Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure AD to on-premises application user provisioning

    Support provisioning users from Azure AD to on-premises applications such as SQL, PowerShell, and LDAP.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  0 comments  ·  Provisioning to Applications  ·  Flag idea as inappropriate…  ·  Admin →
  2. Changing AppRoleAssignment should cause provisioning update

    Currently with automatic provisioning for Zoom or DocuSign (probably all applications) if you update the role someone is assigned for the application in Azure AD it does not trigger updating the user at Zoom or DocuSign.

    When changing the AppRoleAssignment it should trigger provisioning update. Only way to do this currently is to restart provisioning.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Provisioning to Applications  ·  Flag idea as inappropriate…  ·  Admin →
  3. Access Review to delete user account

    We use access reviews to monitor 3rd party Office 365 accounts and licences. The users are in a security groups that assigns the licences. So if they are denied as part of the access review they are removed form the security group so their Office 365 licences are removed.

    Is there a way to also delete the user accounts as part of the process

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Nikki,

    Thanks for the feedback! If you’d like to delete the user in addition to removing the user from the resource (group), we are running a private preview on this exact feature, and we’d love to have you try it!

    Please fill out this form for tenant info and we’ll whitelist you for the preview – https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR5dv-S62099HtxdeKIcgO-NUMzE4VzM2QllPTkxTVjRWOUFCMEZLQzJPVy4u

    Thanks
    Fionna

  4. PIM - Configure default settings for all role assignments

    Separate custom settings for every role in every resource scope is really unwieldy, and makes it infeasible to manage effectively.

    Please consider a configuration for default settings that apply to all roles and scopes (maybe separate for Azure RBAC vs AAD?) so that we can make baseline tenant level configuration change.

    e.g. I would like PIM eligible assignment to default to a maxiumum duration of 2 hours instead of 1; I would like activation to require MFA always; I would like to change the notification lists.

    Thanks
    Ben.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Enable "Sign in with a security key" option from any sign-in page (e.g. in case of frequency passed)

    End-user experience of password-less sign-in options is broken in some user scenarios.

    Example: The "Sign in with a security key" option is not available on sign-in page after the sign-in frequency passed (Conditional Access session policy).

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  6. Risk based conditional access for b2c

    In order to reduce user friction the product should have conditional access programing to allow a safe sign in without asking to mutch information and avoid sending to much sms tokens

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback! We are excited to announce that Risk-based Conditional Access for B2C is currently in private preview. We will keep you updated when it becomes available in public preview and general availability.

  7. Sort or add a sort button to named location ip based list in conditional access

    Currently named locations that are IP list based, just sort the IPs in the order they are entered. This makes it very difficult to compare lists or find an IP that needs to be removed. Please either sort them automatically or give us a sort button.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. PIM - multiple approvers required

    At the moment you configure multiple approvers in the role setting details dialog. As soon a one approvers approves the request gets accepted.

    I would like to have an option to require multiple approvers, that allow the request
    eq. configure 5 approvers - 2 are required to approve the request

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Export of Roles and assignments in AAD

    In 365 we can get a csv file showing users role assignments. I would like the same in Azure AD.

    User name, Assigned role option to export as a SINGLE CSV file.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Flag idea as inappropriate…  ·  Admin →

    We shipped ability to export role assignments in Azure AD portal on a per role basis. Next step is ability to export assignments for all roles in one go.

    Try this –
    Azure portal —> Azure Active Directory —> Roles & admin —> {role} —> Download role assignments

    Thanks,
    Abhijeet Kumar Sinha
    Azure AD RBAC team

  10. Remove the option to enable phone sign-in in Microsoft Authenticator App

    As we've disabled the option to enable passwordless in our Tenant, it would be helpful to remove / disable the option to enable phone sign-in in MIcrosoft Authenticator APp so the users won't be able to enable something that is not enabled for the company.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. RBAC roles export/backup

    Currently there are actions that can wipe out RBAC roles such as cross tenant subscription transfers, but there is no way to export these roles so they can be easily applied to the subscription once the transaction is complete. Being able to backup this data/export this data could be useful for a number of applications allowing quick management of access across subscriptions

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →

    We shipped ability to export role assignments in Azure AD portal on a per role basis. Next step is ability to export assignments for all roles in one go.

