Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Make provision sync on demand
Make provision sync on demand for testing purpose.
User and group sync normally takes about 5~30 minutes. It is very inconvenient and inefficient for testing. Azure AD should allow on demand sync when it is testing phase and the total users are less than a numbers, for example 50.
7 votesWe have an initial version of this publicly available – aka.ms/provisionondemanddocumentation
/Arvind
-
A GUI interface for edit or create custom role on Azure
A GUI interface for edit or create custom role on Azure.
Currently any custom role create / edit needed to change by powershell, a GUI interface is more user friendly and easy to manage for customer admin.
7 votesHi,
We have started working on custom roles.
Here’s how you can create a custom role using GUI – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-create-customAbhijeet Sinha
Azure AD RBAC team -
Searching & Filtering in the Portal
We should be able to search and filter within the portal in a much more complete way than we can today.
Today, you can mostly search for startwith of a upn/name of a user. This is super limiting, so I go back and live in PowerShell to do anything more than a simple name search.
And if we want to filter, you can use show all users, or guest users only.Give us the ability to search / filter / sort / export any attribute available to us.
This extrapolates to Groups and other object types too.
7 votesThank you for your feedback! Our feature team is is looking into options for addressing this scenario for users. For now, we are happy to announce that we’ve released the Enhanced Groups experience preview which includes improvements for search, sorting, and filtering of groups. This preview adds capabilities like substring search on groups lists and new member search.
-
AADC Health - Notification when AADC Scheduler is disabled
Send a notification when AADC Scheduler is disabled or when sync didn't happen for x number of hours/days.
7 votesThanks for the feedback!
This is in our backlog and our engineers are working on the new alert. -
AADConnect - Generate Preview
When viewing an object in AADConnect and generating a preview based on full or delta imports... it should actually go and perform the full or dela import of that specific object when you perform that action. If i'm troubleshooting an issue in a large directory environment, I dont want to have to wait 6 to 12 hours for a full import, full sync to run after making each change... It seems logical that i could update a directory object or an AADConnect rule and go preview the impact of those changes on a single object without having to import the…
7 votes -
Azure AD Connect "PasswordNeverExpires" Attribute not synced correctly
Last tests done with version 1.1.443.0 of AAD Connect
The User Attribute "PasswordNeverExpires" is not synced correctly from OnPremise to AAD (when doing an inital sync of an user account). Furthermore later changes of this Attribute are not synced correctly to the AAD.
I had different/random results when testing with this. Sometimes the initial value was transfered correctly to the Cloud accounts but the a change was not synced. Sometimes directly the initial value was wrong (when syncing a user the first time).
Kind Regards
Robin K.7 votes -
7 votes
This is currently in progress. Many of our articles have been updated in the past weeks and we’ll continue updating the rest.
/Saca
-
PowerShell module to manage and configure Azure RM PIM roles
It is tedious and error-prone to manually configure PIM roles on multiple individual resources/resource groups through the portal. Would be nice to have a PowerShell module to make this task easier.
6 votes -
Search users
Find group or user by contains or *
I can only find a specific groups if I know how the name starts, with several hundreds of groups and users, this is not how i remember this. Support
partofname6 votesThank you for your feedback! Our feature team is is looking into options for addressing this scenario for users. For now, we are happy to announce that we’ve released the Enhanced Groups experience preview which includes improvements for search, sorting, and filtering of groups. This preview adds capabilities like substring search on groups lists and new member search.
-
B2C analytics and reporting
It would be great if there was some kind of reporting or/and analytics for B2C in Azure. For example can we find the successful user sign-ins or the total user count in B2C (greater than 1000)? You can see the user count lower than 1000 in the Azure AD blade -> Users and groups -> Overview.
6 votesWe are working on offering a set of Power BI reports with analytics about your Azure AD B2C tenant, including: user counts, active users, registrations, and conversion rates. These reports will be available as a Power BI content pack.
There’s a private preview of this feature. If you have a subscription to Power BI Pro and want to join the preview, send an email to aadb2cpreview@microsoft.com with the name of your B2C tenant.
