Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
451123828@ minia3.moe
نسيت كلمة السر
1 vote -
Hide BitLocker key from the users
Bitlocker encryption keys are found on laptops running windows on https://myaccount.microsoft.com/device-list. These can be abused either by an attacker with access to the machine, or by the final user since it has everyone read permissions on icacls. Furthermore a privilege escalation is possible by reconecting the disk to another computer and change files in order to achieve persistance and higher privileges, since the final user has is bitlocker keys, he can decrypt and see/change other files in another computer.
Details:
A machine that does not encrypt the Windows partition and allows booting from CD, USB or a pre-boot…
1 vote -
sagartravel35@gmail.com
Sagar Roy
1 vote -
One-time passcode authentication for B2B guest users - Is it possible to reduce user session expiry time from 24 hours
While reviewing the public preview feature of One-time passcode authentication for guest users, it was observed that the guest user session expires only after 24 hours. This seems to be a longer window and we will prefer to have the user session time to be something like 8 or 9 hours. The guests will be signing in from their environment and we don't know how secure their environment is and how secure is the email account that they are using. Leaving the user session open for 24 hours seem to be risky and we will prefer to have an option…
1 vote -
Reset my guest account - to fix post migration lost B2B access
URL in AAD where a user can reset their guest account access. We've just gone through a tenant migration and the manual nature of the reset process is painful. It's basically a Delete and Re-invite process to the same e-mail address that is already in AAD.
1 vote -
Proper error-code and messages in the Invite redemption failed page
We use the Graph API to register users, send Invite link to user. User opens the link, grants permission to application to access the data, and from then on user will be able to access our application using the Azure Single Sign-on.
Currently, while signing-up(opening the Invite link), in case of any problem, it shows a Request ID, Co-relation ID, and Timestamp.
It would be better if an error message and error code too can be displayed in this page. This would be really helpful for us. As of now we need to reach out the Azure support team for…1 vote -
Cross tenant support for managed identity
Please add support for cross tenant use of managed identities. Reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/known-issues#can-i-use-a-managed-identity-to-access-a-resource-in-a-different-directorytenant
8 votesThank you for reaching out to feedback suggestion forum. Please share more information around your scenario/use-case, end goal, what type of tenants/directories etc. this will help us to understand need and design this integration.
-
Delegated admin not compatible with B2B
It would be great to make compatible delegated administration privileges with B2B, as this affects B2B collaborations when external users tried to gain access to Access Packages in Azure AD - Entitlement management.
0 votes -
Երեմ Սամսոնյան
ԱԲ315933
0 votes -
OTP: Allow a guest and a contact with same email address
Guest Account is not able to sign-in with OTP if an Exchange online contact exists with the same email address and the guest tries to sign-in to the my apps portal.
Error “AADSTS50020
If the guest use the link from the invitation he received by email, there is no issue.1 vote -
Force OTP method for B2B for certain organisation to mitigate double MFA
The OTP method in preview works well. We want to avoid the heaviness of B2B with MFA setup where OTP to a trusted domain is sufficient given they have their own MFA etc. (perhaps not available to gmail/msa accounts.)
1 vote -
1 vote
-
Allow Guest users to change their MFA
Guest (B2B) users should be able to reset/change their MFA options. Currently when a guest user gets a new phone, they have no way to fix the Authenticator app. Currently Guest can only try and find a contact at the tenant org and have them reach out to IT in order to reset. This is very confusing for all users.
10 votes -
Add B2B collaboration and Guest Access for GCC-H
Please add the ability for GCC-H users to add Guests into Microsoft Teams or provide a way to add them into Azure AD as organizational Guests in GCC-H. This capability was a selling point while using the commercial version, but now we are trying to work around this issue. Please implement this feature as soon as possible.
2 votes -
B2B direct federation Custom IDP support for multiple target domains
B2B direct federation documentation mentions it is only allowed for policies where the authentication URL’s domain matches the target domain, or where the authentication URL is one of these allowed identity providers (this list is subject to change): accounts.google.com pingidentity.com login.pingone.com okta.com oktapreview.com okta-emea.com my.salesforce.com federation.exostar.com federation.exostartest.com
I have a case where my custom IDP need to support more than one target domain. My company works with number of small member organizations who does not have IT department to implement custom IDP. we would like to support all of them. Please add this feature to custom IDP implementation.
6 votes -
Send As Option for B2B Invite Email
Different Admins create B2B accounts so the invite emails will have a different sender which also displays the Admin account details.
Send As option would allow a consistent name to be displayed for all B2B invites - shared mailbox for example which also prevents privileged account E-Mail Address details from being included in the email
2 votes -
Azure AD B2B Federation Yahoo
Add built-in B2B Federation with Yahoo, matching solution for Google/GMail and Facebook.
https://docs.microsoft.com/en-us/azure/active-directory/b2b/google-federation
https://developer.yahoo.com/oauth2/guide/openidconnect/gettingstarted.html#getting-started-auth-code
1 vote -
Assigning roles to B2B Guest Users - M365 Workloads
The owner of a CSP (Cloud Solution Provider) subscription must be associated to a specific tenant, and we want to keep our main corporate tenant separate for security purposes. We intended to invite necessary corporate users (or partner accounts) via B2B and allocate CSP roles to them.
This (allocation of roles to B2B users) is currently impossible due to each M365 workload (EXO, SharePoint, etc) not yet support assigning roles to B2B users.
As a result, we may have to maintain separate identities -- possibly for each of our customer's CSP tenants -- which is highly inconvenient and can represent…
2 votes -
Add all options to bulk user import as well
With Guest user invitation I can set user name, group, role, job title as well, with bulk import I do not have these options.
I especially miss the group option, since I want to add them to a group during the invitation step, so I do not have to revisit the users and assign them afterwards.
With bulk import it actually takes more time to import users because of this.1 vote -
Automatically sync users from one Azure AD to Azure AD
Hi,
Can we have an inbuilt Azure AD functionality to sync user from one or multiple azure ad to a central Azure AD (shared tenant) so that it removes the overhead burden of creating and deleting user in central Azure AD.
You already have the concept ready it's just you need to provide an in-house functionality. (https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/scim-graph-scenarios)
Also the available functionality like whitelisting the complete domain in B2b is not of great help because users leaves the home tenant and we don't have any sign of it also we need additional attribute like (Phone No. / Country /…
1 vote
- Don't see your idea?