Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Support HSTS HTTP Strict-Transport-Security on Azure AD Application Proxy
Support HSTS HTTP Strict-Transport-Security on Azure AD Application Proxy. Currently the Azure Application Proxy does not support the Strict-Transport-Security header. Please make App Proxy support this and maybe other customizable headers for DHS BOD 18-01 compliance. https://cyber.dhs.gov/bod/18-01/ The On-prem solution (Web Application Proxy) is also not compliant.
12 votesWe’re working on a feature to enable this as a setting on an application. If you would like this enabled for your tenant as part of a preview please reach out to aadapfeedback@microsoft.com.
-
Access review
Option to include non user Service principals in Access review of Azure PIM resource roles.
All Elevated members access ( owners , contributors) to Azure subscription need to be reviewed as part of SOX compliance and currently Non user service principals ( like VSO Service principals used for automated deployments in Azure) are not included in the Access reviews initiated for Azure Resource roles.
12 votes -
Ability to to remove or customise the default message that we get during SSPR password reset via login screen for Win10 machines.
Need the ability to remove or customize the default message that we get during SSPR password reset via login screen on Win10 machines. It says '8-16 characters, case sensitive, one number or symbol". This message is conflicting for the end-users as the organizations password policy may not be as stated in the hardcoded message. We need a way to customize it or remove it so that it doesn't confuse end-users.
Also an important thing to note is that this message is not available when we use SSPR via the online link https://passwordreset.microsoftonline.com/ , its only available when the SSPR reset…12 votesHey folks! We are getting this fixed. I will update you once the fix is fully rolled out. Thanks for your feedback!
-
Attribute Validation with Azure Functions.
Would like the capability to provide method which allows post-validation for attributes using Azure Functions. It could be setup as a post-validation policy as well, which could specify the Azure Function(s) required to validate the attributes attached to it.
12 votesWe are making this feature available through custom policies. We expect this to be available in public preview in the next few weeks. More details to come.
-
Azure AD Connect Tool - Add option to export all inbound and outbound rules in one click
As the subject line says it.
12 votes -
search
Currently the group search in azure active directory is done on the base of “Starts with”
I'd like to have extended search capabilities, like "include" "end with" "exclude" and so on11 votesThank you for your feedback! Our feature team is happy to announce that we’ve released the Enhanced Groups experience preview which includes improvements for search, sorting, and filtering of groups. This preview adds capabilities like substring search on groups lists and new member search.
-
Test Authentication Request (Synthetic Transaction) failed to obtain a token.
Hi Team,
I am receiving ADFS alerts as mentioned in the subject, but while I test the ADFS Server health, the test is getting passed. But I offen get this alert, can some one help me in fixing this.
thanks in advance.
Regards,
Naveen Ramakrishnan11 votesUpdate the status
-
Export of Roles and assignments in AAD
In 365 we can get a csv file showing users role assignments. I would like the same in Azure AD.
User name, Assigned role option to export as a SINGLE CSV file.
10 votesWe shipped ability to export role assignments in Azure AD portal on a per role basis. Next step is ability to export assignments for all roles in one go.
Try this –
Azure portal —> Azure Active Directory —> Roles & admin —> {role} —> Download role assignmentsThanks,
Abhijeet Kumar Sinha
Azure AD RBAC team -
Apply access reviews to entire enterprise application
I would like to create an access review for ALL Teams to review guest membership so whenever someone adds an external user to their Team the review will occur. Currently I have to tell the access review policy which teams it applies to. Because my users can add their own teams I have to create a manual process to look at new teams and add them to an access review. I'd rather just apply it to the entire application so it happens with every Team that exists.
10 votesHello all, Good news – we have made more progress on this ask! We started private preview of reviews on all guests in Teams/Office groups. Please fill out this form to be included in the private preview! We look forward hearing your feedback, working together to improve this feature, and sharing more updates with you very soon! bit.ly/ARGuestsInTeamsPP
- Fionna
-
msFVE-RecoveryInformation sync
I can see in Azure AD the device can store Bitlocker encryption keys. I have been able to directly store bitlocker keys to Azure. My issue is that I have computers with bitlocker enabled and the bitlocker information stored in on-prem AD. Currently there is no way to synchronize the on-prem bitlocker keys with the Azure Hybrid connected device. I think this should be included in the ADconnect tool, especially since the msFVE-RecoveryInformation object is a sub-object of the device.
10 votesWe are currently working with Intune to provide a cloud based Bitlocker management solution that will work for both Azure AD joined and Hybrid Azure AD joined devices. We will update this thread once we have more information to share.
