Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. B2B direct federation Custom IDP support for multiple target domains

    B2B direct federation documentation mentions it is only allowed for policies where the authentication URL’s domain matches the target domain, or where the authentication URL is one of these allowed identity providers (this list is subject to change): accounts.google.com pingidentity.com login.pingone.com okta.com oktapreview.com okta-emea.com my.salesforce.com federation.exostar.com federation.exostartest.com

    I have a case where my custom IDP need to support more than one target domain. My company works with number of small member organizations who does not have IT department to implement custom IDP. we would like to support all of them. Please add this feature to custom IDP implementation.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  2. Send As Option for B2B Invite Email

    Different Admins create B2B accounts so the invite emails will have a different sender which also displays the Admin account details.

    Send As option would allow a consistent name to be displayed for all B2B invites - shared mailbox for example which also prevents privileged account E-Mail Address details from being included in the email

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  4. Assigning roles to B2B Guest Users - M365 Workloads

    The owner of a CSP (Cloud Solution Provider) subscription must be associated to a specific tenant, and we want to keep our main corporate tenant separate for security purposes. We intended to invite necessary corporate users (or partner accounts) via B2B and allocate CSP roles to them.

    This (allocation of roles to B2B users) is currently impossible due to each M365 workload (EXO, SharePoint, etc) not yet support assigning roles to B2B users.

    As a result, we may have to maintain separate identities -- possibly for each of our customer's CSP tenants -- which is highly inconvenient and can represent…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add all options to bulk user import as well

    With Guest user invitation I can set user name, group, role, job title as well, with bulk import I do not have these options.
    I especially miss the group option, since I want to add them to a group during the invitation step, so I do not have to revisit the users and assign them afterwards.
    With bulk import it actually takes more time to import users because of this.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  6. Automatically sync users from one Azure AD to Azure AD

    Hi,

    Can we have an inbuilt Azure AD functionality to sync user from one or multiple azure ad to a central Azure AD (shared tenant) so that it removes the overhead burden of creating and deleting user in central Azure AD.

    You already have the concept ready it's just you need to provide an in-house functionality. (https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/scim-graph-scenarios)

    Also the available functionality like whitelisting the complete domain in B2b is not of great help because users leaves the home tenant and we don't have any sign of it also we need additional attribute like (Phone No. / Country /…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  7. Custom userinfo endpoint for Azure AD B2B

    We need to be able to override the userinfo endpoint in the tenant's OIDC metadata file. In our case we need the userinfo endpoint to be able to return userinfo from multiple sources. The current endpoint (https://graph.microsoft.com/oidc/userinfo) naturally only returns data from Azure AD. Our custom userinfo endpoint would be an api that we develop and host ourselves, protected with Azure AD. This would allow us to stay compliant with OIDC at the same time as we would get to customize userinfo to a greater extent, and even return aggregated userdata from multiple sources (such as LOBs)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  8. Show accounts in 'Delete/block accounts not used in last 30 days'

    SecureScore does not tell you which accounts are not used in the last 30 days, and there is no way to find out. It only says "You have XX accounts that have not been used in the last 30 days."

    Please include an easy way to show which accounts are not used. The suggested Powershell script does not do the job correctly, and is not very userfriendly.

    Ideally, i would like a notification if a useraccount has been unused for xx days.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  9. View organizations where users are guest member

    Users can be guest member in different organizations. The user can view the organisions where they are guest member in https://account.activedirectory.windowsazure.com/r#/profile/organizations#organizations-section. But as a global admin I'm unable to view the guest memberships of a user in other Tenants. I would like to be able to view the organizations memberships of users and/or create an export of all users and their organizations memberships.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  10. Please reconsider removing support for redemption of invitations by creating unmanaged Azure AD accounts

    Per your Azure B2B documentation "Starting March 31, 2021, Microsoft will no longer support the redemption of invitations by creating unmanaged Azure AD accounts and tenants for B2B collaboration scenarios. In preparation, we encourage customers to opt into email one-time passcode authentication."

    This is a big issue for us because we develop SaaS applications and use this feature to create accounts for users that don't have Azure AD accounts. The passcode authentication that you recommend instead offers suboptimal user experience since access to email is required to sign in. I cannot imagine our customers being happy without option to create…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  11. Update UPN/Mail of B2B account

    Add possibility to update mail / UPN of Azure Guest account. That is required if mail of host user has been changed.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  12. If you are using federation authentication and the user doesn’t already exist in Azure AD, the user cannot be invited. In order to resolve t

    If you are using federation authentication and a user invited as guest to a tenant doesn’t already exist in Azure AD, the user cannot be invited. In order to resolve this issue, the external user’s administrator must synchronize the user’s account to Azure Active directory. The error message given the user, when the user attempts to accept the invite to the new tenant is 'an unexpected error occured'. This error message cost us a lot of time trouble shooting

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  13. Invite redemption url get

    We are able to invite new guest users into our AD Tenant using either PowerShell or Graph API. Using this approach we may choose not to send the Invitation E-Mail, in which case we would get the Invitation Redemption URL and we can send it to the "guest" in any way we choose allowing us to better control the first step of the overall invitation experience.

    The issue is that once we get the URL, we have no way to retrieve that URL back in the future. It is up to us to save that URL for future use or…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  14. I would like to restrict access Guset users who are Microsoft Account

    when I invite guest users, if he or she has both Microsoft Account and Work or School Account (has same upn), he or she can select which one user to access my tenant's resources.

    In order to strengthen a security, I would like to restrict access to Microsoft Account but Azure AD does not have this feature.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  15. Guest invitation sender email customization

    Currently when Guest user is created in Azure AD invitation is ent to guest using "invites@microsoft.com" email address and due to this sometimes guest users ignore this email as spam. Instead of @microsoft.com domain , can we use our own company domain email here?

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  16. For the user export function, I would also need the column source, especially for guest users this is a key attribute.

    For the user export function, I would also need the column source, especially for guest users this is a key attribute.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  17. Automated GuestInvites or Tenant Federation

    We got customers, that work very close with several partner tenants. Instead of the current B2B self-service invite process, they look for a solution to automatically provision, update and deprovision guests from selected tenants in their tenant.
    Currently the only solution we can deliver this feature is by leveraging Microsoft Identity Manager (MIM) and Graph API Apps to synchronize AzureAD Tenants. Thes works very well if we only integrate a few tenants.
    If we would get this functionality out-of-the box, so that e.g. Tenant X just request Tenant Y to synchronize user objects as guest. And of course after Tenant…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow guest users to configure FIDO2 passwordless authentication

    Allow guest users the ability to register FIDO2 security keys for their accounts. Currently this is only available for "Member" users but we would like to see this available for "Guest" users as well.

    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key#user-registration-and-management-of-fido2-security-keys

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  19. Aš galiu padėt bet ne visą gyvenima

    Kas nedirba mielas vaike tam ir duonos dout neteikė.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  20. Username when connecting tenants

    When 2 Azure tenants are connecting, if the external tenant users use their email to set up the account, it puts their email as the username in your tenant. Azure should update your tenant with their actual upn instead of email.

    When they goto connect they need to use thier upn to log in but that information is not shown in your tenant and so you can not help them log in. They also can not reset the password because the email that shows as their username is not a valid account in your Azure AD Users.

    This seems to…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base