Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Provide "Sign-Up" User Flow

    Related issues have opened and closed and/or been worked-around via custom policies. But in adherence to Microsoft’s own sensible recommendation to stick w/ canned B2C User Flows…

    Use Case: SaaS client wants to present end-users w/ a landing page that has 2 discreet panels.

    • Panel 1: “New to Our Community? Register for Free!”

    • Panel 2: “Already a Member? Sign in Here!”

    That requires mutually exclusive end-user journeys. How is the combination of both sign-up and sign-in available out-of-the-box, but not separately? Yes, there are ways to hack this and I’m settling for the least bad one for now.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Adjust Azure AD Sign in prompts so it reduces ability for account enumerations

    The sign in prompts for Azure AD provide attackers the ability to perform account enumeration. They provide for the enumeration of both username and passwords.

    When you enter a bad username you get a response of "The username may be incorrect. Enter a different one or create a new one".

    This alerts an attacker that the username was incorrect. If they then put in a valid username, it then prompts for a password.

    We are asking for this to be changed to provide a more generic response so that an attacker is not aware if there are entering proper credentials…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. by making it register the ip adress ******** it

    aucun service ne demande en répétition une validation d'identité. Je clear mes cookie à chaque fois que je ferme mon internet. Si vous vous fiez sur les cookie ce n'Est pas une bonne façon. C'est l'Adresse ip et autre numéro permanent qui doivent être utilisé. je parle de la validation par téléphone.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Azure AD SSO with SAML2.0 should support the Relay State parameter

    SP-initiated SSO is working fine, but we're interested in doing IDP-initiated SSO with a RelayState. Our goal is to provide a seamless SSO experience for the user so that they can SSO from our application directly into an Azure component (Azure Synapse, Azure Data Factory, etc.) without having to first enter their UPN on the Azure AD login page. This feature is supported in AD, but not Azure AD.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. An ideal solution for Office 365 Mailbox Migration

    Many organizations around the world are getting benefited from Microsoft Office 365 services. This cloud-based email solution has enabled businesses with the utmost productivity. Often the need arises for Office 365 to Office 365 migration. For this, essential Office 365 mailbox / documents need to be migrated. As Office 365 related processes are complex, most users do not know how to migrate mailbox from one Office 365 account to another one. This issue will be resolved now with EdbMails Office 365 mailboxes migration.

    EdbMails Office 365 Migration has the ability to migrate emails, calendars, contacts, and tasks of one Office…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Group Claim Adjustment

    adjust SSO SAML Application AD claims to allow adding group Claim to send specific AD groups not assigned to application ( EX : we need to send in Group Claim All AD groups started with " vf-organzation name-group "

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Group Claim Adjustment

    adjust SSO SAML Application AD claims to allow adding group Claim to send specific AD groups not assigned to application ( EX : we need to send in Group Claim All AD groups started with " vf-organzation name-group "

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Group Claim Adjustment

    adjust SSO SAML Application AD claims to allow adding group Claim to send specific AD groups not assigned to application ( EX : we need to send in Group Claim All AD groups started with " vf-organzation name-group "

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. ******** WITH YOUR DUMB **** AUTHENTICATIONS!

    its a pain in the , and as a grown adult I should be able to allow to steal my identity if I want.
    Its a
    of a thing for me to have to double sign in literally every time I want to access something!?
    I despise that other
    are too stupid to realise how easy it is to NOT use microsoft products, would be a great world if you lot just upped and died.
    Edit Even that
    ? dead if you * put half your brain power into making the world a better place instead of putting more **…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Date dependent Company Branding Theme

    What I am thinking is date dependent Company Branding. During summer, a summer theme. When we welcome new students, a theme that reflects this. During winter, the Northen light, snow...

    Others can use this during events, changes in the company profile, etc. Or simply, you just want to change the background picture on a regular basis. I think there is a lot of use cases.

    One profile can be marked as default, while others runs from a specific date and ends at a specific date.

    Just for the example: 01. september 2021 to 30. september 2021 - Students welcome theme.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. OpenID Connect should always return email claim if requested

    The OpenID Connect implementation of Azure AD is not compliant with the spec and should be fixed. If the RP requests the email or profile scopes and the user gives permission, the id token must include an email claim.

    It appears that for some users, even if you add the optional claims for email, you do not get an email claim back. This is unacceptable. There is only one email address that any OIDC login would expect to get back and that is the email address they have just used to login, since that is the authenticated identity.

    The fact…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. I can't login to Agresso if can someone help me please

    could anyone, please help to connect to Agresso. I can't get access. ASAP

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Validate signed SAML AuthnRequest

    Azure AD does not validate signed SAML authentication requests if a signature is present. Requestor verification is provided for by only responding to registered Assertion Consumer Service URLs.

    Is this secure? The auth response is sent back via the user's browser (presumably using a redirect?) - if this is correct then is it not possible for a compromised user agent (browser) to modify the redirect to point to another SP url?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure AD and managed identity support for on-premise SQL server

    Would be great to have AAD and Managed Identity support for On-premise SQL server

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. I did not answer the phone on time for the authentication.

    I did not answer the phone on time. How do I activate the phone to call me again?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. it just sux

    how about you actually send the bloody text! and while your at it, if on the same device, like a phone, when switch apps to get the code from text, don't lock the verify screen so it doesn't show up from the active apps list. blank screen is bloody useless.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enter the name of the application

    As many of the alert windows popunder another active window, it would be helpful that when a code is issued it is prefaced or otherwise noted with the name of the application that the code is for. eg "OUTLOOK: Use verification code xxxxx for Microsoft authentication."

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. FIX YOUR PROGRAM - IT IS BROKEN

    When you try to register your account on the Microsoft Authentication App on Android, you are required to put in your email, your password, AND THEN AN AUTHETICATION NUMBER THAT YOU CANNOT GET BECAUSE YOU CAN'T SIGN IN TO THE APP TO GET THE AUTHENTICATION CODE. This needs to be fixed. I've wasted THREE DAYS trying to get help fixing this. Your agents log into my computer and say, 'yes, that's a problem'. I've been on hold HOURS and on text messages HOURS. I've been promised phone calls back from the team to help me and THEY NEVER CALL BACK.…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 25 26
  • Don't see your idea?

Feedback and Knowledge Base