    Azure portal —> Azure Active Directory —> Roles & admin —> {role} —> Download role assignments

    Thanks,
    Abhijeet Kumar Sinha
    Azure AD RBAC team

  12. Customer tenants should be manageable by PIM

    PIM should be able to manage access to customer's tenants. Partner has employees with their own source of authority but should still be able to give out access based on Azure lighthouse for instance. AzLighthouse currently supports groups only, which are not supported by PIM.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. enforced privileged identity management for CSP and report on costumer security blade among other normal security measure.

    Costumers even thrusting their CSP need to have a view and a control over their activities PIM is one of them , and report should be send to the security center that have the abilities to be linked to a SIEM .
    it's also part of a compliance audit, we should not need to add that partner as a B2B guest to do so , it's too much combersome as the trust between the azure AD is exisiting .

    begin to put the admin agent and helpdesk agent as eligible role (i would even suggest by default" .

    CSP Cloud…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Access Review Process needs to be complete

    Access Reviews don't reflect the azure ad recommendation (example: user not logged for last 30 days etc.) for reviewers of 3rd party SaaS applications. Also, will be great to automate the line manager for each user as the access reviewer, as it would help in larger organisations to better manage and speed up the review process

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Niket,

    Thanks for the suggestion! Good news is that both of your asks are on our roadmap! Are you using Log Analytics in AAD? We’re working to integrate with the user login data in log analytics and surface those in our recommendations.

    As for line managers as reviewers, does your tenant have the manager attributed populated for your users? Great if you are, because we’re working on pulling that info from the user profile page.

    - Fionna

  15. Separate create and modify permissions for resources

    Make the write permission for resources more granular. There are many cases where we would like to allow admins to modify resources but not create them. To achieve this we have to assign them a role directly to the resource. This would allow a more general assignment with only modify permissions.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →

    Hi,
    Just a quick update here. We’re actively working on support for custom roles (RBAC) across Azure AD. Stay tuned for more announcements in the next couple of months.

    You can have a look at what we’ve shipped thus far (custom roles for application registration management) here – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview.

    Regards,
    Abhijeet Sinha
    Azure AD RBAC Team

  16. Ability to export Risky Sign in policies programmatically

    We need a way to export/consult Risky sign in policies.

    In general, a feature should be released with its associated API to allow Microsoft customers to perform automation.

    Support case 119070422001895 confirmed this was not possible.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Apply access reviews to entire enterprise application

    I would like to create an access review for ALL Teams to review guest membership so whenever someone adds an external user to their Team the review will occur. Currently I have to tell the access review policy which teams it applies to. Because my users can add their own teams I have to create a manual process to look at new teams and add them to an access review. I'd rather just apply it to the entire application so it happens with every Team that exists.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hello all, Good news – we have made more progress on this ask! We started private preview of reviews on all guests in Teams/Office groups. Please fill out this form to be included in the private preview! We look forward hearing your feedback, working together to improve this feature, and sharing more updates with you very soon! bit.ly/ARGuestsInTeamsPP

    - Fionna

  18. Hybrid Joined Devices support with FIDO2

    I realise the support for FIDO2 logins with Azure AD was only just released recently, but what timeline is there for support for hybrid joined devices login?

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add Azure Active Directory Role Customization

    Add a Role Customization for Azure AD Roles to get more specified permission settings in Azure AD

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →

    Hi,
    Just a quick update here. We’re still actively working on support for custom roles (RBAC) across Azure AD. Stay tuned for more announcements in the next couple of months.

    You can have a look at what we’ve shipped thus far (custom roles for application registration management) here – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview.

    Regards,
    Abhijeet Sinha
    Azure AD RBAC team

  20. We would like to have an ETA for when custom Azure AD admin roles will be usable.. This is a huge request from all around the world. Thank

    We would like to have an ETA for when custom Azure AD admin roles will be usable.. This is a huge request from all around the world. Thank

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7
  • Don't see your idea?

Feedback and Knowledge Base