Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make provision sync on demand

    Make provision sync on demand for testing purpose.

    User and group sync normally takes about 5~30 minutes. It is very inconvenient and inefficient for testing. Azure AD should allow on demand sync when it is testing phase and the total users are less than a numbers, for example 50.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Provisioning to Applications  ·  Flag idea as inappropriate…  ·  Admin →
  2. A GUI interface for edit or create custom role on Azure

    A GUI interface for edit or create custom role on Azure.

    Currently any custom role create / edit needed to change by powershell, a GUI interface is more user friendly and easy to manage for customer admin.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  3. Searching & Filtering in the Portal

    We should be able to search and filter within the portal in a much more complete way than we can today.

    Today, you can mostly search for startwith of a upn/name of a user. This is super limiting, so I go back and live in PowerShell to do anything more than a simple name search.
    And if we want to filter, you can use show all users, or guest users only.

    Give us the ability to search / filter / sort / export any attribute available to us.

    This extrapolates to Groups and other object types too.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback! Our feature team is is looking into options for addressing this scenario for users. For now, we are happy to announce that we’ve released the Enhanced Groups experience preview which includes improvements for search, sorting, and filtering of groups. This preview adds capabilities like substring search on groups lists and new member search.

  4. AADC Health - Notification when AADC Scheduler is disabled

    Send a notification when AADC Scheduler is disabled or when sync didn't happen for x number of hours/days.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  5. AADConnect - Generate Preview

    When viewing an object in AADConnect and generating a preview based on full or delta imports... it should actually go and perform the full or dela import of that specific object when you perform that action. If i'm troubleshooting an issue in a large directory environment, I dont want to have to wait 6 to 12 hours for a full import, full sync to run after making each change... It seems logical that i could update a directory object or an AADConnect rule and go preview the impact of those changes on a single object without having to import the…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure AD Connect "PasswordNeverExpires" Attribute not synced correctly

    Last tests done with version 1.1.443.0 of AAD Connect

    The User Attribute "PasswordNeverExpires" is not synced correctly from OnPremise to AAD (when doing an inital sync of an user account). Furthermore later changes of this Attribute are not synced correctly to the AAD.

    I had different/random results when testing with this. Sometimes the initial value was transfered correctly to the Cloud accounts but the a change was not synced. Sometimes directly the initial value was wrong (when syncing a user the first time).

    Kind Regards
    Robin K.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  7. 7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. PowerShell module to manage and configure Azure RM PIM roles

    It is tedious and error-prone to manually configure PIM roles on multiple individual resources/resource groups through the portal. Would be nice to have a PowerShell module to make this task easier.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Search users

    Find group or user by contains or *

    I can only find a specific groups if I know how the name starts, with several hundreds of groups and users, this is not how i remember this. Support
    partofname

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback! Our feature team is is looking into options for addressing this scenario for users. For now, we are happy to announce that we’ve released the Enhanced Groups experience preview which includes improvements for search, sorting, and filtering of groups. This preview adds capabilities like substring search on groups lists and new member search.

  10. B2C analytics and reporting

    It would be great if there was some kind of reporting or/and analytics for B2C in Azure. For example can we find the successful user sign-ins or the total user count in B2C (greater than 1000)? You can see the user count lower than 1000 in the Azure AD blade -> Users and groups -> Overview.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    We are working on offering a set of Power BI reports with analytics about your Azure AD B2C tenant, including: user counts, active users, registrations, and conversion rates. These reports will be available as a Power BI content pack.

    There’s a private preview of this feature. If you have a subscription to Power BI Pro and want to join the preview, send an email to aadb2cpreview@microsoft.com with the name of your B2C tenant.

    /Sergio

  11. Allow quick search and find of user

    When activating Freshdesk for users, I have to manually scroll through pages and pages, until I see the name on the list. But it would be great to have an option to quickly find the user from the list (something like a search bar or the use of Ctrl +F).

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. Access Review Process needs to be complete

    Access Reviews don't reflect the azure ad recommendation (example: user not logged for last 30 days etc.) for reviewers of 3rd party SaaS applications. Also, will be great to automate the line manager for each user as the access reviewer, as it would help in larger organisations to better manage and speed up the review process

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Niket,

    Thanks for the suggestion! Good news is that both of your asks are on our roadmap! Are you using Log Analytics in AAD? We’re working to integrate with the user login data in log analytics and surface those in our recommendations.

    As for line managers as reviewers, does your tenant have the manager attributed populated for your users? Great if you are, because we’re working on pulling that info from the user profile page.

    - Fionna

  13. Azure Active Directory's Application Proxy and load balancer

    How this is going to work if web servers are being behind load balancer (like a BIGIP F5 ). Thanks.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  14. Managed Service Identity needs new shorthand. MSI is taken

    Please please get an abbreviation checker at Microsoft. MSI is already a thing. Desktop isn't quite that dead yet. I have a hard enough time keeping up, without stepping on the same 3 letter from the same company meaning completely different things!

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  15. Force object based AD sync for automation

    From a sourcing perspective we often have to deal with hybrid cloud environments. For the User Workspace (webbased) we make use of both Active Directory systems (LocalAD and AzureAD) for access control to multiple applications.

    To optimize End User Experience it is neccessary to sync both Active Directory systems as fast as possible (realtime is preferred).

    Antoher possible workaround is object based (specific user or group) synchronization from command line to integrate with automation tools.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  16. PIM - multiple approvers required

    At the moment you configure multiple approvers in the role setting details dialog. As soon a one approvers approves the request gets accepted.

    I would like to have an option to require multiple approvers, that allow the request
    eq. configure 5 approvers - 2 are required to approve the request

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow Attribute Mapping to be Re-enabled without a Reset After Being Disabled for SCIM and ServiceNow, etc. User Provisioning Syncs

    To reproduce this, set up a ServiceNow sync with an Enterprise Application by putting in admin credentials and disabled the Group attribute mapping and save. There is no way to re-enable this via the UI without resetting your attribute mappings to default, which causes you to lose your customization work to the user attribute mapping.

    (I'm assuming this applies to other SCIM provisioning UI's as well beyond just the ServiceNow one.)

    It should be easier to re-enable a group or user object type attribute mapping without losing your customization for the other when it's disabled.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Provisioning to Applications  ·  Flag idea as inappropriate…  ·  Admin →
  18. AAD Connect - View Current Configuration

    AAD Connect - View Current Configuration needs an option to export the configuration. This should be to text file and CSV format for viewing. Also to XML format for backup and later importing of the configuration if ever needed.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  19. Create seperate sign in risk policies for medium and high risk events

    Would like to be able to create a seperate sign-in risk policy for medium and high risk events, medium policy would enforce MFA but let user continue working, high risk policy would block user access and preferably intiate sign out of all existing logins/tokens as this is a confirmed breech/exposure of credentials.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. I changed the attribute to "not set" in Azure AD but the attribute doesn't sync to Azure ADDS.

    When I update the attributes, I can see the updated values on the Azure ADDS.
    However, if he delete the value of an attribute (= update with not set), the value is not changed.

    Please correct this behavior.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base