Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enterprise App provisioning needs more detailed Quarantine errors

    I have a customer who sees a couple of their Enterprise applications are Quarantined due to high number of errors. For some reason they don't see the errors in the audit logs. When I researched the errors on the backend I found they had the following error code: DiceCredentialValidationFailure. Here is the most recent error message: Credentials passed are invalid for applicationId=

    Once armed with that knowledge, I was able to work with the customer to create a new Admin credential for the application.

    We would like to see that level of error reporting in the customer viewable audit logs…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning to Applications  ·  Flag idea as inappropriate…  ·  Admin →
  2. Use Azure Conditional Access for the background app (no user is signed-in)

    Use Azure Conditional Access for the background app (no user is signed-in)

    more info here: https://github.com/MicrosoftDocs/azure-docs/issues/38584

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  3. Customer tenants should be manageable by PIM

    PIM should be able to manage access to customer's tenants. Partner has employees with their own source of authority but should still be able to give out access based on Azure lighthouse for instance. AzLighthouse currently supports groups only, which are not supported by PIM.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Bitlocker Encryption Keys

    As Someone has sugguested to generate a report (For Example) and export all encryption keys and to which device belongs to.

    in addition, we need to keep such keys (or an option to keep them or delete them) whenever a device is removed.

    We have 2 cases where 2 devices were deleted along with encryption keys (such keys used to encrypt external hard drive), the user has forgot the password and we don't have the recovery serial to unlock it.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  5. set the Name field with csv when using Bulk invite to invite Azure AD guest users

    When adding guest users via Bulk Invite in Azure AD, the name field is populated with the prefix of the email address. Frequently it's not the person's real name. I'll have to go back and modify them all. Please advise when this functionality will be added to Azure AD.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. enforced privileged identity management for CSP and report on costumer security blade among other normal security measure.

    Costumers even thrusting their CSP need to have a view and a control over their activities PIM is one of them , and report should be send to the security center that have the abilities to be linked to a SIEM .
    it's also part of a compliance audit, we should not need to add that partner as a B2B guest to do so , it's too much combersome as the trust between the azure AD is exisiting .

    begin to put the admin agent and helpdesk agent as eligible role (i would even suggest by default" .

    CSP Cloud…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Entitlement Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. Please make the country code field in the Phone registration page editable on mobile devices

    Phone /Alternate phone on registration page : Country code is not editable on mobile devices and user has to scroll the full length to pick countries like UAE.

    Please make it editable .

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Device Registration  ·  Flag idea as inappropriate…  ·  Admin →
  9. Option to Exclude group in Group Based Licensing

    Now it is possible to assing a license to a security Group. And al users in this group gets that license. Works Fine.

    Educational and large companies, provision accounts from other sources to Active Directory and Azure AD. They als use multiple types of (conflicting) Microsoft 365 Licenses.

    Please add a function to Exclude groups from a license assingment. So users standard get's a A3 license except when they are a member of (example) group-A1

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Groups/Dynamic groups  ·  Flag idea as inappropriate…  ·  Admin →
  10. Access Review Process needs to be complete

    Access Reviews don't reflect the azure ad recommendation (example: user not logged for last 30 days etc.) for reviewers of 3rd party SaaS applications. Also, will be great to automate the line manager for each user as the access reviewer, as it would help in larger organisations to better manage and speed up the review process

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  11. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  12. Needing a way for Application Owners to have limited access when "Restrict access to Azure AD Admin Portal" is enabled

    It's been identified that when restricting access to the portal by enabling the ‘Restrict access to Azure AD Admin Portal’ setting within AAD settings, users who are defined as ‘owners’ of applications within either ‘Enterprise Applications’ or ‘App registrations’ that are no longer able to access the portal for application management with the restriction enabled.

    We would like the ability to have a flag to indicate if owners of applications should also be permitted to access the Azure AD Admin Portal without granting any additional role/entitlement.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  13. Risky user email notification is confusing

    Risky user email notification is confusing.
    When a user click the link on an email, he/she goes to "Risky users (Preview)" page. However this page is confusing. Especially, sometimes it says "No risky sign-ins found" on "Resent risky sign-ins" tab. The link should navigate users to "Azure AD Identity Protection" page, which is intuitive and easier to understand.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Additional Info for Risky Users in AIP

    We would like to see the reason for the Risky sign-ins. This would help us identify why AIP flagged our users. Is it because of impossible travel or anonymous IP etc in Risky Users blade under AAD.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. I need to confirm that you are not contacting users about a hack and asking us to let you stop all microsoft use. Is this for real

    I need to assure myself that you are for real when I get a phone call that you have been hacked and some of the software will be closed unless you do what the telephone tells you to do

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  MyApps portal  ·  Flag idea as inappropriate…  ·  Admin →
  16. Make a dedicated RBAC role or action for Update Management deployments available

    Currently to deploy an update via Update Management solution a user requires Microsoft.Compute/virtualMachines/write' on resource group scope level. This is a very widely scoped privilege similar to VM contributor, however, deploying updates is typically a task typically allowed even for a non-administrative user accounts. It makes it impossible to create a low privileged accounts for VM maintainance and forces high-privileged users to continuously work in portal risking a) their credentials to be compromised; b) accidental resource corruption/deletion.

    Similarly, it would also be nice to have a separate action for VM resizing.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  17. Azure AD Audit Logs - On-Premise AD Group Membership Changes

    Azure Active Directory audit logs do not show the details of on-premise Active Directory group membership changes. While these changes could be viewed in on-premise AD logs, it would be nice to be able to leverage the easy to use Audit Logs UI and logging analytics capabilities within Azure.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  18. Could we search for Service Principals as Azure Resources, as they're bots?

    Navigating to subscription to check and assign SP's roles feels like it could be made faster. Could we search for SP's through the Azure graph search on the top of the portal?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  19. B2C sign up verification code in email will expire in 5 minutes. Is it possbile to extend the validity?

    B2C sign up verification code in email will expire in 5 minutes. Is it possible to extend the validity? I have heard several feedback that 5 minutes isn't practical in real world.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  20. More info on audit of resources

    Want to see more activities information when accessing resource audit. Activities detail did not show tickets number info and reason input by user during the activation stage.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 171 172
  • Don't see your idea?

Feedback and Knowledge Base