Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. access reviews

    In access reviews, it would be helpful to see the current status of the account. For example, we have accounts that are recommended for "Deny" but in AAD the account is already blocked from signing-in.

    Also accounts surface in the access review that have been removed from AAD.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for submitting the feedback!

    You’re right that currently we don’t reflect the status of the account in real time, because when the review is created we take a snapshot of the users in the review right before the review starts, so the reviewers get a view of the user’s activity X days before the review. This has been an audit requirement for some customers. I’d like to hear more about your use case in dynamically updating the user’s status, and how that contributes to your audits (if any).

    We’ll keep this feedback in mind when planning, thanks again!
    - Fionna

  2. After you verify your number ONCE there should NOT be any ongoing calls! Very invasive and STUPID!!!! There is NOTHING in my email

    This two step verification is STUPID and very invasive! JUst another way for folks to try and track you and your movements! There is NOTHING remotely private about my work email that warrants this type of TIME WASTING NONSENSE!!!!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  3. Access Review to delete user account

    We use access reviews to monitor 3rd party Office 365 accounts and licences. The users are in a security groups that assigns the licences. So if they are denied as part of the access review they are removed form the security group so their Office 365 licences are removed.

    Is there a way to also delete the user accounts as part of the process

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  4. Make the content of Access Review emails customizable.

    The emails sent to complete an access review have unnecessary additional content (e.g. Microsoft Address) and do not allow addition of more information to help those that receive a message.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Ben,

    Thanks for the feedback! Good news is that we are working to improve the emails to provide the reviewers the necessary information succinctly. Some of the information you see, the Microsoft logo and address, some are there because of legal reasons. We are actively working on this right now and will provide updates here.

    Follow up question for you, what else do you think is unnecessary, and what would you like to see?

    Thanks
    Fionna

  5. Access Review Process needs to be complete

    Access Reviews don't reflect the azure ad recommendation (example: user not logged for last 30 days etc.) for reviewers of 3rd party SaaS applications. Also, will be great to automate the line manager for each user as the access reviewer, as it would help in larger organisations to better manage and speed up the review process

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Niket,

    Thanks for the suggestion! Good news is that both of your asks are on our roadmap! Are you using Log Analytics in AAD? We’re working to integrate with the user login data in log analytics and surface those in our recommendations.

    As for line managers as reviewers, does your tenant have the manager attributed populated for your users? Great if you are, because we’re working on pulling that info from the user profile page.

    - Fionna

  6. this is the dumbest sh@t I have ever had to deal with

    This is absolutely ridiculous. I am not a computer genius and it seems that is what you have to be to figure it out

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    need-feedback  ·  0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  7. Apply access reviews to entire enterprise application

    I would like to create an access review for ALL Teams to review guest membership so whenever someone adds an external user to their Team the review will occur. Currently I have to tell the access review policy which teams it applies to. Because my users can add their own teams I have to create a manual process to look at new teams and add them to an access review. I'd rather just apply it to the entire application so it happens with every Team that exists.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hello all, Good news – we have made more progress on this ask! We started private preview of reviews on all guests in Teams/Office groups. Please fill out this form to be included in the private preview! We look forward hearing your feedback, working together to improve this feature, and sharing more updates with you very soon! bit.ly/ARGuestsInTeamsPP

    - Fionna

  8. Automation of Access Reviews

    Looking to see is there a way to automate in where access review that just identifies which accounts have not signed in in 60 days?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Soloman,

    This is a great ask! It is on our roadmap to enable policies to find users who are inactive in the last X days. On a related note, we do have a psh scrip that you can run to find guest users who are not part of any group, would you be interested to try it?

  9. Show users Department and or Job Title in Access Review

    Many of my reviewers have noted it would be a lot easier to complete the review if they knew the department a particular user was from or their job title. Adding this information to the report seems like an easy fix.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Sam,

    Thanks for this suggestion! We are on the same page with you – having more information such as department and job title will be very helpful for reviewers. It would be an easy fix on us if we call pull that data from Azure AD. Question for you – are those 2 attributes populated in your Azure AD user profiles? Do you manually fill them in when a user is added, or does your HR data automatically feed into Azure AD?

