Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure Active Directory Domain Services Status

    I've been having problems with the Domain Services correctly syncing passwords via LDAP. Today none of the LDAP services could connect. Thinking that something might have happened to my configuration I disabled the Domain Services, reconfigured it, then re-enabled. The re-enable has been going for several hours now. The Domain Services section is set to OFF but when I try to configure it again it throws an error. No details, just says that it can't save the configuration.

    It would be nice if there was some sort of status page where I could see what's going on regarding provisioning and…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add dynamic validation rules to Self Service Password Reset

    When trying to reset your password via Azure SSPR with writeback to onprem AD, you currently don't get much detail as to why a password reset may have failed (not enough characters, not complex enough, etc). Our on-prem password reset tool can validate your new password as you type so that you can make sure the new password meets your company policies and it would be great if Azure SSPR could do this to. Even just more details on why a password reset fails would be of great help to end users.

    31 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback! We will take this into consideration and welcome any specific ideas or feedback you have in the meantime. Would you like to see some sort of custom password strength meter? Or maybe just text that tells the user what the on-prem password policy is? Thank you in advance!

    Sadie Henry (sahenry)

  3. Yardi

    Azure SSO does not include Yardi property management ERP. We have several clients who use this online

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  4. Device-level authentication as primary authentication like ADFS 4.0 (Windows 2016) in Azure AD

    It would be AWESOME, if Azure Active Directory would provide device-level authentication as primary authentication like ADFS 4.0 (Windows 2016)

    We need this please!

    73 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. AADB2C: Add CORS headers to AD B2C token endpoint to allow for implicit flow (XHR POSTS)

    We are trying to implement Azure AD B2C authentication with a web app using implict flow. We can login and successfully get redirected to the correct url which includes the correct items on the redirect url (idtoken&code). However, as this article suggests (https://github.com/Azure/azure-content/blob/master/articles/active-directory-b2c/active-directory-b2c-reference-oidc.md#get-a-token) the app then needs to perform a xhr POST request to the token endpoint to retrieve a token for a resource (web api) the app needs to interact with. However, when I try and do an XHR POST to that token endpoint (https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token?p=b2c1_signinpolicy) the browser (quite rightly) performs a preflight check (an…

    141 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  6. Set Default Country Code in Azure MFA

    When importing users from AD, if the country code isn't included in attribute Azure MFA will set the country code to +1(USA).
    Can a feature be added to allow the default country code to be set a the global level. So that in our case we could set all number to default to +44(Great Britain) .

    73 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Azure AD Team responded

    We’ll take this in consideration as we plan new features. In the short term, we are working on Graph API‘s that will allow you to change phone numbers in the StrongAuthentication fields.

    Richard

  7. Rename Azure AD Application "Office 365 Exchange Online" to "Outlook"

    Users with Office 365 license when accessing myapps.microsoft.com do not understand that in order to open "Outlook Web App" they should use "Office 365 Exchange Online" icon. Please rename Azure AD Application "Office 365 Exchange Online" to "Outlook" or "Outlook Web App".

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure AD App Proxy support for "Provider Hosted App" and passing "Query String" to Provider Hosted App

    Support for publishing "Provider Hosted App" and passing "Query String" to Provider Hosted App using the Azure AD App Proxy.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  9. [Get-MsolUserByStrongAuthentication], NotImplementedException

    When attempting to retrieve more than 500 accounts via the Get-MsolUserByStrongAuthentication cmdlet (using -all or -MaxResults) only the first 500 results are returned then the following error is displayed.

    Using MSOnline module version 1.0.8362.1.

    Get-MsolUserByStrongAuthentication : The method or operation is not implemented.
    At line:35 char:7
    + $tenf=Get-MsolUserByStrongAuthentication -Requirements @($mfaEnforced) -MaxResul ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (Microsoft.Onlin...gAuthentication:GetUserByStrongAuthentication) [Get-MsolUserByStrongAuthentication], NotImplementedException
    + FullyQualifiedErrorId : System.NotImplementedException: The method or operation is not implemented.
    at Microsoft.Online.Administration.Automation.MsolCmdlet.NavigateList(Byte[] listContext)
    at Microsoft.Online.Administration.Automation.MsolCmdlet.ProcessList(SearchDefinition searchDefinition, Int32 maxResultsSize),Microsoft.Online.Administration.Automation.GetUserByStrongAuthentication

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  10. Disable user's ability to change password (via cloud/portals)

    We need to disable a user's ability to change their password. We need to manage password changes in our own application.

    NOTE: I am not referring to password resets (which we can easily disable). Rather I'm talking about preventing users from changing their password via a Microsoft portal when they know their existing password.

    We are looking for an equivalent of the (non Azure) AD powershell command Set-ADUser -CannotChangePassword.

    294 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    38 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

    Hi folks! I apologies for the delay in response and I deeply appreciate your feedback. I understand how important this feature is for your and your users. We do not yet have plans to implement this feature, but please keep voting if this is important to you to help us prioritize appropriately.

  11. Are we able to find out all users and their last logged in date in AAD? A report feature is preferred

    I need to access how Active my AAD users are. Not sure if there is any Report feature that can churn out all users and their last logged in time. Cause base on this. i can tell how LONG has he/she not logged in.

    Appreciate your help pls :(

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add a "whats the point of this" control next to a feature label

    Then, give your Azure AD customers the ability to post responses in their own language - often if you take a users description it is formulated in a way that is more accessible to other users versus the technical documentation. Whenever someone provides feedback, someone at azure reviews it and compares to the current answer and if they think the new answer is better, they replace it - or edit as they see fit

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  13. Azure Active Directory License assignment

    It appears to not do a recursive search of the groups you assign AAD Basic and Premium too. Please add the ability to do recursive group license assignments.

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Licensing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Authenticating wireless access points \ RADIUS through Azure AD

    I would like to see Authenticating wireless access points \ RADIUS servers through Azure AD , not having to store user accounts in local active directory

    1,148 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    95 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback, we’re currently reviewing this capability to see how we can support RADIUS auth on NPS specifically, for AAD Joined Windows 10 devices to authenticate to WiFi access points

    If there are scenarios beyond the above, please provide the details in the comments


    Ravi

  15. Manage Multi Factor Authentication via Group association

    Please add the option to add Multi Factor Authentication to Groups. Makes it much easier to manage.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  17. More simple configuration between Dynamics Nav and Azure Active Directory

    Allow more simple application single sign-on between Azure Active Directory and Dynamics Nav i.e. use similar application as application proxy to create the federation between nav and azure ad.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  18. Support certificate authentication in MyApps for iOS

    I would like to be able to log into MyApps using ADFS and Certificate authentication. I can log into Safari using Certificates, but I can not use the native MyApps application on iOS.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Management Portal 2 factor authentication

    Yes there is a way to enable 2 factor authentication for apps and hosted services etc, but if there is a way to enable it for the management portal I cannot find it.

    This is the same request, it's marked as completed by the Azure team, but the link they provide is for enabling it within hosted services and on prem servers, and doesn't actually appear to address the question.
    http://feedback.azure.com/forums/223579-azure-preview-portal/suggestions/3043211-two-factor-or-ad-authentication-for-management-p

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  3 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Need to strip out the special characters when answering SSPR questions

    Like FIM, it would be nice if SSPR stripped out the spaces (in the answers) and the special characters so that users are not challenged remembering the exact answer, such as hyphens or apostrophes on answers.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base