Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow Azure AD Password Reset auth info re-confirm to be disabled by app

    Allow Azure AD Password Reset authentication information re-confirm to be disabled by app. This setting is defaulted to 180 and can be changed or globally disabled.

    While it is nice to remind users to verify their authentication proofs are still valid, having this on breaks seamless SSO flows when it is configured for things like ZScaler.

    The user is suddenly prompted for interaction in a flow that otherwise is normally handled in the background.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  2. Language switcher for Self Service Password Reset

    Currently (November 2017) The language of the Self Service Password Reset pages are based on your browser language. The only way to change the language the pages are presented in is to change your browser language. This is not always possible or desired. If a user doesn't have access to their own computer because they're locked out or have forgotten your password, and they go to a coworkers machine or a kiosk machine they may not have access to change the browser language (or know how).

    Please provide a site-based language switcher to override the browser language for presenting the…

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add Atlassian Jira & Confluence

    Add IAM support for Attlasian Jira and Confluence. Also Xero BambooHR, and 10000ft

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Your app request has been declined. However, if you still want us to add SSO or User Provisioning for this application, please make sure you go to aka.ms/aadapprequest and add your request to the new forum. We will be paying close attention to the app request posted. Make sure you follow the guidelines to increase visibility of your request.

  4. Enhance ACS Error Reporting

    Error reporting via a limited number of error codes is essentially worthless for debugging purposes -- http://msdn.microsoft.com/en-us/library/windowsazure/gg185949.aspx.

    When trying to set up a federation relationship with other organizations who might support WSFed (but aren't using WIF) a lot more detail is needed to troubleshoot issues... You shouldn't have to submit a support ticket every time you need to find the details behind a Trace Id. Thanks!

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    declined  ·  Anonymous responded

    The Azure Active Directory team has aligned its resources behind services in Azure Active Directory. This effort will eventually replace functionality available in ACS. The blog post – http://blogs.technet.com/b/ad/archive/2013/06/22/azure-active-directory-is-the-future-of-acs.aspx – provides a high-level overview of this transition. The ideas posted around ACS have been collected and passed to the team. We will close out ideas posted around ACS to return votes used on this topic. Please feel free to post additional ideas here, and/or email me directly – robert.faller@microsoft.com.
    The Azure Active Directory team greatly appreciates the feedback. We look forward to hearing from the community as much as possible. It is one of the essential ways we can continue to create and enhance our service offerings to meet your needs. Thank you.

  5. multiple AADConnect services in single domain to support SSO

    AADConnect topology - https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-topologies#each-object-only-once-in-an-azure-ad-tenant

    I have a customer that single forest single domain but multiple AADConnect services running to multiple different Azure AD.

    The customer want to implement the SSO and the limitation says "The single sign-on (SSO) option for password hash synchronization and pass-through authentication can be used with only one Azure AD tenant."
    This is because the AADConnect only create AZUREADSSOACC computer object and it only can created once in forest level so it will be hard for other multiple AADConnect.
    Did anyone know any chance to talk to the AADConnect team and to allow create an alternative…

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  6 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  6. Can we customise the page you're taken to after self-service password resetting/registering/changing?

    Right now after registering, resetting or changing passwords you're left in either a dead-end page, or a strange azure apps page which our users are not familiar with.

    Can we set a page that users are directed to after they have registered or reset/changed their password?

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure AD Join and SSO in IE/Edge

    I use Windows 10 Anniversary Update with Azure AD Join. My Azure AD account is also my Office 365 account.

    First time SSO to https://portal.office.com or https://account.activedirectory.windowsazure.com/ works perfectly in Internet Explorer and Edge. If my session is long (many hours or days), SSO breaks. Browser tells: "Sign in again. For security purposes, this application requires you to sign in again". Especially this if annoying, if I use PIN code for Windows sign in instead of username/password.

    Sometimes deleting browser cache or computer reboot fixes the problem, and SSO works again. This might also be a problem in IE or…

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure AD password protection

    Add the possibility when using the Azure AD Password Protection feature that if you would ban the word "Contoso" as a password that also varations to this word or sentinces with this word are forbidden. For example "Contoso 2018" or "Contoso is great".

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →

    The private preview version of password protection explicitly banned entries that were on the global and custom banned password lists. Feedback early on was that users were having an incredibly difficult time configuring passwords. Password protection was then moved to a points based algorithm to strike a balance between security and usability. The current algorithm blocks a wide variety of weak passwords while giving users enough flexibility to configure a strong password

  9. Custom domain in ACS

    In order to seamlessly use ACS with multiple Identity Providers, we need to set up ACS with a custom domain, such as auth.mydomain.com.
    That way, when the user is asked by the Identity Provider to grant access to the Relying Party, it will show auth.mydomain.com, instead of project.accesscontrol.windows.net.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
    declined  ·  Anonymous responded

    The Azure Active Directory team has aligned its resources behind services in Azure Active Directory. This effort will eventually replace functionality available in ACS. The blog post – http://blogs.technet.com/b/ad/archive/2013/06/22/azure-active-directory-is-the-future-of-acs.aspx – provides a high-level overview of this transition. The ideas posted around ACS have been collected and passed to the team. We will close out ideas posted around ACS to return votes used on this topic. Please feel free to post additional ideas here, and/or email me directly – robert.faller@microsoft.com.
    The Azure Active Directory team greatly appreciates the feedback. We look forward to hearing from the community as much as possible. It is one of the essential ways we can continue to create and enhance our service offerings to meet your needs. Thank you.

