Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
idp initiated
IDP-Initiated SAML authentication is described in article: https://docs.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers#enable-identity-provider-initiated-flow-optional When this article is followed to the letter, we receive error that <Item Key="IdpInitiatedProfileEnabled">true</Item> is not set to true. After escalation to support team, said the feature is unsupported. This is a conflicting message. Please support IDP initiated SAML authentication as advertised.
6 votes -
Avoid Sign-in prompt on iOS by adding Redirect URI scheme for Apple device in Safe List
When adding a new Microsoft Exchange account under Settings / Password & Accounts on an Apple iOS device to access O365, after authentication a consent page is displayed (see screenshot). This page is not clear to users, and we have seen cases where the device would be stuck on it (Continue or Cancel wouldn’t work)
Looking at AAD logs and after opening a case, we found out that this page is displayed because the redirect URI that the iOS device sends back to AAD is not in the “Safe List” (http://, https://, msauth:// (iOS only), msauthv2:// (iOS only)…7 votes -
Add support for SAMLP extensions in logout requests in ADFS and AAD
At the current time, logout requests from a relying party that supports the <samlp:Extensions> element in logout requests cause a failure in ADFS and sign-out is not achieved. I do not know if other requests or responses in the SAML protocol are affected.
At very least, the server should be able to ignore SAML protocol extensions that it does not support. More ideal would be to also have a supported mechanism for extending the functionality of the IdP for extensions not supported out of the box.
4 votes -
Enable Azure AD Password Protection in Azure Government
This is a feature available in Azure public, please add this feature to Azure Gov. With this enabled, we have much more flexibility in terms of make passwords maintenance easier for our users.
17 votes -
Since yesterday, I didn't receive the code Microsoft on my phone 37321973
Since yesterday, I didn't receive the code Microsoft on my phone 37321973
1 vote -
Make refreshing SSO sessions an option
Currently, an SSO session has a fixed lifetime as configured by the SsoLifetime parameter, i.e., a user logs in, and once [SsoLifetime] minutes have passed, their SSO session ends, even if they were still active until minutes before.
This is because a new SSO session is only created when an authentciation is performed, but as long as an SSO session is active, (of course) no authentication is performed.There are use cases, however, where we want the user to be able to extend their SSO session whenever they are active, provided that their current SSO session is still valid.
It…
8 votes -
Restrict Azure AD user to have 1 concurrent session to Azure portal
Currently, Azure AD allows concurrent login to Azure portal for the same user from different browser on the same workstation or from same/different browser on different workstations. It is good to have a feature to restrict concurrent login for the Azure portal to 1 for each user. That way at a time only 1 session for the Azure portal is active for the user.
3 votes -
Authentication issue
How to get resolve this isue for my work school acount:
1 vote -
ADFS MFA adaptor to full support Alt Login ID
Currently we have 2 forest domain in our environment and we have only 1 domain that is sync-ed up to Azure. We have enabled MFA via adfs for users but the forest domain that is not sync up to azure has issues with WIA. We would like MS to support the MFA adaptor for alternate id to allow both domain users using alternate id to be able to authenticate
1 vote -
Support Opera browser in device policy with Azure AD Conditional Access
Without any warning, using the Opera browser for accessing Microsoft SharePoint sites has stopped working and the user is presented with a "You can't get there from here" error message including a message stating
"The current browser is not supported, please use Microsoft Edge, Internet Explorer or Chrome to access this application."From what I can see, this is due to some new policy being applied and only the browsers listed at https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditions#supported-browsers can be used.
This is quite limiting for the user's freedom to select any browser from any company. If there are well documented ISO standard that the…
1 vote -
Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly
I'm getting an error when connecting to AzureAD using Powershell 7.1
The error is:
Connect-AzureAD: One or more errors occurred. (Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.): Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.1 vote -
AAD authentication support for Azure ARC managed Linux machines/VMs
Linux VMs already support AAD-based authentication, but only in Azure.
The suggestion is to extend this support for any Linux machine managed by Azure ARC.1 vote -
Add support for Oauth3/GNAP
Add support for OAuth3/GNAP authentication protocol. This is a IETF draft standard protocol for Authentication. https://oauth.xyz/
1 vote -
branding
Our company would like to remove the "No account? Create one!", "Can't access your account?", "Sign-in options", and "Forgot my password" links from our branded Azure sign-ins.
Each of the links creates confusion for our user population. For example, people believe they can create their own company account by following the "No account? Create one!" link. We provision accounts for our users, so don't want them to see such an option.
The "Forgot my password" link -- which shows on the second "page" of the Azure sign-in after a person has typed their username -- is a similar story. Our…
3 votes -
1 vote
-
Trouble signing in. AADSTS900561 : The endpoint only accepts POST requests. Received a GET request.
Troubleshooting details:
Request Id: 6cabe377-299a-4d94-8d64-41e909531c00
Correlation Id: 85687eff-d367-4abb-b04b-c6ab1c21b75f1 vote -
1 vote
-
Microsoft authenticator application is not containerized (Intune SDK)
We would like the organizational data in the MS Authenticator application to be protected by the Intune SDK MAM controls. It is a business requirement that all offered applications have MAM DLP policies.
1 vote -
make it so I can see my work calendar on my **** phone
Login Error email server timed out. wow, I like Windows, but I guess my love affair with Microsoft ends right there. Outlook is horrid, Teams is weird and lacking, can't even see my calendar on my phone?!? ugh, ok, titanic
1 voteThank you for reaching out to feedback suggestion forum. Please share more information around your scenario/use-case, phone OS, Calendar type (Gmail, Outlook etc.). This will help us to re-pro, understand and improve experience.
-
SAML Group claims customizable value
In the source attribute menu, it could be good to be able to send a fully customizable claim value (not name) for a group like it is possible to do in ADFS.
1 vote
- Don't see your idea?