Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  2. Don't assume that my work email is hosted with Azure / MS.

    When I try to set my email address as a recovery method I get the following error:

    Don't use your work or school email address, because you won't have access to it if you forget your password.

    But that's not true. My company uses a different email hosting service. Losing access to it has nothing to do with my Azure portal password.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow users to self update MFA methods for "Other Organizations you belong to"

    Users that have a presence in multiple tenants need a way to self update their MFA methods for "other organizations you belong to" on the myworkaccount.microsoft.com/organizations. Currently there is only a link to "leave organization". Please add a link to "update MFA methods".

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Show additional information to the MFA Notification

    When a user receives an MFA notification, it would be nice to see the following communicated in the notification:
    - Login Location (City, State, Country)
    - Service being logged into (Office 365 Portal, SharePoint Online, OneDrive, Client Apps, etc.)
    - Device OS/Type (Windows 10/Laptop, iOS 13.5.1/iPhone, Android 10.0/Tablet)
    - Device Compliance (Yes/No)

    This would further help users determine if the request is legitimate.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. get rid of this system as the verification app is not available

    you click on the download and nothing happens. really great what a waste of time.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. NPS extension for Azure MFA: Issue Access-Challenge response on App Notification methods

    When integrating NPS Azure MFA extension with Cisco ASA or FTD, the MFA verification methods for App Notification and Phone Call are difficult or challenging to use.

    This is because these verification methods do not force the NPS server to send an Access-Challenge method back to the ASA/FTD to give the user time to answer the phone or open and approve the app notification. Cisco ASA/FTD only allow 10 seconds for this to happen, and this value cannot be changed.

    If NPS could issue an Access-Challenge response that accepts null input, but just allows the user more time. It could…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure AD Role for Managing Group Membership

    An Azure AD administrative role that only grants access to manage group memberships of Azure AD groups would be useful.

    The current Azure AD roles grant too many rights on Azure AD groups and are unsuitable for assignment to Service Desk and other low privilege administrators

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  8. Were having issues with users not realizing the 2 factor option "click here to not be asked for 30 days" expiring and userse not realizing.

    When the 2 factor option for "Click here to not be bothered for 30days" expires it doesn't really prompt you very clearly that you need to sign back in. It's just a small icon on outlook. If you're busy or doing other things you don't notice.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add a «start» sync button for the Authenticator App

    I have noticed that the Authenticator App does not sync the newly added accounts with your existing backup. This is a huge oversight as I have fallen in that trap where I downloaded the app on a new phone only for then to lose half the accounts I had before.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. To view all users who has registered their security Security info

    We would like to know how users have registered their security info before we enforce MFA. If suggested already, could the link be shared. Thank you.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  11. Hide apps from the myapps.microsoft.com portal

    I want to be able to hide apps from the myapps portal. Specifically items like Bookings, Dynamics 365, Kaizala, etc. I've seen several posts requesting the same sort of thing (perhaps with different examples) and many were responded to indicating this is completed, but it is not.

    None of these apps even show up in the Azure AD list of Enterprise or Microsoft apps, so you cannot mark them as hidden from users.

    Here are references to some other posts asking for I think the same thing that have since been closed as completed.

    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/32884588-hide-default-microsoft-apps-in-myapps-microsoft-co

    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/16242835-hide-client-based-apps-in-the-myapps-portals

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  MyApps portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. Make a mystaff.microsoft.com alternative for edu called mystudents.microsoft.com or myschool.microsoft.com

    Really liking the http://mystaff.microsoft.com portal. The integration with AUs (from SDS) is so good. But as an edu admin, I would love if there was a http://mystudents.microsoft.com or a http://myschool.microsoft.com.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  13. Fix feedback email address for AD Connect troubleshooting script

    The AD Connect troubleshooting script displays a notice saying "Please send any feedback, comment and suggestions by email to: troubleshootaadc@microsoft.com"

    Attempting to email that address results in a non-deliverable message stating the below:

    "Your message to syncenginedev@microsoft.com couldn't be delivered.

    The group syncenginedev only accepts messages from people in its organization or on its allowed senders list, and your email address isn't on the list."

    I'm not sure if the message wasn't delivered at all, or if the "syncenginedev" group is just a member of "troubleshootaadc@microsoft.com" and it was delivered but not to that specific group member,…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  14. BUG: Azure AD Connect troubleshoot scripts fail if on-prem CN contains a comma

    When running the object synchronization troubleshooting scripts you are required to enter the DN of the on-prem object you're troubleshooting. If the object CN contains a comma (for example Lastname, Firstname) it is escaped in the DN using a backslash. When exporting the report it then fails because it is trying to create a path using the DN as the filename, which fails because of the extra backslash. The script should recognize that the filename contains an escaped character and remove it before generating the report path.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  15. Avoid Sign-in prompt on iOS by adding Redirect URI scheme for Apple device in Safe List

    When adding a new Microsoft Exchange account under Settings / Password & Accounts on an Apple iOS device to access O365, after authentication a consent page is displayed (see screenshot). This page is not clear to users, and we have seen cases where the device would be stuck on it (Continue or Cancel wouldn’t work)
    Looking at AAD logs and after opening a case, we found out that this page is displayed because the redirect URI that the iOS device sends back to AAD is not in the “Safe List” (http://, https://, msauth:// (iOS only), msauthv2:// (iOS only)…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. THIS PRODUCT SUCKS WASTES HOURS OF MY DAY

    THIS PRODUCTS SUCKS WASTES HOURS OF MY DAY

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  17. Custom SAML Certificate common name

    We store SAML signature certificate in our documentation system to log the expiration and track them as part of our documentation.

    We saw, that the common name of all created certificates is 'Microsoft Azure Federated SSO Certificate'. I would like to have the application name (at least) included in the common name. It could be possible to set a custom common name as well.

    That would make it much easier to identify the corresponding application.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  18. Share data across web application uisng Azure AAD B2C .

    I am working on the application portal requirement where admin can integrate different web application and the user can subscribe to it.
    I am looking for the solution to how I can save subscription information of the user in one place so the integrated application can check the user permission or claims for the specific application.

    Is it possible to achieve this using B2C?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow OTP users to update/change their source of authorization to AAD or Google federation

    When I turned on the OTP preview, it automatically forced users who did not have a domain listed in AAD or google to use an OTP, but it's rediculous to have to use OTP every time you log into an Extranet or Employee portal. I would like for users to use OTP as a last resort and be given the option to use or create a Microsoft account first, even if they used OTP previously with their current email address.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow Application Package approvers to extend access to assignees

    When the assignee of an application package is about to have their access expire, they receive an email notification 14 days and 1 days before expiry and can request to extend the access. It would be helpful if the approvers of the package could also see who is expiring and extend the access without needing a request from the assignee.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 210 211
  • Don't see your idea?

Feedback and Knowledge Base