Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Passwordless User Provisioning

    Add support for true passwordless AAD user provisioning. All of the passwordless authentication methods (Hello, FIDO2, and Authenticator) currently require the user to sign in with an initial password before he can self-enroll into passwordless.
    This could be achieved by different methods, like OTP, enrollment smart cards, enrollment FIDO2 keys, managed FIDO2 provisioning, administrative initial device approval etc.
    This would allow us to achieve a state when employees do not even know/have their AAD passwords.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  2. Mandate the use of FIDO2 security key

    Hello,

    let us mandate a specific login method. E.g. login only possible via security key.

    As it is now, security keys are only optional and ADD-ON to the existing methods. For configuring a security key in the first place, one needs to set-up MFA with SMS/Phone before.

    But what good is a security key if a malicious somebody can just choose "sign in with another method" and then choose SMS, when SMS based MFA is discouraged everywhere because of security concerns.

    I would like to see something as in Google's advanced protection programme. True, this is not passwordless, but then…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enable "Sign in with a security key" option from any sign-in page (e.g. in case of frequency passed)

    End-user experience of password-less sign-in options is broken in some user scenarios.

    Example: The "Sign in with a security key" option is not available on sign-in page after the sign-in frequency passed (Conditional Access session policy).

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  4. Provide ability to prevent sign in with a password when passwordless is enabled

    Want to stop users being able to login with a standard password (with or without MFA) when passwordless has been enabled.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add passwordless sign-in for Apple Watch

    The password less sign-in option only works with the authenticator app on the phone and not on the Apple Watch ("Request type not supported on your watch"). It would be most convenient to be able to have this supported on the Apple Watch as well.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  6. Adding Touch ID Support for MFA/password-less on Chromium (macOS)

    Google has added fingerprint authentication on Chrome including support of Apple's biometric sensors "Touch ID" last year:
    https://www.chromestatus.com/feature/5962264427364352

    This seems to be implemented via Web Authentication API.
    It would be awesome to use Touch ID as 2nd Factor or password-less option in Azure Active Directory. Currently you are able to choose between NFC and USB only (tested on lastest build of Chrome).

    It would be even better if Edge Chromium supported the built-in fingerprint of MacBooks. :)
    However, it seems to be a limitation of Azure Active Directory.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  7. Adding YubiKey Support to Azure AD and Edge on iOS/iPadOS

    YubiKey's 5Ci security keys allows password-less authentication via Lightning connector. It's the first security key that can plug into a iPhone or iPad Lightning port and USB-C port. Several apps supports authentication such as Brave, a browser app based on Chromium.
    https://brave.com/partnership-with-yubico/

    It would be great if Azure Active Directory and Edge supports the YubiKey for password-less authentication.

    There is also an upcoming SDK to support the new NFC authentication capabilities in iOS. This will allow FIDO2 authentication over NFC and Lightning as well.
    https://www.yubico.com/2019/09/yubico-ios-authentication-expands-to-include-nfc/

    32 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  8. Login with printable badges for K-3 students to SSO applications.

    We'd like the capability to login with printable badges for K-3 students to SSO applications in Azure AD. So that they can simply scan their badge that the teacher made for them and get into the application. Similar to the https://clever.com/products/badges. This would fit into the passwordless signon but not require phones as students may not have phones.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  9. Passwordless Signon with single device and multiple accounts

    The current implementation of Azure AD passwordless signon only permits one account per device, per tenant. So I can have my "regular" Office 365 account protected and passwordless using the MS Authenticator app, but I can't also setup my Office 365 Admin account (or vice versa). For the typical user with only one account this is fine, but as an admin I would prefer the security benefits of going passwordless on my admin account as well.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base