Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support for accessing SharePoint onprem files through Application Proxy from Android and IOS Office Apps

    Problem:
    - Access are blocked (You cannot open the document) when Approved Client App is a requirement in the CA policy (You cannot get there from here message)
    - After trying to authenticate (and being blocked) the Office app needs to be restarted to be responsive again.

    Possible solutions:
    - rewrite the authentication flow to use the auth token saved on the device - instead of trying to reauthenticate with webkit browser
    - use Edge browser inside the apps to reauthenticate
    - Treat webkit as an approved app when inside an office app

    Since all the users recent documents are…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow Dynamics 365 Sales as Cloud app in Conditional Access Policy

    Please implement so we can select in conditional access policies under "Cloud App" also "Dynamics 365 Customer Engagement " / CRM / Sales module.
    Also for Business Central ...

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enable one Trusted Network Location for SMB customers using Security Defaults

    Most folks familiar with security best practices know that enabling MFA is one of the best ways to keep our credentials and tenants safe. However, for many organizations in the SMB space it is extremely challenging to enforce MFA across all accounts when not all of their staff have a smartphone, are not allowed to use a phone at work, or the employer is not able to require employees to utilize a personal phone for work purposes. It's also fairly simple to understand that a phone call to an office with a single phone number doesn't work well for MFA…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. CA "App Protection Policy" Throws Error during contact

    When "App Protection Policy" (PREVIEW) is used in combination with "Require Approved Client App" then the user receives an error message the first time they use the Outlook mobile app on Android to connect to Exchange Online, that their app is not compliant. Then the second time, it works but its that first error message that generates lots of helpdesk calls because users don't know they are supposed to try again a second time.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Conditional Access for Time Series Insights

    We wish for the possibility to set a Conditional Access for Time Series Insights.
    Currently, we set Conditional Access (with MFA) for the Management API, which affects login to Time Series Insights, which we do not want.
    Management API should not affect Time Series Insights and vice versa in Conditional Access.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add guest role excepions to the end user protection baseline policiy

    First of all: having those baseline policies at no cost is brilliant and will definitely help organisations that start into M365.
    The end user protection baseline policy is also great, since it balances security with usability (require MFA based on risk, not as default).

    BUT: since there are no exceptions to the policies, the end user protection baseline policy also applies to guest accounts, so guests need to register for MFA when accessing a shared document. This reduces usability. Also, for a guest account the risk status comes from the external tenant (of the guest account), which may be a…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. using AAD conditional access to manage some azure resource

    can we add the azure resource to the enterprise application? so that they can be managed by the Azure AD conditional access: such as

    Azure Machine learning service, Azure data factory service and storage account, etc

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Block only Azure Portal using Conditional Access not the all management endpoints

    We created conditional access policy to block sign-in to Azure management portal, and we are getting reports from users that are accessing Visual Studio subscriptions administrator portal that they are getting the error "Your sign-in was successful but you don't have permission to access this resource."? How can block sign in to https://portal.azure.com only? I don't want to block sign in to Visual Studio subscriptions administrator portal

    We have a use case, where we want to block sign in to the Azure portal for All users except a group of users. And there are few users to whom we want…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. MFA Setup as app in Conditional Access

    MFA Setup should be an app in Conditional Access so that admins can decide the rules for how MFA should be registered. As an example, the admin could decide that MFA registration should only be allowed from spesific on-prem infrastructure or from Intune/AAD enrolled devices.

    This would mitigate a few threat scenarios that are currently possible.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Feedback for the Conditional Access policy team.

    Currently in Conditional Access policy > in Cloud Apps or Actions menu... for example, if I want to block OneDrive for Business access for a certain group of users, I had to select SharePoint Online as the cloud app... which also blocks access to various other cloud apps: Teams, OneNote, etc. If the cloud app selection option can be granular as the App Protection Policy menu that would be very helpful.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Shortcut to Azure AD audit logs from Conditional Access blade

    Please add a easy to use shortcut that jumps to Azure AD Audit logs blade and list all the policy changes for the last 30 days.

    It will make life a bit easier for IT administrators and provide an easy understandable way to find the changes made.

    /Peter Selch Dahl

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow Conditional Access Policy based on the used App

    Allow definitions based on the used app.
    Example:
    Exchange Online can be accessed either by Microsoft Outlook if you have a compliant device or
    Exchange Online can be accessed by a sandbox Mailclient (e.g. SecurePIM/BlackBerry) without compliant device but with MFA.

    Today only the backend (exchange online) can be chosen.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Set conditional access to a specific instance of Dynamics 365

    Within CA, you can use Conditional Access to restrict access to Dynamics 365 generally. However, it would be more beneficial if you restrict access to Dynamics 365 instances/environments.

    The main reason for this is because once a CA policy is enabled for Dynamics 365, you cannot perform a build within DevOps, so the workaround is for the policy to be temporarily disabled. (user or app exclusions do not work in this scenario)

    If the policy is set per environment, this reduces the risk to any production environments when CA is disabled.

    Furthermore,organisations may have different CRM solutions for different business…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. fastest and safest way to buy wow gold with Half Price from wowclassicgp Till Nov.4

    The lesson to be learned from this is that a censorship and certification cheapest wow classic gold system must reflect reality, or it risks becoming meaningless. I am an adult gamer (32 years old) and I have played many MA rated games that I think should definitely have been rated R there is no way a twelve year old should be allowed to play Quake 4, Kingpin, or the Grand Theft Auto series. Rating these games MA leaves them to parental discretion, while an R rating would state quite plainly "This game must not be played by children"..
    The World's…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Conditional Access View - Unprotected Application

    Please create a view within Azure Active Directory\Conditional Access that shows all applications that do not have a CA Rule applied. Currently you have to click into each application separately to view if there is a CA Rule applied to that app.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Conditional Access policy for Azure AD Powershell

    As of today, as a normal user in Azure AD can connect to Azure AD Powershell module using Connect-AzureAD and run the commands such as get-azureaduser | fl and dump all the users in Azure AD. This facility should be available only for the admins not for normal users. Hence we need a way to invoke conditional access through Azure AD conditional access policy to block someone connecting to this endpoint.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Visualization

    Graphic visualization for conditional access

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Baseline Policy: End user protection

    I realize that this conditional access policy is still in preview. Currently it only seems to allow the Microsoft authenticator app as the mfa method. However the description of the policy says it is the default method, not the only method. I suggest either changing the description to only, or enabling other authentication methods.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Conditional Access default block

    Make it possible to have Conditional Access block everything by default, and then you need to open up for access instead of everything being granted access if you don't configure anything.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. User sign-in frequency is way too coarse

    We have a need for to always enforce MFA when accessing an Enterprise app. (make sure nobody is making use of a left-alone computer with an unlocked screen). Therefore, instead of hours/days for sign-in frequency we would like to have a checkbox 'always have user sign in'

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 10 11
  • Don't see your idea?

Feedback and Knowledge Base