Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. FIM Portal Create RCDC's flexiblity (Allow Custom Events)

    Allow Custom Events on Controls in RCDC so that it is possible to set some Checkboxes in the RCDC to true or false.
    Example:
    UocRadioControl with Option like SharedMailbox, RoomMailbox, EquipmentMailbox.

    Based on that it should be possible to define which Attributes or groupings are visible.
    This give more flexibility on creation RCDC's.

    29 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  2. Improve Device Listing Page - Export, sort, filter

    The All Device listing in Azure Active Directory has good information but you can not export it, sort it or filter efficiently.

    Would really appreciate the typical 'Export' option.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  3. domain services

    Upgrade the Azure AD Domain Services Domain Controllers to be Windows Server 2016 instead of Windows Server 2012 R2.

    We've switched to having our domain be AAD Domain Services and connected to our Office 365 domain and we'd like to enable Windows Hello for Business, but until those domain controllers are upgraded we can't utilize it. This makes the nice fingerprint scanners on our new machines useless.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  4 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  4. Conditional Access for B2B Guest users

    For Conditional Access Policy applicable for B2B Guest Users, in Azure AD > CA Policy we do not have option for selective selection of B2B Guest users under 'Users and Group' section in CA Policy. But for Cloud Member users we have option for selective selection of users. Why we don't have same capability and functionality kept for B2B Guest for which we have for Cloud Member users in CA Policy? Also why we are saying it as Preview Mode?

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →

    We’re reviewing this item. Currently you can apply policy to specific B2B guests using the option to select users and groups. Are there users missing from that list, or is the suggestion to have a filtered list of only B2B users under the guest checkbox?

  5. Customize the Azure AD Application Proxy Gateway errorpage

    When you are using the Application Proxy Gateway and there is some error in the connection, e.g. user is not authorized or there is a timeout, you get a error page that is not company branded. See the attached picture.

    It would be nice if it was possible to either use the existing company branding or add separate branding to that error pages.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add dynamic validation rules to Self Service Password Reset

    When trying to reset your password via Azure SSPR with writeback to onprem AD, you currently don't get much detail as to why a password reset may have failed (not enough characters, not complex enough, etc). Our on-prem password reset tool can validate your new password as you type so that you can make sure the new password meets your company policies and it would be great if Azure SSPR could do this to. Even just more details on why a password reset fails would be of great help to end users.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback! We will take this into consideration and welcome any specific ideas or feedback you have in the meantime. Would you like to see some sort of custom password strength meter? Or maybe just text that tells the user what the on-prem password policy is? Thank you in advance!

    Sadie Henry (sahenry)

  7. AAD Connect Cloud Provisioning: Add support for password writeback

    Currently Cloud Provisioning does not support password writeback, so using Azure AD SSPR with on-Prem synched passwords is not possible.

    Would be great to have that as one of the first enhancements of Cloud Provisioning

    26 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  3 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support Managed Service Identity on VMs in Azure Batch Pool

    Enabling MSI for Windows VMs created by an Azure Batch Pool would allow us to use this service in Azure Data Factory .Net custom code activities running on Azure Batch.

    26 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add passwordless sign-in for Apple Watch

    The password less sign-in option only works with the authenticator app on the phone and not on the Apple Watch ("Request type not supported on your watch"). It would be most convenient to be able to have this supported on the Apple Watch as well.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  10. HAve the ability to use all Azure AD user attributes for Customize claims available for Azure AD SAML token.

    Allow the use of all Azure AD User attributes in a claim, currently we have a requirement to add Azure AD synced attributes to be sent as a claim for SAML authentication. for example, attributes such as 'Manager' or 'immutable ID' are not supported. Can we have the option to use all available attributes as part of the claim.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure Active Directory Seamless Single Sign-On - Multi-tenants in a single forest hosting environment.

    We have multi-tenants in a single forest hosting environment synchronizing different customers (each in a different OU) to their own O365/Azure AD tenant account. At the current moment, Seamless Single Sign-On only supports one O365/Azure AD tenant for sign on in the current setup we have. This is due to a computer created called AZUREADSSOACC in Windows AD. We want to adopt the Seamless Single Sign-On but as it only supports one O365/Azure AD tenant for sign on we cannot use it.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  5 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. More control over FIMService MA

    FIMService MA being treated as a special one (no transforms, MRE control etc)

    In some cases we need more control on FIMService MA where we can do controls like any other MA. We have seen reverse joins also not working very well and in a DR scenario FIMService MA caused issues for us..

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. Access package policy for dynamic assignment

    The ability to have a policy to dynamically assign access packages automatically to users, based on criteria / filters is very important, as this will greatly improve an organizations ability to provide a set of default access packages to their users based on division, company, etc.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Entitlement Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Ability to export results from the Metaverse Search screen in sync engine

    Ability to export results from the Metaverse search screen in sync engine. This was an idea mentioned while I was out on client site. When one does queries the the "Metaverse Search" tab of the sync engine there is no way to save the results a csv or excel file. You could obviously query the backend SQL database but this isn't very customer friendly.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  15. Do not require database SysAdmin privilege for installation/upgrade of MIM

    Requiring the highest level of privilege for installing and updating MIM is not seen as acceptable by Database Administrators as it causes security concerns, especially in an environment where databases use shared hardware. In the UK/EU and probably equivalents elsewhere, this is of particular concern for organisations that need to adhere to PCI DSS (Payment Card Industry Data Security Standard) or GDPR (General Data Protection Regulation).

    The MIM installer should require the least privileges it needs to do it's job so that the database administrator can define a role that meets these requirements. Anything that truly needs to be done…

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  16. Workday to AAD/AD provisioning query scope

    Workday to AD/AAD provisioning
    please add the ability to scope the query passed to getworkers api. For instance, pass to getworkers company=schoolA.
    Workday is now implementing shared tenants in the EDU space. In a shared tenant, the current query to get_workers pulls all workers and then allows scoping. but the worker data for all schools has to be pulled before it can be scoped. The result is AAD audit logs saturated with other schools employee data. Also need to be able to control audit data written to azure activity logs, or at least be able to clear the…

    20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support tags for Azure AD Domain Services

    Considering adding support for Azure Tags in Azure AD Domain Services. Azure Ad Domain Services is nearly to only service that does not support tags in Azure.

    @Erin

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  18. Include an AAD Connect Health Gateway for DCs without internet connectivity

    An easy to configure gateway install similar to the OMS gateway to act as a proxy for servers without internet connectivity would be a useful addition.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  19. Administration of Self Service Password Reset

    I suggest adding two controls in Azure AD user configuration relating to self-service password reset.

    1) Disable SSPR.
    Turning this on would temporarily prevent the user from using SSPR without changing their configured account verification information. It would block both password reset attempts and attempts to change the account verification information. This feature would be useful when we need to lock out a user by changing their password and still be able to access their account. We're a school and this situation comes up from time to time in the course of disciplinary activities.

    2) Clear account verification information.
    This…

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback!

    For the first suggestion, how would this functionality differ from simply blocking a user? Do you want to be able to change their password while they’re blocked?

    For the second suggestion, we are working on an API and UX that gives an admin the ability to clear authentication methods (i.e. phone, email, etc.) for a user so that they are re-prompted to register when they next sign in.

    Sadie Henry (sahenry)

  20. 18 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base