Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. an additonal solution to MFA Authentication is introduced in the event that neither the Authenticator App codes or Phone contact don't work

    Recently my previous Mobile device broke & fortunately I had a back up I could simply reinstate the new device. Nevertheless, when it came to the Authenticator App, this fell miserably on it's nose. The generated codes were no longer accepted & the Mobile did not receive the Authentication message being sent when I needed to log into the Azure Portal.
    Principally I was locked out. As a one man show, I do not have additional colleagues that have global Admin rights.
    I see this could be a problem in the future when more small businesses commit themselves to operating…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Change the message text to "Use a verification code from my mobile app or hardware token"

    Currently, when users configured Azure MFA for hardware token and phone number, they can choose MFA method when signing in azure portal.
    In the Azure AD logon page, users see following options.

    -------------------------
    ・ Use a verification code from my mobile app
    ・ Text +XX XXXXXXXXX
    -------------------------

    It's not intuitive for customers to choose "Use a verification code from my mobile app" even though they are using hardware token.
    So please change the message text to "Use a verification code from my mobile app or hardware token".
    I am support professional and I am receiving unnecessary support calls from users…

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Show Sign-in info (location, client, device-type, etc) in Authenticator app

    especially for users (e.g. admins) who receive a lot of MFA signin requests via their Authenticator App (sometimes at unexpected moments), it is crucial that they can quickly verify where the authentication request originated from (detailed location info) and more details on the device (client app, device-type, etc) so the user can make an informed decision if the MFA authentication request on his phone is legitimate or not.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Change B2C default setting for MFA phone number masking.

    B2C MFA service display user phone number as "***-***-123456" by default. I feel it is unfamiliar because of inserted hyphen.

    I think it is better "+XX XXXXXXXX56" same as Azure AD MFA service does.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Combined MFA/SSPR Language support for fr-CA fallback to en-us

    Get the fr-ca localisation for the registration page
    or
    Since fr-fr exist can you fallback to fr-fr instead of en-us

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Web-mail Security

    Can we get web-mail security 2 step verification such as Authenticator Apps, SMS etc. in our web mail. It will be so much better then professional mail. Awaiting for response.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Create a migration scenario for migrating Azure MFA on-premise to Azure MFA to the cloud

    Imagine an organization of 10000 employees that uses Azure MFA on-premise and wants to migrate to the cloud. Does Microsoft really want that organization to re-enroll all their 10000 users?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow transfer of data to another device.

    It's sad that we have to disable and re-enable multifactor on all accounts when I upgrade to a new phone. There are so much services that we as humans use today and not having a easier way to transfer is heart breaking. Please consider adding this capability. I'm sure that if you have to purchase the app for this feature would not be an issue for thousands.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. MFA For windows OS

    Azure AD has a good MFA functionality, the MFA server, which works fabulously with the online apps, but as we are told in the near future it shall be made cloud based, which is even better, since the authentication protocols are LDAP and Domain, AD Azure can act as an online Active directory for authentication while the option for MFA with the authenticate with microsoft app is also there, this will increase security in the sense, the mobile app will have finger print recognition, or face recognition, and then the user shall access the MFA app, which means the MFA…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. We would like to activate MFA at our designated time.

    At present, MFA is activated at the time when the administrator enables MFA per user.
    We would like to activate MFA at the administrator's designated time. We believe that this enables us to broaden our range of operation.
    It would be great if we could, for example, control by designating the time to parameter "RememberDevicesNotIssuedBefore".

    24 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Change the information on Windows Hello for Business enrollment screen

    We would like to modify Windows Hello message to say Hello for Business message so the difference is apparent. We are currently are experiencing confusion as to which solution the user enrolls to.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Transaction step up authorization for sensitive transactions via Authenticator App

    As a bank there are a number of sensitive transactions that we expose via applications and there is a growing need to require a step up validation of the transaction using the FIDO protocol.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Require re-register MFA, it should revoke Microsoft Authenticator app, not just phone numbers.

    When revoking a users MFA sessions and requiring re-registration of MFA, AAD only removes the phone numbers from the users account. It does not remove the associated Authenticator app. There is no method to for a Global Admin to remove the Authenticator app association from the user. The only supported method is for the end user to log-in and remove it from the myprofile.microsoft.com page.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure MFA error messages more descriptive

    When try to setup a user account on MFA, Azure would not allow a mobile to be registered. After logging a call with Microsoft, they advised that there was a duplicate SMTP address. It would be handy if the error message I received, which was very generic, could be more descriptive, so that I wouldn't need to log a support call for something very minor, that was fixed very quickly.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Value of "RememberDevicesNotIssuedBefore" when MFA is enabled with Powershell command

    As MFA gets acctivated by PowerShell command, the display of "RememberDevicesNotIssuedBefore" shows like below.“0001/01/01 0:00:00”.

    So please make it display the correct date and time.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. The Combined Enhanced method for SSPR and MFA has a design flaw in that users can choose a non-MFA auth method when registering.

    If using the Combined Enhanced method, the only authentication options which should be presented to the user are options which can be used for either SSPR or MFA. Currently, any enabled SSPR method is presented as an option in the combined so if the user chooses a non-MFA auth method (eg. email or questions), they are under the impression that they are registered for MFA.
    Yes, you can try to combat that with user education or documentation but you know users....

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. 2-Factor Authentication - Individuell Issuer

    At the moment you can activate and use 2-Factor Authentication but the Issuer will always be Microsoft which will confuse you if you have different customers using office 365 with 2FA therefore the issue should be customizable. It is just the option to change the attribute „Issuer“ in the url or qr this would help a lot.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. azure MFA setup with NPS, should allows passwordless as first authentication method rather tan secondary

    azure MFA setup with NPS, should allows passwordless as first authentication method rather than secondary, we want to validate user with OTP at first level and then enter password as secondary method

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Remove MFA registration data if Guest account restored

    When an administrator restores a Guest account, any MFA registration shouldn't be restored and registration be required again.
    Restoring this data could be seen as a breach of GDPR if the guest initiates the deletion of the account and believes all their data has been removed. An administrator can restore this account and restore MFA data that may include personal phone numbers.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Make the country and mobile number that are collected in the MFA UI available in the Azure Graph User object

    When using MFA in Azure AD B2C the country and mobile number that are collected in the UI do not appear in the country and mobile fields when retrieving the user object from the Azure Graph API. If we want to collect this data, we have to use custom extensions, which is a messy duplication

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 15 16
  • Don't see your idea?

Feedback and Knowledge Base