Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Workday to Azure AD provisioning application under attribute mapping, under target object action delete feature deleting users in Azure

    Workday to Azure AD provisioning application

    under attribute mapping, under target object action delete feature deleting users from Azure AD. Instead of deleting user from Azure AD the account should disable in AD

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  2. Admin Consent Required for Basic PIM API Scenarios

    According to the docs, the permissions required to even perform basic scenarios (list my eligible roles, active a role) require admin consent. Can the API be improved to require less consent? I use PIM quite a bit and the portal experience can be painfully slow, I'd really like to automate it with the API.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Auto suggest role activation on "access denied" error messages if user is eligible

    If I have a role that woudl allow me to access a page via PIM, error messages shoulfd suggest to enable the least privilege role I am elligible for instead of just showing an access error.

    This would:
    1. allow to think about PIM as a workaround
    2. understand that Global Admin is not the role to activate by default and that less powerful roles coudl still allow to get things done
    3. add some friendliness to "access denied" error messages :-)

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. workday-AAD please add support for sending email notifications after provisioning operations complete

    From the FAQ: "Does the solution support sending email notifications after provisioning operations complete?
    No, sending email notifications after completing provisioning operations is not supported in the current release."
    This would be useful as all of our current processes include emailing a few people per region a user is created in.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add Microsoft Azure Signup Portal as an app

    Please add the possibility to block the app:

    Microsoft Azure Signup Portal
    8e0e8db5-b713-4e91-98e6-470fed0aa4c2

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. For Enterprise Applications SSO with IWA/KCD configuration in Azure provide better SPN handling for multiple back-end servers

    For Enterprise Applications SSO with IWA/KCD configuration in Azure, either add support for multiple SPNs for representing multiple back-end servers using round robin DNS, or for Wildcard Application publishing, allow the wildcard SPN in Azure to ignore the mismatched SPN on the back-end servers/application, to support multiple back-end servers, via DNS round robin.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  7. Download the User's list in Alerts for Azure AD

    At the moment we are not able to download the information with the users listed in Azure AD roles - Alerts. It would be very helpful if we had this option as we have in Access Reviews.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  8. Create Managed Service Identity (MSI) in a custom AAD tenant

    Is it possible to have the user defined identity create in a custom AAD-tenant? We maintain several environments within a single subscription, and create all app registrations in a AAD for each environment, and not in the AAD-tenant that is associated with the subscription

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  9. PIM

    There should be a means to force password reset on PIM enabled accounts. We do this with CyberArk today and our InfoSec department is balking on PIM due to the lack of automated password reset capability.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Addition of In-Blade "New Location" for Named Locations when creating CA Policy

    When creating Conditional Access Policies, users are forced to exit the creation process and define Named Locations, the addition of the New Location button while in blade would decrease the number of steps required for those already in the creation process

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Discover Available Applications

    When creating Conditional Access rules and choosing "Cloud apps", it only displays a limited number of applications. You can search for other applications but you need to already know their name. There is no other way to get a larger list of applications or more pages.

    We need a way to discover what applications are available for us to secure.

    Having applications that we could better secure without being able to know what these applications are sounds like a big security risk.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add Identity provider for more than one platform in a single Azure AD B2C Tenant

    Hi, We were using B2C to setup facebook login. We were able to add an identity provider whose client id and client secret were linked to facebook IOS App. But we also require to set up facebook login on app running on Android. How can we do it in the same tenant?

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add possibility to send cumulative Approval Requests in a single notification

    Some customers not want receive emails for every event and prefer have a single email with list of all events.
    I suggest to add a flag to Approval Action to send Approval notifications with a cumulative Emails to every approval user. Add an options in configuration can define a timer for send these emails.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  14. Refresh Tokens can take a long time to be exchanged

    We are seeing an issue where it is taking a while for a refresh token to be exchanged.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  15. When installing the MIM Language packs on a second server, provide the option to just install the local files and not update the MIM Service

    When installing the language packs on second portal servers, it would be nice to have an option to skip the installer updating all the locals in the Service/Database as this has already been done during the initial install on the primary server, and slows down the time it takes to patch the environments.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  16. In the Portal, on the home page, the Welcome message uses the Display Name Attribute, can this be made a customisable option.

    In the Portal, on the Home Page, the Welcome Message is currently hard coded to Welcome, <DisplayName>.

    Please can this be made a option or customisable so that it can be calculated based on FirstName and LastName or just so a different attribute can be used.

    The issue using Display Name, is that in AD, the display name format is LastName, FirstName and when it is set in the Portal, it means the welcome message is displayed as Welcome, Bassi, Ian which does not make a lot of sense.

    To get around this, you have to create a extra attribute…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add support for initial flows in SR that don't perform provisioning

    If you have something you just want to flow if a value doesn't exists, it would be nice to be able to do this in an common SR, not only in SR that performs provisioning. Like in rules extension when you Always have the possibility to do: if (!csentry[attribute].IsPresent) <set value> else <skip this>

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provisioning connector to Dashlane

    Dashlane is a cloud based password management solution that supports SAML 2.0 https://support.dashlane.com/hc/en-us/articles/212111089. Would it possible to it to the App Gallery?

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support certificate authentication in MyApps for iOS

    I would like to be able to log into MyApps using ADFS and Certificate authentication. I can log into Safari using Certificates, but I can not use the native MyApps application on iOS.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Irregular sign in activity should display what's normal before the triggered event

    The report "Irregular sign in activity" should show what's normal, and detailed why this was triggered.

    If it's a atypical location: What is the typical?
    Signed in from a location distant from the previous location: What was the previous?

    If you have hundreds of users, sending just this list to an administrator is not sufficient.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base