-
Support Github identity
Would be great to extend the list of identity providers with GitHub, Azure AD and other identity providers to make our end-customers life easier.
10 votesThis is available in private preview and we’re actively looking for customers to try it out and give us feedback.
If you’re interested, contact us at aadb2cpreview@microsoft.com with the following info:
– TenantName (x.onmicrosoft.com)
– Description of your app and why GitHub is relevant
– Estimated user count (total to the app and specific to GitHub) -
Managed Whitelist of Enterprise Applications
Please provide facility to whitelist which 3rd party applications are 'approved'.
Ideally this would be more than just single 'bit' of information, and allow multiple lists - for example, a whitelist for 'regular company business' and another for TOPSECRET, to be integrated with other parts of the azure framework, such as being used in Conditional Access Policy and the EMS E5 features.
Currently OAuth consent by any user will automatically register an application and this cannot be disabled. Blacklist is possible, but whitelist is not without completely removing ability for users to manage their own consent, which is undesirable from…
8 votesWe have started worked on this features. For an initial release, we’re thinking on allowing admins to select the set of permissions users will be able to consent.
-
Enterprise Application
Create a SSO/Enterprise Application Admin role similar to Intune/Sharepoint admin role. Allow the delegation of the SSO and enterprise applications to an admin other than the global tenant admin.
8 votesWe are working on this now. Stay tuned for upcoming announcements.
-
Allow ICMP/Ping through NSG
The lack of the most BASIC functionality such as PING has forced my CTO to prevent the renewal of a $140,000 Enterprise Agreement. Our clients use external monitoring software. Amazon Web Services and Google Cloud Engine allow this, yet Microsoft's "Excuse" is that it is a security risk (It isn't, and anyone saying it is, is lying.)
Without Ping, I cannot approve the renewal of the contract. Please add Ping before I must also revoke our subsidiaries contracts with Azure!
8 votesWe have started to work on ICMP support for NSGs.
- Anavi N [MSFT]
-
Alert on 80% and 90% usage for SQL Server 2012 Express LocalDB with 10GB size limit
Please add some monitoring for the database size for Azure AD Connect with a SQL Server 2012 Express LocalDB (10GB size limit).
Customers needs to be made aware before they hit the limit. Send alerts when customer hit 8-9GB usage on the DB.
8 votesThank you Peter for the feedback! Azure AD Connect Health team is working on this alert and should be available very soon.
-
REST API callout
Support for calling REST APIs at the start and end of end user sign-up, sign-in and other flows.
8 votesThis feature is now available in public preview through custom policies. Check out some examples here:
/Parakh
-
Make the AD Raw logs (event/logs) avaiable for SIEM monitoring
Been subscribed to Azure AD as an organization, it's hard to monitor scurity events realtime using SIEM solution without having access to Raw event logs. Although Audit log report offers what to extract out as a report but realtime monitoring to events for organizational domain is unavailable. This is quite crutial. oraganization doesn't have access to its own domain security events.
8 votesThanks for the feedback! Have you had a look at the Azure AD Reporting API? This will allow you to feed the reporting data from the Azure AD reports directly into your SIEM. See the following article: https://azure.microsoft.com/en-us/documentation/articles/active-directory-reporting-api-getting-started/
(I’m marking this as “started” and not “completed” because the API is still in Preview—feedback is welcome!)
Philippe Signoret
Program Manager, Azure Active Directory -
Enable "Sign in with a security key" option from any sign-in page (e.g. in case of frequency passed)
End-user experience of password-less sign-in options is broken in some user scenarios.
Example: The "Sign in with a security key" option is not available on sign-in page after the sign-in frequency passed (Conditional Access session policy).
7 votesThis is something currently working on to resolve.
-Libby Brown
-
Remove the option to enable phone sign-in in Microsoft Authenticator App
As we've disabled the option to enable passwordless in our Tenant, it would be helpful to remove / disable the option to enable phone sign-in in MIcrosoft Authenticator APp so the users won't be able to enable something that is not enabled for the company.
7 votes -
Add Azure Active Directory Role Customization
Add a Role Customization for Azure AD Roles to get more specified permission settings in Azure AD
7 votesHi,
Just a quick update here. We’re still actively working on support for custom roles (RBAC) across Azure AD. Stay tuned for more announcements in the next couple of months.You can have a look at what we’ve shipped thus far (custom roles for application registration management) here – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview.
Regards,
Abhijeet Sinha
Azure AD RBAC team
- Don't see your idea?