Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  2. AzureAD Connect Health Delegation of Authority for Active Directory Domain Services

    Right now we delegate out access to our various forests to our directory team. To do so, we have to go into each forest and set up contributor access.
    However, there's some issues with how it is done.
    +Ideally you'd be able to delegate all of the Domain Services Health section, I don't think that's possible today.
    +On the granting of access, there are two sections that seem to perform the same function, but only one works. Why have both, can we get these merged?

    Example:
    - Azure Active Directory Connect Health | AD DS services | Domain | Settings…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  3. Can not register Azure Active Directory Connect Health Agent

    I can not register Azure Active Directory Connect Health Agent. Everytime i run Register-AzureADConnectHealthSyncAgent -AttributeFiltering $false -StagingMode $false it says "Agent registration completed with error(s)."
    All 3 connectivity tests are successful but in the logfile is see the following error: ERROR: 2020-08-06 11:10:15.749 [DiscoverAndOverrideEndpoints]:Null/Empty AdalAuthority
    System.InvalidOperationException: Null/Empty AdalAuthority2020-08-06 11:10:15.89 AHealthServiceUri (ARM): https://management.azure.com/providers/Microsoft.ADHybridHealthService/

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  4. Microsoft.adhybridhealthservice/services/read

    Assign permissions to grant lower-level roles to drill into and resolve sync conflicts. Appears to be the permission below, but the custom role UI doesn't find it available to add.

    Microsoft.adhybridhealthservice/services/read

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  5. Don't wipe out performance counters when upgrading AD Connect

    My latest upgrade of AD Connect wiped out my performance counters

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  6. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  7. Can you please maintain the history page for AAD Connect Health Agent

    It appear a new version of the AAD Connect Health Agent for Domain Controllers has been released but the page https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-health-version-history does not reflect it (last update July 2019)
    Please maintain ALL version history pages; this is important

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  8. We get alerts from adfs about IP addresses that exceeded threshold of failed password logins. Please include the user account(s) that apply

    We get alerts from adfs about IP addresses that exceeded threshold of failed password logins.

    The problem is when we try to correlate them to the 50 most user password events from adfs connect health, the ip is often not listed.

    Please include the user account(s) that apply along with the risk ip.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  9. add information concerning claims provider used in ADFS

    Reports of Azure AD Connect Health for ADFS allows us to have a nice breakdown of the application (relying party trust) used.

    In a scenario involving ADFS Federation (one main ADFS with applications and multipe ADFS per domain - claims provider -), it would be intresting to have a break down of the claims provider used:
    * application used by claims provider
    * total sign ins per claims provider

    Other metric can be ensivionned naturally

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  10. Delay before alert triggered when ad connect server is offline.

    If I shutdown my ad connect server and sync is stopped, after how long should an alert be triggered? I configured email notification and wanted to trigger an alert by shutting down my on prem ad connect server but after more than 7 hours still no alert nor email....

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow a full breakdown of usage analytics for application visits

    Currently in Azure Active Directory Connect Health - AD FS services, usage analytics for application visits only show the first 20 applications, and the rest are categorized under "Other". There should be a way to view usage analytics for ALL applications - presumably they're being captured, but currently there's just now way to view them.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  12. Magnitude Bad Password Attempts

    Will be great if AD FS Health Services report if magnitude od bad passwords at overall will be greater then before, it will generate separate alert. For example now the standard bad password count is 1 000, if now it is 10 000, generate report we are under attack.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  13. Synchronisationsfehler

    die beiden User mit doppelten Attributen anzeigen mit Auswahlfeld welcher Eintrag erhalten bleiben soll....

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  14. Totally indeed to cancel any sync. Windows AD azure With my windows AD on premise

    I have installed Ms windows azure sync. Connect on my premise AD
    After that sync. Did troubles with users on O365
    Microsoft teams help us and successfully did stop synching but still error came to my email.
    And I can't change any users attributes on o365
    Azure AD because kind of sync. Still connect.
    I need help from Microsoft active directory administrator. Thanks

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  15. Why can't I get a Azure AD Connect sync error out of the alerts? It was generated last year!

    There is a Existing Admin Role Conflict error in the sync errors that has been fixed in the on premise AD, but it won't go away and sends me an email every day. The original error was from 2018! How can I delete it?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  16. No se actualizan las cuentas hacia AD FS

    Señores, desde ayer no llegan actualizaciones desde nuestro AD hacia el AD FS. El servicio corre en la VM con el servicio y se ejecuta sin problemas , sin embargo no llegan los usuarios nuevos creados en nuestro AD.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  17. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  18. AAD Connect switch staging mode without global admin permission

    The number of global admins should be kept low.

    In order to allow operation teams to switch services in case of failure, the need to do this with the Global Admin permission should be removed.

    As a service provider we have problems to comply with SLAs because the customer only approves Global Admin authorization temporarily on request. In a 24/7 fault situation, this can not be secured.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  19. Would like to have an alert notification within Azure AD Connect Health when group membership exceeds 50,000

    Would like to have a DCR (Design Change Request) entered in for an alert creation within Azure Active Directory (AAD) Connect Health that would send an alert when more than the default of 50,000 users is exceeded and the syncing stops occurring. Currently there is the limitation of 50,000 and would like to see an alert within the AD Connect Health Dashboard as right now the alerts are hard to navigate as by a default they are all the way positioned at the bottom of the FIM logs. Thank you.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  20. Revise licensing requirements for initial registered agents

    The current licensing system requires 25 AAD Premium licenses for each additional registered agent beyond the first (i.e. 26 licenses for 2 agents, 51 licenses for 3 agents, etc ...). That's a shame as it makes it impossible for smaller businesses to get even close to full coverage of their relevant infrastructure.

    For example, assume a best practices infrastructure with:
    - 2 x Domain Controllers
    - 2 x AD Federation Servers (installed on DCs)
    - 1 x AAD Connect server
    - 1 x AD FS Web Application Proxy (on AAD Connect server)

    That's 3 Windows servers with two DCs &…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base