  10. 6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
    declined  ·  Anonymous responded

    The Azure Active Directory team has aligned its resources behind services in Azure Active Directory. This effort will eventually replace functionality available in ACS. The blog post – http://blogs.technet.com/b/ad/archive/2013/06/22/azure-active-directory-is-the-future-of-acs.aspx – provides a high-level overview of this transition. The ideas posted around ACS have been collected and passed to the team. We will close out ideas posted around ACS to return votes used on this topic. Please feel free to post additional ideas here, and/or email me directly – robert.faller@microsoft.com.
    The Azure Active Directory team greatly appreciates the feedback. We look forward to hearing from the community as much as possible. It is one of the essential ways we can continue to create and enhance our service offerings to meet your needs. Thank you.

  11. Rename Domain - (ADDS) Active Directory Domain Services

    Allow renaming the Domain set in ADDS

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow HeartBeatIntervalInMilliseconds to be configured.

    We need to be able to reduce the Heartbeat Interval to prevent a timeout issue through our proxy server. Editing the configuration settings would help.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  13. Azure AD Connect GUI Setup: Support "Browse" button for service accounts

    Please add a "Browse" button in th Azure AD Connect setup guide for finding service accounts in Active Directory. You should also validate the entry for gMSA / MSA accounts that they end with "$".

    Remove/disable the "Password" textbox when using a managed service account. It seems confusing to the users.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  14. Boxcryptor

    Please add Boxcryptor to the Marketplaze for Azure AD authentication and authorization.

    https://www.boxcryptor.com/en

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Your app request has been declined. However, if you still want us to add SSO or User Provisioning for this application, please make sure you go to aka.ms/aadapprequest and add your request to the new forum. We will be paying close attention to the app request posted. Make sure you follow the guidelines to increase visibility of your request.

  15. Azure AD SSO App Request: N-Able

    Please add the following application to Azure AD SSO
    Category: IT Management

    http://www.n-able.com/

    Ref: http://azure.microsoft.com/en-us/marketplace/active-directory/

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    Your app request has been declined. However, if you still want us to add SSO or User Provisioning for this application, please make sure you go to aka.ms/aadapprequest and add your request to the new forum. We will be paying close attention to the app request posted. Make sure you follow the guidelines to increase visibility of your request.

  16. Nested Group in Azure AD B2C

    We are having a need to use nested group in AD B2C to simplify our group membership assignment and it is currently not available for AD B2C (it is for normal AD). Please considering add this feature.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  17. Azure SSPR

    We don't want SSPR to follow the on-premise "minimum password age" policy to reset the password. The “Minimum password Age” is set to 2 Days in on-premise only for password change scenario and not for password reset.

    Pls advice how we can set SSPR to reset the password by ignoring the on-premise AD password history and minimum password age policy values.

    Disadvantage: If user forgot the password that he/she recently changed or they want to change more stronger password then either they've to wait for 2 days or ended up calling helpdesk. Other 3rd party tool doesn't have this challenge.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

    Hello,

    If you are using password writeback, we don’t have a way to ignore specific parts of your AD password policy. We don’t have plans to implement this feature at this time. Please let us know if you have any additional thoughts or questions.

    Thanks!
    Sadie Henry (sahenry)

  18. Please enable user provisioning for NetSuite

    Please enable the user provisioning feature in NetSuite. Currently, the only SaaS applications that are supported for user provisioning are listed here.

    https://azure.microsoft.com/en-us/documentation/articles/active-directory-saas-app-provisioning/

    I also tried testing it. The notification says that user provisioning was successful, however, upon checking in NetSuite, the users were actually not created.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Your app request has been declined. However, if you still want us to add SSO or User Provisioning for this application, please make sure you go to aka.ms/aadapprequest and add your request to the new forum. We will be paying close attention to the app request posted. Make sure you follow the guidelines to increase visibility of your request.

  19. Integration with Skillsoft and workforcehosting

    SSO with Skillsoft and workforcehosting.com

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Your app request has been closed. However, if you still want us to add SSO or User Provisioning for this application, please make sure you go to aka.ms/aadapprequest and add your request to the new forum. We will be paying close attention to the app request posted. Make sure you follow the guidelines to increase visibility of your request.

  20. Azure AD SSO: Netsuite OpenAir

    Please add Azure AD SSO support for Netsuite OpenAir. There's currently Azure AD SSO support for Netsuite but sadly the NetSuite OpenAir marketplace app is just a redirect. Thanks.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Your app request has been declined. However, if you still want us to add SSO or User Provisioning for this application, please make sure you go to aka.ms/aadapprequest and add your request to the new forum. We will be paying close attention to the app request posted. Make sure you follow the guidelines to increase visibility of your request.

  • Don't see your idea?

Feedback and Knowledge Base