Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Update Password Protection To PowerShell 7

    Update Azure Active Directory Password Protection for Windows Server agent to support PowerShell 7 during agent registration. Currently it only supports PowerShell 5.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Most of the security questions for Password Recovery I don't know the answer to. Please consider a feature where I put my own questions in.

    Rather than you provide questions that don't have relevance such as "What is your youngest siblings middle name?" or "In what city was your mother born?", how about allowing me to create my own challenge questions.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow the 'Users at risk detected' and 'Weekly Digest' emails to be sent to EXO Contacts or specified external addresses

    As a service provider, a number of our customers consume managed AAD IP and we want to be able to receive these emails in to our SDM solution.

    I am sure we could write some custom integration but it'd be super helpful if we could just use the standard UI to configure where the user notifications and weekly digest report are sent to without there needing to be an additional licensed user account in the tenant to forward them on.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Por favor eliminar este requerimiento de verificación. Me está quitando tiempo cada vez que deseo hacer algo con mi computador.

    Por favor eliminar esta condición de verificación. Llevo trabajando años con el computador de manera tranquile, pero a partir de hoy me está pidiendo verificación para cada acción a realizar.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Failed Risky Sign-ins that are not our users

    Where a Risky Sign-in is a failed attempt by a third party to compromise one of our users, admins should have more options to indicate this to Microsoft. The user is not compromised, but those login attempts are not "safe." Another has suggested we be permitted to drop traffic from those IP addresses; other options might be to flag the IP as a potential attack vector, blacklist the IP from connecting to our tenant, or to force any connection from that IP to use MFA.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Risky exclude

    Risky sign-ins are good, when they aren't false positives caused by end users on holidays using VPN. No way of disabling risky sign-ins monitoring on them.

    This should however be possible. How awesome would it be if you could disable risky sign-ins monitoring for a time period?

    "Oh, risky sign in."
    "He's on holiday until sunday, and uses VPN"
    "Ok then, I'll disable monitoring that event type in particular for that specific user for 5 days."

    Solved.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure AD password protection - Show suggestions

    Along with leveraging fuzzy match and machine learning to stop users from keeping easy-to-guess passwords, it will be great to show some password suggestions when a banned password is entered.

    This will improve user experience and help make organisation more secure.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Export risk events from Azure AD Identity to Event Hub

    Azure AD Identity Protection events are currently not possible to export to an event hub.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Azure AD Identity Protection alerts should only send to users that are chosen.

    Currently email alerts are sent to all global admins, security admins and security readers. There is no way to remove those users from receiving alerts. Only users that are selected to be included should receive the email alerts.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow Azure AD Identity Protection alerts to be disabled.

    Currently all global administrators are alerted when user risk level is at high, but there is no way to turn off the alerts.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Risky user email notification is confusing

    Risky user email notification is confusing.
    When a user click the link on an email, he/she goes to "Risky users (Preview)" page. However this page is confusing. Especially, sometimes it says "No risky sign-ins found" on "Resent risky sign-ins" tab. The link should navigate users to "Azure AD Identity Protection" page, which is intuitive and easier to understand.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Additional Info for Risky Users in AIP

    We would like to see the reason for the Risky sign-ins. This would help us identify why AIP flagged our users. Is it because of impossible travel or anonymous IP etc in Risky Users blade under AAD.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. In Conditional Access Policy or Azure AD Identity protection, block is based on risk level not based on risk detection. For example, I wante

    In Conditional Access Policy or Azure AD Identity protection, block is based on risk level not based on risk detection. For example, I wanted to block “Sign-ins from anonymous ip address” but wanted to allow “Sign-in from unfamiliar location”. Since most of my users travel to different places so we wanted to allow “Sign-in from unfamiliar location”. How can I achieve that using Conditional Access Policy or Azure AD Identity protection or any other method?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Enhanced Reporting for Azure AD Password Protection

    We are running Azure AD Password Protection on-premise mode. The PowerShell summary report is ok, but only works for admins. It would be better to have a report available in the Azure Portal for management to review easily. The report could allow us to see the same summary stats that exist in the PowerShell report.

    Also, Individual event data is only available in the Windows Event Viewer where the user attempted to change their password. We have no way to centrally search for an event by user without checking all our DCs. In addition, the helpdesk have no privileges to…

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Create the ability to generate email alerts for risky sign-ins by type, rather than severity

    Please, add the ability to generate email alerts for specific sign-in types (e.g. log-ins from anonymous IP addresses) to enable admins to refine their procedures based on what is deemed legitimate user behaviour.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Notify end-users when an risky sign-in (e.g. sign-in from an anonymous IP address) event is created

    Can a feature be added to notify end-users by email when Azure AD detects a risky sign-in event (e.g. sign-in from an anonymous IP address) on their account, so they're able to take immediate action if their account is compromised?

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Ability to export Risky Sign in policies programmatically

    We need a way to export/consult Risky sign in policies.

    In general, a feature should be released with its associated API to allow Microsoft customers to perform automation.

    Support case 119070422001895 confirmed this was not possible.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Respect exclusions for MFA registration vulnerability assessment

    Azure AD Identity Protection may show a medium risk vulnerability, "Users without multi-factor authentication registration", even though all in scope users are registered for MFA. The issue here is that excluded users appear to be factored into this vulnerability assessment.

    In our case, the only users not enabled for MFA are service accounts which shouldn't have MFA enabled (e.g. Azure AD Connect), and are thus explicitly excluded from our MFA registration policy in Azure AD Identity Protection.

    Apart from the warning on the Azure AD Identity Protection dashboard, this also results in getting a warning every week in our security…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Reduce False positives on risky sign-ins

    Reduce False positives on risky sign-ins like impossible to travel with office access and cell towers and unknown location that is a little then 15 mil (in same state)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. DCR - AAD legacy auth flow can’t handle the risk, handle the risk on modern flow for the legacy auth flow.

    User with Aadip politics all applies and user with risks will be automatically remediate via modern flow, with basic legacy auth flow no automatically remediation. The DCR is if a user gets a risk on basic legacy auth flow, remediate via next modern flow. Detect the risk and automatically remediate with next modern flow.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base