Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 44 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Requesting to Fine Tune AZURE IDP - High Risk User Alerts

    Dear PG Team,

    Greetings!

    We have observed the 2 hits from the same source IP in which one event was failure with no device ID being captured by the IDP and on the very next hit we could observe the device ID being populated in the event which belongs to the same user for the same source IP with successful login event.

    Since, it is a offline detection which is triggered after 24 hours. We could update the use case in the algorithm to reduce the false positives. If that is not applicable, we could reduce the severity of the…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Improve AAD Identity Protection Detections

    AAD Identity Protection Detections need to be improved and should have similar detections as what offers Microsoft Defender for Identity. (https://docs.microsoft.com/en-us/defender-for-identity/what-is)

    Example of a UseCase needed by AAD IP:

    Reconnaissance on AAD is possible through Graph API (Using ROADrecon) without any detections, and isn't even audited.

    There should at least be detailed logging available in order to use Sentinel for custom alerts.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Risky sign-ins detection improvement

    We have a lot of FP detections related to Zoom service account. It performs sign-ins from different IP/locations. Is it possible to add additional parameters such as user agent or something else to reduce the FP rate?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Configure Risky User & Risky Sign in policies per detection type

    Configure Risky User & Risky Sign in policies per detection type.
    Today we can configure the actions (Block access, MFA or reset password) only for HIGH/Medium/Low users , manning it can be configured only per risk level.
    We would like to configure it per detection type.
    for examples:
    For Atypical Travel >> Request MFA
    For Anonymous IP Adress >> Reset password
    For unfamiliar sign in properties >> Allow Access

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure AD Identity Protection notification needs to support multi-language

    We can receive weekly digest or some alerts email in Azure AD Identity Protection, but it seems that it is only supported in English.
    It would be great for other language speakers, if we can select notification email language.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Make alerts in Sentinel coming from Identity Protection viewable in Azure AD/Identity protection

    We have the Azure AD identity protection connector enabled with our Sentinel subscription. Alerts in Sentinel with a source in Identity Protection can't be drilled down to within Azure AD/ identity protection.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Identity Protection IP Whitelist without using Trusted Locations

    Risky Sign-Ins triggering due to legitimate IP origin. Need a way to whitelist those IPs. Do not want to use Trusted Locations as Conditional Access Policies are used in some places to permit authentication. Perhaps an 'Exclude from Identity Protection' option on the Named Location separate from marking it as trusted.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Identity Protection - enable risk policies from graph api

    Hello, I need the ability to automate the enablement and configuration of the risk and Mfa registration policies, preferably through graph api.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. leaked credentials source

    Is it possible to add the source or a close approximation of source for a leaked credentials risky user hit? Having a possible site or even possibly the data breach that the hit was associated with can be useful to help the end users know where to start on changing credentials.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Guest users of Microsoft tenant should not evaluated by Microsoft under Identity protection or there should be option to excluded.

    Guest users of Microsoft tenant should not evaluated by Microsoft under Identity protection or there should be option to excluded.

    Guest users in Microsoft Tenant should not evaluated by MSFT under Identity protection once Admin from home tenant reset password, guest user are doing their daily task and not doing any suspicious activity but MSFT IDP making them risky sign-in/ risky users.
    so we want there should be option to exclude Guest user on request basis from Identity protection policy. (Broad commercial : posting this on behalf of customer as he insist)

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Remove links to non-interactive logins

    As per documentation: "Identity Protection evaluates risk for all authentication flows, whether it be interactive or non-interactive. However, the sign-in report shows only the interactive sign-ins. You may see risky sign-ins that occurred on non-interactive sign-ins, but the sign-in will not show up in the Azure AD sign-ins report."

    https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk#risky-sign-ins

    This leads to "dead" kinks in the alert interface. This again leads to confusion and lack of trust in the product. Further as not all relevant login can be inspected, a meaningful verdict is impossible, and therefore false positives can't be trained out of the system. I have been informed…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow the 'Users at risk detected' and 'Weekly Digest' emails to be sent to EXO Contacts or specified external addresses

    As a service provider, a number of our customers consume managed AAD IP and we want to be able to receive these emails in to our SDM solution.

    I am sure we could write some custom integration but it'd be super helpful if we could just use the standard UI to configure where the user notifications and weekly digest report are sent to without there needing to be an additional licensed user account in the tenant to forward them on.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Help leading disability

    Pass code number changes keeps coming up
    Don’t know which one is mine ?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Pessoal tenha conta opcional Microsoft nao te da suporte e so propaganda péssima empresa concorrência está 20 x a frente em termo suporte e

    Já tive minha conta raqueda 2 vezes nessa empresa mesmo com todas as provas que a conta é minha comprovando email e dados disseram que nao pode me ajudar 3 dias depois de vários pedidos de socorro.
    O racker pode usar seus dados porque ele tem livre acesso mais o cliente nemmoral tem porque para eles a desconfiança e do cliente e nao de quem está roubando seus dados infelizmente uma conta que tenho mais dez anos mas que nao faço mais questão a concorrência está 10 x a frente em relação suporte ao cliente uma vergonha Microsoft outlook

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Microsoft ê uma merda suporte 3 dias esperando conta raquada e vem me dizer que nao ppde me auxiliar sendo todas as provas claras que a con

    Microsoft é uma merda só propaganda pior empresa nao tem suporte infelizmente foi contente com voncorentes

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for reaching out to feedback suggestion forum. Please share more information around your scenario/use-case, how you are accessing, what type of devices etc. this will help us to understand and address your account broken issue quickly. Also, contacting your administrator will also help to resolve this issue as many settings are controlled and managed by administrator.

  17. banned password message azure ad password protection

    Add GPO or client to Windows Client for Azure AD Password protection to display the corporate password policy on login when the user's change password and it's banned. Give users on prem what they can and cannot use as feedback if they put a bad one in.

    64 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Give global admins more control over User/sign-in risk levels

    Please give global admins more control over the logic for notifying/alerting and evaluating whether a sign-in is risky and which risk level.
    It would be nice to have a simple "if then" type control for specific instances where the client feels a sign-in attempt is a risk, but MS does not. For example; we have one non-MFA protected account that successfully supplied the password for that account from a blocked country per the conditional access policy. Though conditional access did block it, all the bad actor would have to do in this instance would be to attempt sign-in form a…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow administrators to change wording when a user has to "Update your password"

    Allow for administrators to customize the text that appears when a user is prompted to change password via conditional access policy.

    Currently the wording says "Since someone else may have access to your account, you need to choose a new password. Don't use the same password that you use for the sites"

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Most of the security questions for Password Recovery I don't know the answer to. Please consider a feature where I put my own questions in.

    Rather than you provide questions that don't have relevance such as "What is your youngest siblings middle name?" or "In what city was your mother born?", how about allowing me to create my own challenge questions.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base