Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. sign-in logs

    Provide a capability to filter on successful and failed MFA authentications for the user sign-in activity logs within the AzureAD Portal. As a consumer of an AzureAD directory of 120k plus user director using MFA, this is critical for reflecting usage and availability of your services.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Improve UX of MFA Enrollment Process when Requiring an Authenticator App

    We use a conditional access policy to enforce MFA enrollment for all users, including guest users, since the data that everyone is accessing is highly confidential. In addition, because SIM-stealing attacks are becoming more and more common, our MFA policy is configured to require an app rather than relying on codes provided by SMS or phone calls.

    With this combination of settings, we find guest users to be very disoriented, confused, and frustrated by the current MFA enrollment process. Since this process is often the user's first impression of our technology and Microsoft Azure, it's important for the user experience…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. xclude the carriers terminating via SIMBOX for successful authentication

    The issue of concern is the authentication calls arriving us local numbers (Simbox) which results in failed authentication process.
    We request you to urgently to exclude the carriers terminating via SIMBOX for successful authentication process for MFA Authentication connect requests.
    We note that the authentication from VPN login terminates via SIMBOX/Bypass routes and thus increase login failures as the #prompt may not be send back for authentification as well us it is fraudulent in nature.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. landline verf option.

    I am currently a victim of spoofing (piracy) for over 8 mos. anything I type or submit electronically is copied by the hackers. A Mutli factor authentication using a landline that I can register as my number might be helpful.. I can register my job number. corp security or even the police officer's number. either they provide my authentication or the spoofer attempts to pirate the number and caught with a back trace.I have over 15 email address attempting to access my account information because there is not a secure way to retrieve your old account without creating a new…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Authenticator backup

    In the iOS Azure Authenticator app Provide backup and restore for data without using an icloud account. For example use a MSA account and OneDrive Personal Vault to store the backup. I have icloud turned off for everything so no ability to backup azure auth app data.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. IPv6 support for access to Azure Active Directory - login.microsoftonline.com - only IPv4 reachable

    Add support for IPv6 to Azure Active Directory to be reachable via IPv6 as well.

    MFA etc. should be supported via IPv6 only as well.
    login.microsoftonline.com and other URLs used.

    br,
    georg

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Calendar aware MFA Risk Score Trigger

    Went to Team Collaboratorium today and was suggested to post this here for the IDM team -- would love to have the Calendar integration that can tell MFA that you are traveling so it can expect logins from a foreign location for this user (traveling to Berlin, Germany, expect a login to occur from there) and ignore home base of USA...

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Microsoft authenticator UI needs some change for showing recovery options

    The current v7 android Microsoft Authenticator app has a UI setting which does not define the recovery options which can only be reached if you click learn more . Hence It would be better if we change the title from details to something more simple and intutive to the user like "Recovery Help" for pointing them to the guide as it currently points to. "Details" is not the best word to describe the recovery options guide in the UI . It would be great if you could consider changing the same.

    Related Github :- https://github.com/MicrosoftDocs/azure-docs/issues/49539

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Azure MFA: Fallback to verification code when app push times out

    Cloud Azure MFA should have a fallback feature like the on-prem MFA server so that an app-push MFA user is prompted to enter the code from their authenticator app app when the app-push times out.

    The #1 use case for this is users connecting a laptop to airplane wifi.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. MFA enablement after clicking on the App Icon

    I integrated an Application for SSO with Azure. I want to Invoke MFA after the user hits the Application Icon from myapss.microsoft.com? How is that possible? Please let me know

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. MFA status after enabling MFA for users who have registered MFA notification destinations in advance

    We are deploying Azure MFA by the following method, and we perform various controls depending on the status of MFA ([Forced] or [Enabled]).
    https://docs.microsoft.com/ja-jp/azure/active-directory/authentication/howto-mfa-userstates
    Even without enabling MFA, I understand that it is possible to directly access 「https://aka.ms/mfasetup」 and register the MFA notification destination in advance.
    However, if you enable MFA after registering the MFA notification destination, the status of MFA will not be changed to [Forced] even though MFA setup has been completed.

    The specifications are different from the status of each MFA status described in the Microsoft public documentation.
    Since the control is based on the…

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. OAuth password flow should support 2FA app passwords

    The password flow should support app passwords.
    Use case: I have a linux repository that has secure access enabled. The users are entering the username and password on CLI level. As we are shifting to TrustBuilder (IAM) solution. We have the possibility to connect with different OAuth providers. Azure is our user database with 2FA enabled. It would be nice if users can generate an app password in Azure and use this on CLI level (in the background this converted on TrustBuilder to an OAuth password flow to Azure). As there is no WEB interaction possible

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. mfa

    CA has the ability to grant access by enforcing MFA, we have a use case whereby in the large part our user estate is configured for push notifications, we have some systems whereby we do not want this method of MFA (this is for a number of reasons), some scenerios we would prefer to selectively pick verifications codes as the only method of MFA but leave push notifications for other services.

    It would be great to also incorporate this into NPS in the form of say a RADIUS attribute which would be able to toggle between what MFA method to…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. This is absolutely ridiculous! I am not allowed to have my cell phone with me at work and I don't have a work desk phone!

    You people are idiots. You think everyone is allowed to have a cell phone at work and that we all are assigned a desk phone. NOT TRUE on either of these. Trying to get into my email now is like trying to access Ft. Knox for gold!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. The Add ADFS farm wizard, needs to cater to when the SQL browser service is off and also for custom SQL ports.

    The Add ADFS farm wizard, needs to cater to when the SQL browser service is off and also for custom SQL ports.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Disable admin 2-step verification

    MFA for Admin credentials in a business environment should NEVER require an admin to provide PERSONAL information in order to verify identity.

    Existing requirement is limited only to provide a Phone # (seemingly ONLY a Cell#) and a 2nd Email address (which is not related to the domain) and this has more of the appearance of data-mining rather than MFA.

    Not everybody has a company-provided cell phone. Verification call back to a PBX cannot navigate an extension. Even when having it call a direct dial number to my desk, the message is that verification was not possible.

    This is infuriating…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Is using ms authenticator app for sspr defeating the purpose of multi factor authentication?

    If MFA is enabled, I need to enter my username and password, along with using the MS Authenticator app to access O365. However, what if I forget my password? What is the authentication method here? Is it simply using MS Authenticator to gain access? If so, I've now gain access using 1 factor instead of 2.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow Access to Conditional Access in Azure Government to integrate 2FA with DUO Security

    In Azure Government, there is no feature for Conditional Access to integrate DUO 2FA. The only option available is to use Microsoft Authenticator that does not support OAUTH Tokens. A mobile phone is not allowed in all areas for push notifications.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Make the MFA option available to any type of account and access to Azure

    MFA technology today is an important security requirement and cannot be conditioned by premium products, it is ridiculous because competitors provide the option of MFA as a security solution and not conditional on using Azure AD premium, security is for all of that it is a shot in the foot or I would not feel safe in the environment that tells me I have passwords and secure security mechanisms and wants to sell me the use of MFA

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. AzureMfaNpsExtnConfigSetup.ps1 is not OS-language independent

    AzureMfaNpsExtnConfigSetup.ps1 from the "NPS Extension for Azure MFA" is not OS language independent.
    Use $networkService = New-Object System.Security.Principal.SecurityIdentifier([System.Security.Principal.WellKnownSidType]::NetworkServiceSid, $null); for getting the name of the Network Service.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 18 19
  • Don't see your idea?

Feedback and Knowledge Base