Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable Azure AD Password Protection in Azure Government

    This is a feature available in Azure public, please add this feature to Azure Gov. With this enabled, we have much more flexibility in terms of make passwords maintenance easier for our users.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Scoring password in Azure AD password protection

    Today, Azure AD Password Protection scores the normalized new password with this rules:
    1. Each banned password that is found in a user’s password is given one point.
    2. Each remaining unique character is given one point.
    3. A password must be at least five (5) points for it to be accepted.

    If you use a banned word like "contoso", the score of the password grows with +1. A new password with 5 banned password(s), you will have an accepted password.

    If you choose one of the following password as a new password, it will be accepted:

    "contosocontosocontosocontosocontoso" --> [contoso]…

    30 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Make Enterprise Apps searchable by Reply URL

    We have a ton of SSO'ed apps. If an app is misspelled/mislabeled during creation, the vendor changes product names, or you have multiple similar apps with the same company it can be very difficult to identify the appropriate enterprise app. I think it would be very helpful if we could also search by reply URL.

    I love the new Enterprise Apps experience. You guys rock - thanks for being awesome!

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow more than 150 groups to be returned in the SAML assertion

    As part of the SAML assertion of a user we get the groups from the Azure AD. But for some users that are in many groups (> 150) Azure AD does not send the list of groups.
    Please allow either more than 150 groups or enable an easy way to get all groups of a user.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Windows Hello for Business in AAD/AD Hybrid too complicated for SMB

    Currently the process to enable Azure AD-joined users to authenticate to on-premises systems is complex and requires multiple servers and specialized expertise. Can we enable a simplified approach to enabling Hybrid environments to support Azure-AD Joined Windows 10 using Windows Hello for Business without complicated Key Trust or Certificate Trust implementations, or at least simplify the setup of those environments so that SMB may easily accomplish this?

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. option to show group name in groups claims

    ability to enable group names to be visible in the "groups" claim when groupMembershipClaims is enabled or via the SSO options.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Windows Hello for Business reporting tool

    Please implement the option/tool of having where to check the WHfB enrollment status for users.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Integrate Eidas (eu wide government login for eu citizens) into azure ad

    Since eu offers a eu wide login service for almost all eu citizens a better integration with azure ad could make azure ad more easy to use for many people.

    Examples could be

    use eu login additional / instead of mfa
    Onboard new employees by eu login retrieving their base masterdata.
    ....

    https://webgate.ec.europa.eu/cas/login?loginRequestId=ECAS_LR-18107929-Jzq2R5ivb0rSdzHNrcLnURNKXozRgMADBrjg1OjiePJP7gkzWbEE0ZfzKOs8H7fj08brFVNEHmOrxm7zGNYXh9XG-jpJZscgsw0K6XyjCM9qinm-NAMXk3llCCzWtNc4etQOJkJGIVSlzetVJb7gvd7DwBkACF2GWc2T5OwINsBKEWwJk8DCzaTQpEZ4lhtDTxr8VjW

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. By joining our community

    developer experiences and condition access

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Request to update the machine learning data per user via Confirmed sign-in Safe

    [Identity Protection]
    Request to update the machine learning data per user via Confirmed sign-in Safe, Customer would like to be able to update the user safe/familiar location data-set to include the new location

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. CORS for token endpoint

    For SPA Native applications, for instance Ionic/Cordova Apps, seems convenient to use code grant with PKCE flows.
    In this kind of apps, the requests are performed by the embedded browser, not by native OS. When the apps try to redeem the code to get the tokens if appears an error due to the fact that /token endpoint doesn't enable CORS.
    Is there any plan to allow CORS configuration in Azure AD as it has been already implemented in ADFS 2019 (https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/whats-new-active-directory-federation-services-windows-server#suppport-for-building-modern-line-of-business-apps)?

    31 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add EventLog for login attempt using only blacklisted keyword

    Password blacklists will prevent someone from using an easy password containing exclusively blacklisted keywords. But if I want to catch bad guys on my network, I want to see when someone is trying Company123 or Winter2020 for several different users. This is password spraying.

    If we can add this short list of commonly guessed passwords to the password blacklist, I would then like to have an event logged when someone attempts to use one of them. If we see many of those events in a short period, the security team will need to investigate.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Update the combined MFA/SSPR Registration's to not be dependent on 3rd-party cookies

    Apple has enabled Prevent Cross-site Tracking by default in iOS 13.4. As noted in the article, users get a "Sorry, we can't sign you in" message when 3rd-party cookies are blocked. As a result, MFA/SSPR Registration is broken by default on iOS 13.4. A manual intervention is now required to allow 3rd-party cookies because the setting cannot be managed on a supervised device. Apple has provided prescriptive direction on how update apps. Please update the combined MFA/SSPR Registration's to not be dependent on 3rd-party cookies.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. AAD - Azure Key Vault integration

    We have a certificate generated by Azure Key Vault and it will auto rotate. and we use the same certificate for the AAD App authentication by uploading the .cer to AAD portal.
    However, once the certificate is auto rotated, the thumbprint will be changed, and the AAD App authentication to AAD will fail because it use the latest version of certificate generated by Azure Key Vault.

    Is it possible to implement a feature rather than upload a cert, just point to the Azure Key vault certificate, once there is a new version generated, AAD should whitelist the new cert version,…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. MAKE THE DO NOT ASK FOR 60 DAYS WORK!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    MAKE THE DO NOT ASK FOR 60 DAYS WORK!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow service principals assigned as Azure Sql server AAD admin to create additional Azure AD sql users

    It appears you cannot create additional Azure Sql database AAD users using a service principal, it must be a user or group.
    This is limiting in Azure DevOps as I would like to use my service connection to use token authentication to provision users for managed identities.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. The "verify another way" is the same cell phone. How do I verify 2 factor authentication when I don't have that cell phone but it wants t

    The "verify another way" is the same cell phone. How do I verify 2 factor authentication when I don't have that cell phone but it wants to send a text or call the lost phone? And there is no way my organization can change that number. And the CCPO organization does not support CVR any longer and AESD-W says they can't help. Help!!!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sign in to Windows 2016 VM in Azure using Azure Active Directory authentication

    Sign in to Windows 2019 VM in Azure using Azure Active Directory authentication is now in preview.
    https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows.

    Is it possible to release this feature also for Windows Server 2016 Azure VM's?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Browser specific Windows Integrated Authentication (WIA) enforcement

    Users get errors and are blocked from using their mobile devices for Azure Active Directory Authentication when Windows Integrated Authentication is configured for desktop browsers like Google Chrome in Active Directory Federation Services (ADFS).

    ADFS configuration does not allow for configuring specific browsers and OS pairs for Windows Integrated Authentication (WIA) enforcement.

    It would be nice to easily configure this to avoid errors.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 21 22
  • Don't see your idea?

Feedback and Knowledge Base