Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow Azure AD B2C users to access PowerBI dashboards

    Add support for PowerBI Dashboards in Azure B2C

    50 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  2. Ability to apply Azure Conditional Access policies to specific Windows OS versions (7, 8.1,10) for Hybrid Azure AD Joined Devices, or to spe

    Ability to apply Azure Conditional Access policies to specific Windows OS versions (7, 8.1,10) for Hybrid Azure AD Joined Devices, or to specific devices in a device Group. 

    While Azure Conditional Access policies can be currently applied to Windows for Hybrid Azure AD Joined Devices this includes all Windows operating systems.  There is no ability to apply them to specific Windows OS versions, or to target specific devices.  Having this functionality would allow for example to block Windows 7 and 8.1 devices through CA policies, or block specific devices without an approved reason to not upgrade to Win10.

    36 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    unplanned  ·  2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Azure AD proxy Connector gateway Timeout

    As per Azure AD guideline, Only "Default" and "Long" Application time out value can be assigned to Azure application. Default = 85 seconds and Long = 180 Minutes. But i have few application which takes more than 3 minutes to respond on few UI actions. I am wondering, if we can have a way to override the proxy connector application time out settings. We may consider providing a way in Proxy Connector window service installed on server to increase Backend application timeout.

    33 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for sharing your feedback.

    The timeout limit was defined due to two main motivations 1. Security and service SLA 2. The nature of network products and user productivity.

    In terms of security, App Proxy is a multi-tenant service and in today’s time and the high load we’re experiencing on our system, we have a limited ability to allow connections to be open for such a long time. Allowing such timeouts will widen our attack surface significantly and reliability of our service.

    In terms of productivity, we are dealing with a multi- hop network bound service (traffic from the user browser, to our service, to a connector and to the app). In such an environment there may be impact to parts of the system by adding in this longer timeout. When there is no activity on the wire of a network service it is questionable if the connection is…

  4. Pre-populate username field with value from the query string like old Sign-In Policy

    You provide policies for Sign-In, Sign-Up and Sign-In or Sign-Up. The "Sign-In" policies do not allow page customization because they are using an older (pre B2C) way of doing things. However, one advantage the Sign-In policy has is that I can add &username=myUsername and it pre-populates the Username field with this value.

    In our system, we already know the username before we send them to the "sign-up or sign-in" Policy screen, and we'd like to add the username to the query string so the value is already populated.

    30 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  5. Enable Flash SMS for MFA/Multi Factor Authentication

    I'd like the possibility to use Flash SMS (http://en.wikipedia.org/wiki/Short_Message_Service#Flash_SMS) when sending one-way OTPs using Azure MFA / Multi-Factor Authentication.

    30 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure AD Applications - Needs

    • Allow applications in Azure AD to be organised into folders so business units who work in this space can 'claim' applications.
    • Provide the ability to rename applications or application instances once created.
    • Provide visbility of what user created an application.
    • Provide the ability to 'lock' applications from being accidently deleted.
    • Deletion of applications requires X global admins to approve, at the moment a rogue admin could destroy an SSO setup for an entire company in minutes...
    25 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback, some of the suggestions are already available:

    - Ability to rename applications
    - Provide visibility of what users created an application: You can use audit activity reports: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-activity-audit-logs

    Regarding the other suggestions, I’ll update this once it’s a planned feature. In the meantime, keep the voting coming so we can prioritize this higher.

    /Luis
    Program Manager

  7. Block only Azure Portal using Conditional Access

    I want to block users access to Azure Portal.
    So I have Conditional Access on the "Microsoft Azure Management" application in Azure AD.
    However "Microsoft Azure Management" contains not only Azure Portal but other applications as above.

    Manage access to Azure management with Conditional Access
    https://docs.microsoft.com/en-us/azure/role-based-access-control/conditional-access-azure-management

    Please add only Azure Portal application to Conditional Access.

    24 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    unplanned  ·  3 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow for additional user profile attributes to be updated to applications beyond user name, manager, active status and language.

    Currently only able to update the following from Azure AD to Cornerstone On Demand App:

    cornerStoneUser.Contact.Name.Last

    cornerStoneUser.Contact.Name.First

    cornerStoneUser.Active

    cornerStoneUser.Organization.Manager

    cornerStoneUser.Language

    We would greatly benefit from being able to update the Department/Division attribute as well, as we have a moderate amount of movement between Departments within our organization.

    23 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Provisioning to Applications  ·  Flag idea as inappropriate…  ·  Admin →
  9. Support claims transformation on user.assignedroles

    I can't apply a claim transformation method to the source attribute user.assignedroles or any multi value.

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  10. Custom error messages per SaaS App and tenant-wide also

    It would be really awesome, if Microsoft would provide developers with an option to provide custom error messages per Azure AD SaaS Apps and Global Admin to define some tenant-wide custom error messages as well. The error messages provided from Microsoft is not especially user-friendly or customer specific yet. This creates some confusions among internal and B2B users.

    I hope this would be taken into considerations like the Azure Conditional Access custom error messages.

    /Peter Selch Dahl
    Azure MVP

    Also see these related request:

    Fix Error AADSTS50020 when logged in user doesn't have permissions to selected Application:
    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/6795635-fix-error-aadsts50020-when-logged-in-user-doesn-t

    Customize error…

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

    We don’t plan to provide the capability to customize the error message for now. But, we have been working on making the error messages more actionable.

    If you have any suggestions for improving an specific error message. Please create another post and the team will improve it.

    /Luis
    Program Manager

  11. IDP-Initiated SAML flow option for all gallery applications

    Gallery integration for some SaaS applications (such as ServiceNow) use SP-Initiated sign-in flows. This makes ADFS -> Azure AD "migrations" for customers difficult as there is no way to validate the user experience without making Azure AD the default SSO provider. Additionally, some customers rely on just-in-time SAML provisioning, which is seamless with IDP-Initiated flow.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    unplanned  ·  1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support inbound provisioning from TalentSoft to Azure AD

    Similar to Workday, add support for inbound provisioning from https://www.talentsoft.com/ to Azure AD.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  13. 4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    unplanned  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  14. third party initiated

    Support OpenID Connect third party initiated login, as described here: http://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin.

    Opening on behalf of a customer I just spoke to.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    unplanned  ·  1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Application Roles UI

    Support the assignment of multiple application roles to users via the new portal. In the classic portal you can only assign a single application role to a user (and have to use the API to assign more).

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  16. WAP trafic logs

    We are using WAP to publish many https sites and wanted to see traffic/activity logs.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow variable attributes for password SSO

    We currently use Onelogin which allows us to use variables from user profiles. We want to use Azure AD password SSO to push custom variables to the form such as the user's first name, last name, email, etc...

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  18. Make PIM more user friendly by adding flash whenever signing 1st time on azure ad PIM

    Whenever we are enabling PIM , we found that portal is not user friendly, there is ROLES, then AZURE AD ROLES then lot of confusing options and even the documentation is not for the beginners, that when we will get consent option,how to check PIM is enabled or not there are lot of people i came accross who are confused with the features and what to enable and all,
    the concepts are clear but how to reach and complete it, its confusing.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    unplanned  ·  0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support url redirection in internet explorer

    Most company still use internet explorer.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
2 Next →
  • Don't see your idea?

Feedback and Knowledge Base