Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow Directory Extensions as claim in SAML Token

    This idea is essentially a re-post of https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/32988082-support-directory-extensions-as-saml-token-attribu which was incorrectly marked as completed as the response given didn't address the issue whatsoever.

    If you create a directory extension attribute there doesn't seem to be way to include it as a claim (ie. set the value to 'user.mycustomextension') when configuring the SAML Token Attributes for an application. I have tried specifying the full extension attribute name however it becomes wrapped in quotation marks and is sent as a string literal instead (see screenshot).

    I have found that you can include a directory extension attribute as an optional claim in the…

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  2. IPv6 Whitelisting option in Azure Multi-Factor Authentication

    The Azure Multi-Factor Authentication server software only allows IPv4 whitelisting. IPv6 whitelisting would be great for the future.

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Hybrid Joined Devices support with FIDO2

    I realise the support for FIDO2 logins with Azure AD was only just released recently, but what timeline is there for support for hybrid joined devices login?

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow creation of custom directory roles in Azure AD

    Being able to create custom directory roles in Azure AD can allow Administrators the ability to grant users custom tailored roles in Azure AD. One example would be allowing the security office in your organization access to the risky events and risky users tabs with the ability to close,reopen, or mark for false positive without having to give them permissions that they do not need. This essentially takes the idea of "least privileged roles" and expands it to allow for further customization.

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →

    Hi,
    This is duplicate of – https://feedback.azure.com/forums/169401/suggestions/12868950 . Latest status of Azure AD custom roles will be updated there.

    Just a quick update here. We’re still actively working on support for custom roles (RBAC) across Azure AD. Stay tuned for more announcements in the next couple of months.

    You can have a look at what we’ve shipped thus far (custom roles for application registration management) here – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview.

    Abhijeet Sinha
    Azure AD RBAC team

  5. AAD connect as a service

    I would love to see Microsoft offering AAD Connect as a Service. Either with an agent on a DC or member server much like the pass-through auth server works. But having the sync and metaverse running in a service in the cloud.

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  3 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  6. Apply access reviews to entire enterprise application

    I would like to create an access review for ALL Teams to review guest membership so whenever someone adds an external user to their Team the review will occur. Currently I have to tell the access review policy which teams it applies to. Because my users can add their own teams I have to create a manual process to look at new teams and add them to an access review. I'd rather just apply it to the entire application so it happens with every Team that exists.

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hello all, Good news – we have made more progress on this ask! We started private preview of reviews on all guests in Teams/Office groups. Please fill out this form to be included in the private preview! We look forward hearing your feedback, working together to improve this feature, and sharing more updates with you very soon! bit.ly/ARGuestsInTeamsPP

    - Fionna

  7. Ability to to remove or customise the default message that we get during SSPR password reset via login screen for Win10 machines.

    Need the ability to remove or customize the default message that we get during SSPR password reset via login screen on Win10 machines. It says '8-16 characters, case sensitive, one number or symbol". This message is conflicting for the end-users as the organizations password policy may not be as stated in the hardcoded message. We need a way to customize it or remove it so that it doesn't confuse end-users.
    Also an important thing to note is that this message is not available when we use SSPR via the online link https://passwordreset.microsoftonline.com/ , its only available when the SSPR reset…

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  8. aad custom roles

    Would be nice if we could create custom aad roles, might be wrong but the concept of creator/owner and being able to assign permissions to the owner role would be nice.

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →

    Hi,
    This is duplicate of – https://feedback.azure.com/forums/169401/suggestions/12868950 . Latest status of Azure AD custom roles will be updated there.

    Just a quick update here. We’re still actively working on support for custom roles (RBAC) across Azure AD. Stay tuned for more announcements in the next couple of months.

    You can have a look at what we’ve shipped thus far (custom roles for application registration management) here – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview.

    Abhijeet Sinha
    Azure AD RBAC team

  9. Assign directory roles to groups

    Allow the ability to assign Groups to directory roles for better RBAC implementations. As an example, I would like to assign the role "Application Administrator" to a group using the cmdlt add-MsolRoleMember -RoleObjectId "objectID" -RoleMemberType Group -RoleMemberObjectId "objectID" but even though the switch for group is available, it is not supported. So I have to add every single individual user to this role (and many others) in order to extend our on-prem RBAC model to Azure. This is not scalable.

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →

    Hi,
    Assigning cloud groups to built-in roles is in public preview starting today. Thanks a ton for all the great feedback that you shared with us. Here’s the published documentation -

    https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-groups-concept

    https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-features

    Next steps —> Support for custom roles and on-prem groups. Stay tuned!