    - Fionna

  10. Allow the ability to increase the default 30 day review time frame:

    Hi, would be very beneficial if we can increase the time frame Access Reviews checks. At the moment the time frame is 30 days. It would be great to give the options for reviews that check time frames that are 3 months / 6 months / 12 months.

    Example: Long term sickness

    Would also help in creating accurate user to application assignments.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  11. Build custom access review

    As a user I should be able to upload a CSV file containing:

    Users
    Groups
    User and Group relationship

    I should be able to launch an access review based on above files. I should be able to select reviewers based on AAD identities or specify them in the file.

    Most ID governance tools have this function built in.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  12. Access review for subscription

    Expand access reviews to support Azure Subscription and Resources for explicit assigned identity.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  13. Change owner of the Access Review

    Currently I am a owner of multiple Access Reviews. And my name is sent in the e-mail as owner of the Review. I would like an option to remove my name from the mail, and the option to sent the user to the service desk if they have questions about the Review.

    What would be even better is the option to customize the e-mail which is sent to the users.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Michel,

    Thanks for the feedback and I’m glad we are thinking in the same direction! We have a plan to remove the "inviter"’s name in the email and replace it with a help desk link. Question for you, you mentioned that you prefer to have an “option” to send the users to service desk, 1) would this be an internal link specific to your organization, 2) should this be the default behavior, if not, what would you prefer? 3) another idea – would having a “friendly” description displayed to the users (different from the description the IT admin writes when creating the review), with a service desk link pasted in that description solve your problem?

    Thanks
    Fionna

  14. Implement our own logic on trigger Access Review

    Only a timer based Access Review is not enough for us.
    We have multiple situation we need to trigger review again, including:
    1. Based on some user's attributes update, e.g. Manager reporting line changes, Department changes, job role changes
    2. Based on usage pattern, e.g. a user haven't use a certain app/resource for last X days.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Gordon!

    Thanks for the feedback! We are working on adding more triggers to kick off access reviews like what you listed in 1!

    For 2. we do show user’s sign-in data to the reviewers to help them make the decisions. If a user hasn’t signed in to the tenant in the last 30 days, then the system will recommend denying that user’s continued access. Are you referring to automatically triggering a review on users who have not accessed an app/resource in the last X days?

    - Fionna

  15. Access Reviews - Select Line Manager As Reviewer

    Access for some applications/groups should be approved by the users manager. As the functionality is not available we cannot utilise the promising Access Review tool.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Keith,

    Thanks for taking the time to give feedback! We have the work to add managers as reviewers in our backlog, will update here once we have a preview to share!

    Currently, we do support group owners as the reviewers, would that help with your scenario?

    Would this functionality be your only blocker to use access reviews? I would love to know how you review access right now, any timelines you have. Thanks!

    - Fionna

  16. Access Reviews: Apply to new groups and/or multiple groups

    It would be VERY beneficial to apply an Access Review policy to new groups as they are created, eliminating the management overhead of creating new policies AFTER each group created.
    Also, if a Access Review Policy could be applied to multiple groups at a time, Access Reviewmanagement overhead would be reduced.

    32 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support to choose another "Group" as reviewer

    We have two scenario:
    1. For internal organization users, we need FTE manager as reviewer
    2. For external organization users, we need to have "sponsor" as reviewer.

    I already saw there is a feedback on supporting Manager as reviewer which should be fulfill our requirement 1. above.

    For requirement 2 above, we need to assign different "sponsor group" as reviewers (instead of individual users hardcode in Access Review)

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Gordon,

    Thanks for the detailed feedback! Yes we are working on adding both manager and sponsor groups as reviewers, will update here when we have a preview ready. In the mean time, if you have any more questions or more requirements, please let us know by commenting here!

    - Fionna

  18. Access reviews should also apply to Directory access

    Access Reviews should let you review guest users access on the directory level. Using a dynamic group with all guest users in it, I should be able to have access reviews DELETE the user from the Azure Active Directory rather than just removing the user from a group.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  19. Ability to add exceptions to Access Reviews

    Introduce the ability to add exceptions when creating Access Reviews

    eg. This will allow us to exclude service accounts from the report of accounts that have not logged on in the last 30 days

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  20. mas amigable

    Debería ser mas fácil de utilizar.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base