the ability to perform account enumeration. They provide for the enumeration of both username and passwords.

    When you enter a bad username you get a response of "The username may be incorrect. Enter a different one or create a new one".

    This alerts an attacker that the username was incorrect. If they then put in a valid username, it then prompts for a password.

    We are asking for this to be changed to provide a more generic response so that an attacker is not aware if there are entering proper credentials…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. by making it register the ip adress ******** it

    aucun service ne demande en répétition une validation d'identité. Je clear mes cookie à chaque fois que je ferme mon internet. Si vous vous fiez sur les cookie ce n'Est pas une bonne façon. C'est l'Adresse ip et autre numéro permanent qui doivent être utilisé. je parle de la validation par téléphone.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. An ideal solution for Office 365 Mailbox Migration

    Many organizations around the world are getting benefited from Microsoft Office 365 services. This cloud-based email solution has enabled businesses with the utmost productivity. Often the need arises for Office 365 to Office 365 migration. For this, essential Office 365 mailbox / documents need to be migrated. As Office 365 related processes are complex, most users do not know how to migrate mailbox from one Office 365 account to another one. This issue will be resolved now with EdbMails Office 365 mailboxes migration.

    EdbMails Office 365 Migration has the ability to migrate emails, calendars, contacts, and tasks of one Office…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Group Claim Adjustment

    adjust SSO SAML Application AD claims to allow adding group Claim to send specific AD groups not assigned to application ( EX : we need to send in Group Claim All AD groups started with " vf-organzation name-group "

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Group Claim Adjustment

    adjust SSO SAML Application AD claims to allow adding group Claim to send specific AD groups not assigned to application ( EX : we need to send in Group Claim All AD groups started with " vf-organzation name-group "

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Avoid Sign-in prompt on iOS by adding Redirect URI scheme for Apple device in Safe List

    When adding a new Microsoft Exchange account under Settings / Password & Accounts on an Apple iOS device to access O365, after authentication a consent page is displayed (see screenshot). This page is not clear to users, and we have seen cases where the device would be stuck on it (Continue or Cancel wouldn’t work)
    Looking at AAD logs and after opening a case, we found out that this page is displayed because the redirect URI that the iOS device sends back to AAD is not in the “Safe List” (http://, https://, msauth:// (iOS only), msauthv2:// (iOS only)…

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. ******** WITH YOUR DUMB **** AUTHENTICATIONS!

    its a pain in the , and as a grown adult I should be able to allow to steal my identity if I want.
    Its a
    of a thing for me to have to double sign in literally every time I want to access something!?
    I despise that other
    are too stupid to realise how easy it is to NOT use microsoft products, would be a great world if you lot just upped and died.
    Edit Even that
    ? dead if you * put half your brain power into making the world a better place instead of putting more **…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow seamless SSO with non-routable domains

    Currently, if you have a domain with a non-routable domain name (i.e. "company.local"), and use an alternate UPN, support for seamless SSO is limited.

    It works in web browsers if you pass a domain hint, but it doesn't in native applications such as Excel or Teams. This leads to limited user experience if they keep having to manually log on to their applications.

    Some companies are not able to change their on-premise domain name due to dependancies from other applications.

    If this feature could be modified so that seamless SSO fully works with non-routable domain names, user experience would be…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Authenticator Backup

    Authenticator backup should allow cloud backup to work or school accounts and allow recovery across devices.

    Presently, I cannot recover my work codes, via my personal account on an iOS device because the backup was originally taken on my Android phone.

    A backup that can't be restored is useless (if it's even that good).

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add support for SAMLP extensions in logout requests in ADFS and AAD

    At the current time, logout requests from a relying party that supports the <samlp:Extensions> element in logout requests cause a failure in ADFS and sign-out is not achieved. I do not know if other requests or responses in the SAML protocol are affected.

    At very least, the server should be able to ignore SAML protocol extensions that it does not support. More ideal would be to also have a supported mechanism for extending the functionality of the IdP for extensions not supported out of the box.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. OpenID Connect should always return email claim if requested

    The OpenID Connect implementation of Azure AD is not compliant with the spec and should be fixed. If the RP requests the email or profile scopes and the user gives permission, the id token must include an email claim.

    It appears that for some users, even if you add the optional claims for email, you do not get an email claim back. This is unacceptable. There is only one email address that any OIDC login would expect to get back and that is the email address they have just used to login, since that is the authenticated identity.

    The fact…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enable Azure AD Password Protection in Azure Government

    This is a feature available in Azure public, please add this feature to Azure Gov. With this enabled, we have much more flexibility in terms of make passwords maintenance easier for our users.

    17 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Since yesterday, I didn't receive the code Microsoft on my phone 37321973

    Since yesterday, I didn't receive the code Microsoft on my phone 37321973

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 25 26
  • Don't see your idea?

Feedback and Knowledge Base