Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Microsoft.adhybridhealthservice/services/read

    Assign permissions to grant lower-level roles to drill into and resolve sync conflicts. Appears to be the permission below, but the custom role UI doesn't find it available to add.

    Microsoft.adhybridhealthservice/services/read

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  2. Don't wipe out performance counters when upgrading AD Connect

    My latest upgrade of AD Connect wiped out my performance counters

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  4. Can you please maintain the history page for AAD Connect Health Agent

    It appear a new version of the AAD Connect Health Agent for Domain Controllers has been released but the page https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-health-version-history does not reflect it (last update July 2019)
    Please maintain ALL version history pages; this is important

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  5. We get alerts from adfs about IP addresses that exceeded threshold of failed password logins. Please include the user account(s) that apply

    We get alerts from adfs about IP addresses that exceeded threshold of failed password logins.

    The problem is when we try to correlate them to the 50 most user password events from adfs connect health, the ip is often not listed.

    Please include the user account(s) that apply along with the risk ip.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  6. add information concerning claims provider used in ADFS

    Reports of Azure AD Connect Health for ADFS allows us to have a nice breakdown of the application (relying party trust) used.

    In a scenario involving ADFS Federation (one main ADFS with applications and multipe ADFS per domain - claims provider -), it would be intresting to have a break down of the claims provider used:
    * application used by claims provider
    * total sign ins per claims provider

    Other metric can be ensivionned naturally

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  7. Delay before alert triggered when ad connect server is offline.

    If I shutdown my ad connect server and sync is stopped, after how long should an alert be triggered? I configured email notification and wanted to trigger an alert by shutting down my on prem ad connect server but after more than 7 hours still no alert nor email....

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow a full breakdown of usage analytics for application visits

    Currently in Azure Active Directory Connect Health - AD FS services, usage analytics for application visits only show the first 20 applications, and the rest are categorized under "Other". There should be a way to view usage analytics for ALL applications - presumably they're being captured, but currently there's just now way to view them.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  9. Magnitude Bad Password Attempts

    Will be great if AD FS Health Services report if magnitude od bad passwords at overall will be greater then before, it will generate separate alert. For example now the standard bad password count is 1 000, if now it is 10 000, generate report we are under attack.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  10. Synchronisationsfehler

    die beiden User mit doppelten Attributen anzeigen mit Auswahlfeld welcher Eintrag erhalten bleiben soll....

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  11. Totally indeed to cancel any sync. Windows AD azure With my windows AD on premise

    I have installed Ms windows azure sync. Connect on my premise AD
    After that sync. Did troubles with users on O365
    Microsoft teams help us and successfully did stop synching but still error came to my email.
    And I can't change any users attributes on o365
    Azure AD because kind of sync. Still connect.
    I need help from Microsoft active directory administrator. Thanks

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  12. Why can't I get a Azure AD Connect sync error out of the alerts? It was generated last year!

    There is a Existing Admin Role Conflict error in the sync errors that has been fixed in the on premise AD, but it won't go away and sends me an email every day. The original error was from 2018! How can I delete it?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  13. No se actualizan las cuentas hacia AD FS

    Señores, desde ayer no llegan actualizaciones desde nuestro AD hacia el AD FS. El servicio corre en la VM con el servicio y se ejecuta sin problemas , sin embargo no llegan los usuarios nuevos creados en nuestro AD.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  14. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  15. AAD Connect switch staging mode without global admin permission

    The number of global admins should be kept low.

    In order to allow operation teams to switch services in case of failure, the need to do this with the Global Admin permission should be removed.

    As a service provider we have problems to comply with SLAs because the customer only approves Global Admin authorization temporarily on request. In a 24/7 fault situation, this can not be secured.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  16. Would like to have an alert notification within Azure AD Connect Health when group membership exceeds 50,000

    Would like to have a DCR (Design Change Request) entered in for an alert creation within Azure Active Directory (AAD) Connect Health that would send an alert when more than the default of 50,000 users is exceeded and the syncing stops occurring. Currently there is the limitation of 50,000 and would like to see an alert within the AD Connect Health Dashboard as right now the alerts are hard to navigate as by a default they are all the way positioned at the bottom of the FIM logs. Thank you.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  17. Revise licensing requirements for initial registered agents

    The current licensing system requires 25 AAD Premium licenses for each additional registered agent beyond the first (i.e. 26 licenses for 2 agents, 51 licenses for 3 agents, etc ...). That's a shame as it makes it impossible for smaller businesses to get even close to full coverage of their relevant infrastructure.

    For example, assume a best practices infrastructure with:
    - 2 x Domain Controllers
    - 2 x AD Federation Servers (installed on DCs)
    - 1 x AAD Connect server
    - 1 x AD FS Web Application Proxy (on AAD Connect server)

    That's 3 Windows servers with two DCs &…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  18. Relaying party utilization report

    AD connect health should provide some kind of a report which can tell who are the users trying to authenticate externally or internally per relying party in ADFS.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  19. Azure AD Connect Health agent data

    Hi, I'm currently looking at implementing Azure AD Connect Health on our AD DS, AD FS, WAP and Azure AD Connect sync servers. We have offices in German and when anything is implemented the German Workers Council have to agree it. We are being asked what actual data is being sent by the on-premises agents to Azure AD Connect Health. I don't see this level of information in the Microsoft Online documentation, but I would have thought that we are not the first to ask this question. Do you have details that can be shared and also I think it…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  20. Issue with Azure AD Connect Health AD DS agent - Ports exhaustion

    We ran into an issue where all the RPC ports on few of our Production DC's got exhausted by this agent and resulted in replication failure. See below netstat output:

    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55151 10.153.6.10:389 CLOSEWAIT 5860
    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55157 10.155.32.13:389 CLOSE
    WAIT 5860
    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55164 10.153.6.10:389 CLOSEWAIT 5860
    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55167 57.12.150.90:389 CLOSE
    WAIT 5860
    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55172 10.155.44.8:389 CLOSEWAIT 5860
    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55173 10.153.6.10:389 CLOSE
    WAIT 5860

    Log Name: System
    Source: Tcpip
    Date: 06/07/2019 05:00:21
    Event ID: 4231
    Task Category: None
    Level: Warning
    Keywords: Classic
    User: N/A
    Computer: DXBEGDC26PV.corp.emirates.com
    Description:
    A request to allocate an…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base