/Sergio
-
Allow quick search and find of user
When activating Freshdesk for users, I have to manually scroll through pages and pages, until I see the name on the list. But it would be great to have an option to quickly find the user from the list (something like a search bar or the use of Ctrl +F).
6 votesGreat suggestion and we are working on making this experience and many others with regards to users, groups and apps in the portal when we release Azure AD in the new Azure Portal in a few months.
/Brjann Brekkan
-
Access Review Process needs to be complete
Access Reviews don't reflect the azure ad recommendation (example: user not logged for last 30 days etc.) for reviewers of 3rd party SaaS applications. Also, will be great to automate the line manager for each user as the access reviewer, as it would help in larger organisations to better manage and speed up the review process
5 votesHi Niket,
Thanks for the suggestion! Good news is that both of your asks are on our roadmap! Are you using Log Analytics in AAD? We’re working to integrate with the user login data in log analytics and surface those in our recommendations.
As for line managers as reviewers, does your tenant have the manager attributed populated for your users? Great if you are, because we’re working on pulling that info from the user profile page.
- Fionna
-
Azure Active Directory's Application Proxy and load balancer
How this is going to work if web servers are being behind load balancer (like a BIGIP F5 ). Thanks.
5 votesYou can use a load balancer between your connectors and applications. We are currently working on documentation around this and will update soon.
Thanks,
Jasmine -
Managed Service Identity needs new shorthand. MSI is taken
Please please get an abbreviation checker at Microsoft. MSI is already a thing. Desktop isn't quite that dead yet. I have a hard enough time keeping up, without stepping on the same 3 letter from the same company meaning completely different things!
5 votesThanks for the feedback, Jeff. We’ve updated our naming to be “Managed identities for Azure resources” we’re making our way through all the resource providers, to remove the “msi” acronym. :)
-
Force object based AD sync for automation
From a sourcing perspective we often have to deal with hybrid cloud environments. For the User Workspace (webbased) we make use of both Active Directory systems (LocalAD and AzureAD) for access control to multiple applications.
To optimize End User Experience it is neccessary to sync both Active Directory systems as fast as possible (realtime is preferred).
Antoher possible workaround is object based (specific user or group) synchronization from command line to integrate with automation tools.
5 votes -
PIM - multiple approvers required
At the moment you configure multiple approvers in the role setting details dialog. As soon a one approvers approves the request gets accepted.
I would like to have an option to require multiple approvers, that allow the request
eq. configure 5 approvers - 2 are required to approve the request4 votes -
Allow Attribute Mapping to be Re-enabled without a Reset After Being Disabled for SCIM and ServiceNow, etc. User Provisioning Syncs
To reproduce this, set up a ServiceNow sync with an Enterprise Application by putting in admin credentials and disabled the Group attribute mapping and save. There is no way to re-enable this via the UI without resetting your attribute mappings to default, which causes you to lose your customization work to the user attribute mapping.
(I'm assuming this applies to other SCIM provisioning UI's as well beyond just the ServiceNow one.)
It should be easier to re-enable a group or user object type attribute mapping without losing your customization for the other when it's disabled.
4 votesApologies for the delay in fixing this. It was a more complicated change than expected. The fix is complete and pending deployment. Should be deployed fully by end of month.
-
AAD Connect - View Current Configuration
AAD Connect - View Current Configuration needs an option to export the configuration. This should be to text file and CSV format for viewing. Also to XML format for backup and later importing of the configuration if ever needed.
4 votes -
Create seperate sign in risk policies for medium and high risk events
Would like to be able to create a seperate sign-in risk policy for medium and high risk events, medium policy would enforce MFA but let user continue working, high risk policy would block user access and preferably intiate sign out of all existing logins/tokens as this is a confirmed breech/exposure of credentials.
4 votesHey folks,
We’ve started the work on this.
@MarkMorow
-
I changed the attribute to "not set" in Azure AD but the attribute doesn't sync to Azure ADDS.
When I update the attributes, I can see the updated values on the Azure ADDS.
However, if he delete the value of an attribute (= update with not set), the value is not changed.Please correct this behavior.
4 votesWe have begun work on fixing this; the proposed change will support clearing attributes.
Erin Greenlee
Program Manager
IAM Core | Domain Services
- Don't see your idea?