Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make app notification and app code count towards methods required

    App notification or App code should not result in the message:
    You must enable another method to use mobile app or hardware token code

    These options should be seen as equal to other methods. Otherwise in an environment where other methods are disabled (as they are clearly less secure - such as phone call, SMS, personal email etc) one or more of these less secure methods has to be enabled as well.

    The implication of this is you cannot for example force 2 methods to be required and then select App Code and Security Questions, as you also have to…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  2. Remove account alternate email from user selector

    When a user adds an external email address as their alternate address it becomes an internal email address. So if I for instance share files to the alternate address it fails, beacuse it seems to count as an internal address. Also, if I send an email to that external address they end up in the mailbox for the user that has that address as an external email.
    Make that alternate email private on the account.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  3. Password reset Usage Insights - New tile for licensed users

    The Usage & Insights are great! But it shows a total of all accounts which is very inaccurate for the users we expect to be enrolled in MFA or SSPR. What about adding a new tile for total number of users registered out of the total number of licensed users? That would give us a much better "insight" to report to management about. We have around 900 licensed users for E3 - how about a tile for number of users registered who are actually licensed for it?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  4. Enhance Self-Service Password Reset (SSPR) security

    Recently rolled out SSPR at a client, who after which stated: when I lose my phone out of sight (e.g. gets stolen), then it's relatively easy to reset a password.

    A person with malicious intent could go to the SSPR portal, track down e-mail address and phone number (isn't that hard) and then reset the password without unlocking the stolen phone (because phone call/reading code sent by text message doesn't require unlocking).

    Additional authentication methods, like security questions and personal email addresses, are undesired, due to the fact that the first isn't a good authentication method and in case of…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  5. Make "Require users to register when signing in" possible to apply to a group instead of only on/off.

    When enabling SSPR, it is currently only possible to set if registration is required or not required. It would be useful in my tenant to be able to require registration for certain groups of people.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  6. Notification for Password Reset

    Notification for password reset came to primary and alternative user e-mail. Why the administrator receive the notification only on alternative e-mail and why only classic Global Administrators are notified? Why the PIM roles are not notified or some other e-mail which can be added?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  7. Please add clarity to Self Service Password Rest (SSPR) error messages, or allow for customization

    End users are not given clear reasons as to why their password reset failed. For example, the error message for using an invalid password and 'trying to reset the password too frequently' are the same.

    In large organizations with non-technical end users this is generating help desk ticket volume. Having more clarity in these message would help end users and reduce ticket volume.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  8. Display Company Password Policy on Azure tenant "Change Password" Page

    As of now, when user is trying to change a password via Azure Password Reset https://account.activedirectory.windowsazure.com/ChangePassword.aspx

    The user gets a very generic message stating "This password does not meet the length, complexity, age, or history requirements of your corporate password policy.".

    We would like to be able to display our current password policy in the error message, like literally every other website/login page.

    Here is an example

    The password should be at least 9 characters long

    Password should meet below criteria
    1. Password must contain lower case letters
    2. Password must contain upper case letters
    3. Password must contain numerical

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  9. Modify SSPR link

    Due to organizational password policies we are using a third-party on-premise application for this functionality. However, when users login to Office 365 they are presented with the Azure SSPR link, please provide a method for an organization to change this link for non-onmicrosoft.com accounts or hide the link all together.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow additional options other than Microsoft Authenticator app in Combined MFA/SSPR Registration Experience

    The new combined MFA/SSPR registration experience is a big improvement over the former process. Based on feedback from our admins and users, we would like to suggest the following:


    1. Our organization does not wish to use Email or Security questions as our primary use case is MFA registration. With these options turned off, when users go through the registration process their only option is to setup the authenticator application (see screenshot). It would be great if all our users could use the authenticator app, but it's not possible. We would like the authenticator app to be presented by default but…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  11. non posso scaricare app perchè il mio cellulare non è smartphone e non lo consente quindi resto con la password

    non posso scaricare app perchè il mio cellulare non è smartphone e non lo consente quindi resto con la password

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  12. Password strength meter

    Need a password strength meter or some kind of feedback at the create a new password form (non B2C)
    I asked about this at Ignite also. I understand we don't want to put the complexity policy out there and that password protection is going to make that 'fuzzy' anyway but we need a strength (or quality?) meter. It could check policy as well as the password protection mechanism and let the user know when they have a password that is strong enough (red yellow green) without letting them know the actual policy. Any feedback at that form is better than…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  13. Additional notification settings "Notify manager on password resets"

    Currently there are 2 notification settings on SSPR: [Notify users on password resets] and [Notify all admins when other admins reset their passwords].

    Could you add "Notify manager on password resets" so that user's manager is notified when the user reset his/her password?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  14. Password Reset not sending code

    Password Reset not sending code if it is requested by phone, only if you add a number 1 in front of the number, I tried two times without it and never got a code, once I added it I got it.
    Please add a note right next to the input field for the phone number stating that the number one is needed.
    Thanks.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  15. SSPR should prevent the use of previous historic passwords used on the account for “X” times (as is standard for on-premise systems)

    Office 365 tenant is a managed domain with all cloud based accounts. Users within the tenant tend to register on private company websites (fitness trackers, consumer purchases, etc.) using their enterprise email address from the tenant. Some of the public company sites get compromised and expose their passwords in clear text, which are then sold on the black market. When those Office 365 accounts are identified as “compromised”, meaning an attacker logs in using the login ID and password from the exposed site the tenant administrator resets those affected passwords to random passwords. The users do not know the password…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow setting the number of authentication methods a user is required to add during interrupted registration

    Currently the wizard only guides the user to setup up a max of 2 authentication methods. Please make that configurable so you can guide the user to setup all methods instead of having them manually go back into the portal and setup a 3rd or 4th.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enable SSPR on a Windows 10 device that is not Azure AD joined or Hybrid Azure AD joined.

    Due to technical limitations, we’re unable to Azure AD join or implement a Hybrid Azure AD join on our Windows 10 devices. It would be great if Windows 10 had the ability to launch a secure Web browser session to a backend portal (https://aka.ms/sspr) from the Windows 10 login screen “Reset Password” or “Forgot Password” link without the Azure AD joined or Hybrid Azure AD joined requirement.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  18. Unlock account from SSPR without resetting password

    Allow users to unlock their account without them having to reset their password.

    In our organisation, accounts get locked out due to various other reasons and not just because of forgotten password. Option to unlock account should be provided to users who remember their password by asking them for their password, if they choose to just unlock their account.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  19. Can change method

    Hello,

    We find a problem with SSPR.
    In our first test we authorize :
    -Mobile app code
    -Mobile app notification
    -Email
    -Mobile Phone
    -Office Phone

    We required 2 methods for reset.
    Until there no problem.
    We made some test and it works.
    But we ask us to desactivate the Mail method and add security questions as a valid method.

    We did it.

    For someone that don't have register yet, no problem, but for someone that had already register we have a problem.
    He can't add questions method.
    We test with the preview version of SSPR registration:
    https://docs.microsoft.com/fr-fr/azure/active-directory/authentication/howto-registration-mfa-sspr-combined

    We can delete…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  20. Publish an API to get the remaining number of days before a specific user will be asked to reconfirm his/her authentication information.

    The idea is to publish an API to get the remaining number of days before a specific user will be asked to reconfirm his/her authentication information.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base