Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Web Sign-In for Hybrid Azure AD joined machines

    Web Sign-In for Hybrid Azure AD joined machine, currently only an option for Azure AD Joined PCs.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  2. Bring the web-sign-in feature to GA, it works for us

    We’re successfully testing Intune device enrollment for Windows 10 with our Shibboleth IdP federated tenant. We’re using cloud only enrollment manager accounts and applying a web-sign-in policy when enrolling the machines. The end user does the web-sign-in but then has the option to enroll in Windows Hello and use a PIN going forward so it can be a sort of bootstrap procedure for them.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  3. Remove dependecy on DNScache for Azure domain join Windows 10 Virtual Desktop

    Windows 10 Virtual Desktop(Multi-Session) requires DNSCache to be enabled, before they can be joined to Azure AD-DS. We require DNSCache to be disabled and it prevents VMs from joining Azure AD.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  4. Prevent accounts with expired passwords logging into AAD joined Windows 10 devices

    On a Windows 10 AAD joined device (not hybrid) you are not prevented from logging in with an account using an expired password (after a lengthy case this security issue has been documented: https://docs.microsoft.com/en-us/azure/active-directory/devices/faq#can-my-users--sign-in-to-azure-ad-joined-devices-that-are-deleted-or-disabled-in-azure-ad).

    Big step backwards from an AD joined device where if the device can see a DC it will force a password change, logs show the device is aware of the expired password at the point of logon.

    This request is to mirror the functionality with an on prem AD joined device.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  5. Password Expiry Notification for Azure AD joined devices

    It would be great if Microsoft can implement Password Expiry Notification for Azure AD joined Windows 10 devices. All Intune managed devices are part of Azure AD and need a notification that pops up at bottom-right corner of the screen. We use Azure Directory Sync, all users are part of On-prem AD and sync to my AAD.
    Currently I wasn't able to find any option or way to enable this feature.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add Device owner to Hybrid AAD joined Machines

    Joining machines to Hybrid AAD helps with Conditional Access polices etc. When a machine is Hybrid Joined it loses the owner of the machine. This is by designee .

    But for an administrator it is a pain to go through AD logs and identify who is using the machine or who is logged in.

    This is why i am requesting to add the feature to have machine owners added to Hybrid AAD devices on azure console.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  7. add client to domain if first login is an Azure AD account

    Currently a client that logs in with an Azure AD account (Microsoft 365 mail address) is automatically "joined" to the Azure AD domain.

    However this does not apply any GPOs to the client.

    I would suggest to automatically make the client join the domain (like you would do with an on-premise AD) if the first ever login on a fresh client is an Azure AD login. If a second Azure AD account logs into the client they get only specific / restricted GPOs applied.

    This could all be enabled/disabled with org-wide and also user specific enabled/disabled checkboxes to either prevent…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  8. HYAADJ | TOAST Notification | Work or school account problem. We need you to fix your work or school account (most likely your password...

    Issue: Users getting TOAST notification every time user reboot the devices or lock and unlocks the device after sometime or VPN is disconnected.

    Full Error Message:
    Answer: Work or school account problem. We need you to fix your work or school account (most likely your password changed) Click here to fix it in Shared experiences settings

    Any application which leverage silent token renewal of PRT (non-interactive) through WAM and if that silent renewal fails user will see TOAST notification and it will throw in AAD as well “Interaction Required”

    Such notifications are false/positive, how do we ensure to provide better…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  9. Pre-provision Autopilot devices

    Allow administrators to pre-provision Autopilot devices in AAD so that they do not have to allow users to join devices to AAD (aka personal devices).

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure AD Domain Join for AWS Windows 2016/2019 EC2 instances

    Would like to use "Azure AD Join" for AWS Windows 2016/2019 EC2 instances to allow RDP access with Authentication via Azure AD credentials. Security is in favor of approving the following if available in AWS.

    Similar, but different situations are described here:
    https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows
    and
    https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join

    Note that "Hybrid Azure AD Joined" does not meet corporate security requirements.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  11. Problem with Azure AD Join USERPROFILE. Should be set to ASCII characters only

    This is such a triavial issue I'm amazed how it hasn't been addressed for years now.
    Here's the problem in more details:
    When a Windows 10 device is joined to Azure Active Directory, the logon process creates the user's folder in this location: c:\users (as might be expected, this becomes the %USERPROFILE% path). The folder name appears to be constructed based on the user's First name and Last name, as entered in the Azure Active Directory.
    However, when the user's first name or last name in the Azure Active Directory includes non-ASCII international characters (for ex. šđčćžáāķļ), these will be…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  12. Expand sign-in with AAD preview

    Please expand the sign-in with AAD preview to support more Windows OS's and other clouds. We want to leverage AAD sign-in to support Azure and AWS instances. We have mix of Windows server (2012R2 min) and Linux (CentOS/RHEL 6/7).

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  13. Remote connection to VMs joined to Azure AD

    At a moment you can only establish remote connection to VMs joined to Azure AD from Windows 10 PCs that are Azure AD joined or hybrid Azure AD joined to the same directory as the VM. It would be great if we could connect from our PCs that are not Azure AD joined to the same directory as VM. For example PCs that are in a Workgroup or PCs that are joined to some other AD.

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  14. Prevent Azure AD Device Registration

    Prevent Azure AD Device Registration, and only allow Azure AD Join for Windows 10 devices.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  15. Display a 2nd, customizable warning message when registering private device in AAD

    The current wording ("Make sure this is your organization") of the warning message when registering a private (non-company) device to AAD needs to be modified, or the ability to display an additional (tenant customizable) warning message needs to be introduced. We are having occasions where users are joining personal devices to the company AAD tenant without fully realizing the consequence of doing so. When clicking Join, they see the "Make sure this is your organization" message and feel confident that it is, and so continue. They fail to read the smaller text (or fail to understand the significance of the…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  16. Migrate User and Computer to Azure AD

    Microsoft needs to provide a command-line option or built-in feature that allows the ability to migrate existing AD user and computer objects to Azure AD.

    • Hybrid join does not stay AAD joined if you remove from AD.
    • Bulk enrollment only works for OOBE (new device0 and not existing devices.
    • USMT does not support AAD accounts, requires profile to be manually logged on first to create Windows Profile. There is no way to get the AAD user SID to try and pre-create profile for USMT.

    There either needs to be a tool or built-in mechanism to "switch" from AD to AAD…

    31 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  17. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  18. Re-enable bulk invite from Azure Portal (B2B guests

    The bulk invite (preview) functionality to invite multiple B2B guests was available on Azure Portal and was working fine. It has been disabled since 22nd Dec with no current deadline/timeline to re-enable it.

    When I checked with Microsoft Product team they asked me to raise this as an idea here and that they will re-enable if there was enough community support.

    Refer this for the functionality that I am referring to https://docs.microsoft.com/en-us/azure/active-directory/b2b/tutorial-bulk-invite

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  19. Azure AD availability in windows server 2019

    Is it possible to join the windows server 2019 in to azure AD using azure ad join?

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  20. Members of the "Guest inviter" role can invite guests, but unable to add First Name/Last Name

    Members of the "Guest inviter" role can invite guests, but unable to add First Name/Last Name.

    Logged with MS O365 Support 120012725000253, response: Wed 19/02/2020 14:43

    "The update from the product team is that the Guest inviter role will not be able to invite guest users successfully filling out the other details. He would need either ‘Global administrator’ or ‘User administrator’ role in order to do that."

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base