Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable Flash SMS for MFA/Multi Factor Authentication

    I'd like the possibility to use Flash SMS (http://en.wikipedia.org/wiki/Short_Message_Service#Flash_SMS) when sending one-way OTPs using Azure MFA / Multi-Factor Authentication.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Azure AD Applications - Needs

    - Allow applications in Azure AD to be organised into folders so business units who work in this space can 'claim' applications.
    - Provide the ability to rename applications or application instances once created.
    - Provide visbility of what user created an application.
    - Provide the ability to 'lock' applications from being accidently deleted.
    - Deletion of applications requires X global admins to approve, at the moment a rogue admin could destroy an SSO setup for an entire company in minutes...

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback, some of the suggestions are already available:

    - Ability to rename applications
    - Provide visibility of what users created an application: You can use audit activity reports: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-activity-audit-logs

    Regarding the other suggestions, I’ll update this once it’s a planned feature. In the meantime, keep the voting coming so we can prioritize this higher.

    /Luis
    Program Manager

  3. Azure AD proxy Connector gateway Timeout

    As per Azure AD guideline, Only "Default" and "Long" Application time out value can be assigned to Azure application. Default = 85 seconds and Long = 180 Minutes. But i have few application which takes more than 3 minutes to respond on few UI actions. I am wondering, if we can have a way to override the proxy connector application time out settings. We may consider providing a way in Proxy Connector window service installed on server to increase Backend application timeout.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for sharing your feedback.

    The timeout limit was defined due to two main motivations 1. Security and service SLA 2. The nature of network products and user productivity.

    In terms of security, App Proxy is a multi-tenant service and in today’s time and the high load we’re experiencing on our system, we have a limited ability to allow connections to be open for such a long time. Allowing such timeouts will widen our attack surface significantly and reliability of our service.

    In terms of productivity, we are dealing with a multi- hop network bound service (traffic from the user browser, to our service, to a connector and to the app). In such an environment there may be impact to parts of the system by adding in this longer timeout. When there is no activity on the wire of a network service it is questionable if the connection is…

  4. Custom error messages per SaaS App and tenant-wide also

    It would be really awesome, if Microsoft would provide developers with an option to provide custom error messages per Azure AD SaaS Apps and Global Admin to define some tenant-wide custom error messages as well. The error messages provided from Microsoft is not especially user-friendly or customer specific yet. This creates some confusions among internal and B2B users.

    I hope this would be taken into considerations like the Azure Conditional Access custom error messages.

    /Peter Selch Dahl
    Azure MVP

    Also see these related request:
    ---------------------------------------------------------------------

    Fix Error AADSTS50020 when logged in user doesn't have permissions to selected Application:
    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/6795635-fix-error-aadsts50020-when-logged-in-user-doesn-t

    Customize…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

    We don’t plan to provide the capability to customize the error message for now. But, we have been working on making the error messages more actionable.

    If you have any suggestions for improving an specific error message. Please create another post and the team will improve it.

    /Luis
    Program Manager

  5. IDP-Initiated SAML flow option for all gallery applications

    Gallery integration for some SaaS applications (such as ServiceNow) use SP-Initiated sign-in flows. This makes ADFS -> Azure AD "migrations" for customers difficult as there is no way to validate the user experience without making Azure AD the default SSO provider. Additionally, some customers rely on just-in-time SAML provisioning, which is seamless with IDP-Initiated flow.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    unplanned  ·  1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support inbound provisioning from TalentSoft to Azure AD

    Similar to Workday, add support for inbound provisioning from https://www.talentsoft.com/ to Azure AD.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  7. Application Roles UI

    Support the assignment of multiple application roles to users via the new portal. In the classic portal you can only assign a single application role to a user (and have to use the API to assign more).

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add Azure AD Group to the list of Exclude users

    Using Azure AD Conditional Access : "Baseline policy: Require MFA for admins" Can you please add the ability to include an Azure AD Group to the exclusion list? Currently only allows for individual users

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Conditional SAML Token Attributes

    We need the ability to optional pass SAML token attributes based on a predefined condition. In our scenario we'd like to pass a join attribute only if both strings aren't empty.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  10. third party initiated

    Support OpenID Connect third party initiated login, as described here: http://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin.

    Opening on behalf of a customer I just spoke to.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    unplanned  ·  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow variable attributes for password SSO

    We currently use Onelogin which allows us to use variables from user profiles. We want to use Azure AD password SSO to push custom variables to the form such as the user's first name, last name, email, etc...

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  12. WAP trafic logs

    We are using WAP to publish many https sites and wanted to see traffic/activity logs.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support url redirection in internet explorer

    Most company still use internet explorer.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
2 Next →
  • Don't see your idea?

Feedback and Knowledge Base