    This feedback is similar to – https://feedback.azure.com/forums/169401/suggestions/12938997. Latest status of assigning groups to Azure AD roles will be updated there.

    Regards,
    Abhijeet Kumar Sinha
    Azure Active Directory Team

  10. msFVE-RecoveryInformation sync

    I can see in Azure AD the device can store Bitlocker encryption keys. I have been able to directly store bitlocker keys to Azure. My issue is that I have computers with bitlocker enabled and the bitlocker information stored in on-prem AD. Currently there is no way to synchronize the on-prem bitlocker keys with the Azure Hybrid connected device. I think this should be included in the ADconnect tool, especially since the msFVE-RecoveryInformation object is a sub-object of the device.

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Devices  ·  Flag idea as inappropriate…  ·  Admin →

    We are currently working with Intune to provide a cloud based Bitlocker management solution that will work for both Azure AD joined and Hybrid Azure AD joined devices. We will update this thread once we have more information to share.

  11. Attribute Validation with Azure Functions.

    Would like the capability to provide method which allows post-validation for attributes using Azure Functions. It could be setup as a post-validation policy as well, which could specify the Azure Function(s) required to validate the attributes attached to it.

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  12. 12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  3 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  13. PowerShell module to manage and configure Azure RM PIM roles

    It is tedious and error-prone to manually configure PIM roles on multiple individual resources/resource groups through the portal. Would be nice to have a PowerShell module to make this task easier.

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. B2C analytics and reporting

    It would be great if there was some kind of reporting or/and analytics for B2C in Azure. For example can we find the successful user sign-ins or the total user count in B2C (greater than 1000)? You can see the user count lower than 1000 in the Azure AD blade -> Users and groups -> Overview.

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    We are working on offering a set of Power BI reports with analytics about your Azure AD B2C tenant, including: user counts, active users, registrations, and conversion rates. These reports will be available as a Power BI content pack.

    There’s a private preview of this feature. If you have a subscription to Power BI Pro and want to join the preview, send an email to aadb2cpreview@microsoft.com with the name of your B2C tenant.

    /Sergio

  15. search

    Currently the group search in azure active directory is done on the base of “Starts with”
    I'd like to have extended search capabilities, like "include" "end with" "exclude" and so on

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback! Our feature team is happy to announce that we’ve released the Enhanced Groups experience preview which includes improvements for search, sorting, and filtering of groups. This preview adds capabilities like substring search on groups lists and new member search.

  16. Test Authentication Request (Synthetic Transaction) failed to obtain a token.

    Hi Team,

    I am receiving ADFS alerts as mentioned in the subject, but while I test the ADFS Server health, the test is getting passed. But I offen get this alert, can some one help me in fixing this.

    thanks in advance.

    Regards,
    Naveen Ramakrishnan

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  17. Export of Roles and assignments in AAD

    In 365 we can get a csv file showing users role assignments. I would like the same in Azure AD.

    User name, Assigned role option to export as a SINGLE CSV file.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →

    We shipped ability to export role assignments in Azure AD portal on a per role basis. Next step is ability to export assignments for all roles in one go.

    Try this –
    Azure portal —> Azure Active Directory —> Roles & admin —> {role} —> Download role assignments

    Thanks,
    Abhijeet Kumar Sinha
    Azure AD RBAC team

  18. Remove the option to enable phone sign-in in Microsoft Authenticator App

    As we've disabled the option to enable passwordless in our Tenant, it would be helpful to remove / disable the option to enable phone sign-in in MIcrosoft Authenticator APp so the users won't be able to enable something that is not enabled for the company.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Alert on 80% and 90% usage for SQL Server 2012 Express LocalDB with 10GB size limit

    Please add some monitoring for the database size for Azure AD Connect with a SQL Server 2012 Express LocalDB (10GB size limit).

    Customers needs to be made aware before they hit the limit. Send alerts when customer hit 8-9GB usage on the DB.   

    https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-prerequisites

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support Github identity

    Would be great to extend the list of identity providers with GitHub, Azure AD and other identity providers to make our end-customers life easier.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    This is available in private preview and we’re actively looking for customers to try it out and give us feedback.
    If you’re interested, contact us at aadb2cpreview@microsoft.com with the following info:
    – TenantName (x.onmicrosoft.com)
    – Description of your app and why GitHub is relevant
    – Estimated user count (total to the app and specific to GitHub)

  • Don't see your idea?

Feedback and Knowledge Base