Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. This is absolutely ridiculous! I am not allowed to have my cell phone with me at work and I don't have a work desk phone!

    You people are idiots. You think everyone is allowed to have a cell phone at work and that we all are assigned a desk phone. NOT TRUE on either of these. Trying to get into my email now is like trying to access Ft. Knox for gold!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. The Add ADFS farm wizard, needs to cater to when the SQL browser service is off and also for custom SQL ports.

    The Add ADFS farm wizard, needs to cater to when the SQL browser service is off and also for custom SQL ports.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Disable admin 2-step verification

    MFA for Admin credentials in a business environment should NEVER require an admin to provide PERSONAL information in order to verify identity.

    Existing requirement is limited only to provide a Phone # (seemingly ONLY a Cell#) and a 2nd Email address (which is not related to the domain) and this has more of the appearance of data-mining rather than MFA.

    Not everybody has a company-provided cell phone. Verification call back to a PBX cannot navigate an extension. Even when having it call a direct dial number to my desk, the message is that verification was not possible.

    This is infuriating…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Is using ms authenticator app for sspr defeating the purpose of multi factor authentication?

    If MFA is enabled, I need to enter my username and password, along with using the MS Authenticator app to access O365. However, what if I forget my password? What is the authentication method here? Is it simply using MS Authenticator to gain access? If so, I've now gain access using 1 factor instead of 2.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow Access to Conditional Access in Azure Government to integrate 2FA with DUO Security

    In Azure Government, there is no feature for Conditional Access to integrate DUO 2FA. The only option available is to use Microsoft Authenticator that does not support OAUTH Tokens. A mobile phone is not allowed in all areas for push notifications.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Make the MFA option available to any type of account and access to Azure

    MFA technology today is an important security requirement and cannot be conditioned by premium products, it is ridiculous because competitors provide the option of MFA as a security solution and not conditional on using Azure AD premium, security is for all of that it is a shot in the foot or I would not feel safe in the environment that tells me I have passwords and secure security mechanisms and wants to sell me the use of MFA

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. AzureMfaNpsExtnConfigSetup.ps1 is not OS-language independent

    AzureMfaNpsExtnConfigSetup.ps1 from the "NPS Extension for Azure MFA" is not OS language independent.
    Use $networkService = New-Object System.Security.Principal.SecurityIdentifier([System.Security.Principal.WellKnownSidType]::NetworkServiceSid, $null); for getting the name of the Network Service.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. AzureMfaNpsExtnConfigSetup.ps1 is not OS-language independent

    AzureMfaNpsExtnConfigSetup.ps1 from the "NPS Extension for Azure MFA" is not OS language independent.
    Use "$networkService = New-Object System.Security.Principal.SecurityIdentifier([System.Security.Principal.WellKnownSidType]::NetworkServiceSid, $null);" for getting the name of the Network Service. The attached file does work for me.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. AzureMfaNpsExtnConfigSetup.ps1 is not OS-language independent

    AzureMfaNpsExtnConfigSetup.ps1 from the "NPS Extension for Azure MFA" is not OS language independent.
    Use "$networkService = New-Object System.Security.Principal.SecurityIdentifier([System.Security.Principal.WellKnownSidType]::NetworkServiceSid, $null);" for getting the name of the Network Service. The attached file does work for me.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Enhance MFA Fraud Alert

    The use case is around the MFA fraud alerting. Our configuration is to use the app code or push notification only. What we’ve noticed is that 9/10 times the user has hit the report fraud when their computer is requesting a refresh token and they’re not in front of the pc. If there was a way to include other information into the alert such as impossible travel or even where the session is located, that would help in our investigation process.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add a way for a special IT Admin to get MFA access to a controlled Tenant User Act.

    If an IT Admin needs to help a Tenant-User logging into a user Portal the MFA blocks access. It would be helpful in cases where the user wants the IT Admin to also be able to log into Web Access with an alternate text enabled phone to support the additional IT Admin's access. Currently the only way is to assign the Office Phone number to the IT Admin who needs to help the Tenant-User.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. HCL portal - difficult to login with mobile device, since dont have mobile phone access.

    It will be good if we can add email option with mobile device for authentication. Since it is very difficult to login where you don't have mobile access inside the premises. If we have email option we can ask for the authentication code to be send on official email and then can login. It is really very inconvenient for everyone to login into HCL portal and access imp. tabs.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Native AAD RADIUS interface for Azure MFA

    Provide a native RADIUS interface for Azure MFA. Currently Windows NPS servers are required to integrate VPN Servers with Azure MFA. It would be better to not have to deploy and manage these NPS machines just to perform this function.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Need an option to Export MFA blocked users Report

    Need an option to Export MFA blocked users Report.
    As of now there is no option to export the MFA blocked user details in the portal or powershell or though Graph.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Exclude Emergency Access account from Security Defaults

    Microsoft has done a great job by releasing security defaults, however it's lacking the ability to exclude a single emergency access account. As per https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-emergency-access one of Microsoft's best practices for Azure Active Directory (Azure AD) is to have a cloud-only emergency access account which is excluded from MFA.

    This is similar to the built-in Administrator account in traditional Active Directory, without the ability to exclude a single account most organizations without AAD P1 licensing will simply leave security defaults turned off.

    If we want fine grained exclusions or multiple emergency access accounts it would then make sense to purchase…

    28 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. 0651102147

    Ik ben altijd samen met mijn tellefoon en die geef ik niet uit handen. Ik ben de eigenaar van de IPhone XR. Ronnybryden

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Make a prompt for MFA popup on Windows 10 for Always On VPN

    We are testing MFA for Always on VPN. Whenever the conditions match to trigger Always on VPN, there needs to be a popup on Windows 10 to notify you of the MFA request. Currently Windows 10 doesn't even tell you its asking for MFA, just says verifying info.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Implement the "pick a number" model for password-based Azure MFA

    Implement the "pick a number" model for the standard (non-passwordless/phone sign-in) Azure MFA workflow. Users get in the habit of hitting approve/deny and could easily mistakenly (or be tricked into) hitting approve. The pick a number method at least requires some coordination between the person logging in and the person holding the phone.

    Should also provide additional details in the MS Authenticator app regarding the authentication attempt. Geo source of the attempt at a minimum would be helpful - similar to Apple's MFA that shows a map of the location.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enable MFA for all users

    A simple GUI experience for activating MFA for all users. From Azure Portal as well as Microsoft 365. Potentially even a wizard with organization wide authentication settings and then activation.

    Activation potentially even to be customizable to be Enabled, enforced, but even scheduled and enabled to be configured next logon in the portal only.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. MFA unblock needs to be available to a role that is not a global admin user

    Our user admins cannot be assigned a global admin role in O365. They therefore cannot see any users who are MFA blocked under: Azure Active Directory > Security > MFA > Block/unblock users

    My request to Microsoft is: PLEASE make MFA User Block/Unblocking more manageable
    Per support: As of now, Dec 16 2019, currently, only a Global Admin has rights to view this and it's stored on the MFA backend which does not connect to PowerShell in any way. This is a known issue for our Product Group as well, and there are some changes and/or additional administrative roles coming…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 17 18
  • Don't see your idea?

Feedback and Knowledge Base