Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Support Github identity
Would be great to extend the list of identity providers with GitHub, Azure AD and other identity providers to make our end-customers life easier.
10 votesThis is available in private preview and we’re actively looking for customers to try it out and give us feedback.
If you’re interested, contact us at aadb2cpreview@microsoft.com with the following info:
– TenantName (x.onmicrosoft.com)
– Description of your app and why GitHub is relevant
– Estimated user count (total to the app and specific to GitHub) -
Azure Active Directory's Application Proxy and load balancer
How this is going to work if web servers are being behind load balancer (like a BIGIP F5 ). Thanks.
9 votesYou can use a load balancer between your connectors and applications. We are currently working on documentation around this and will update soon.
Thanks,
Jasmine -
Managed Whitelist of Enterprise Applications
Please provide facility to whitelist which 3rd party applications are 'approved'.
Ideally this would be more than just single 'bit' of information, and allow multiple lists - for example, a whitelist for 'regular company business' and another for TOPSECRET, to be integrated with other parts of the azure framework, such as being used in Conditional Access Policy and the EMS E5 features.
Currently OAuth consent by any user will automatically register an application and this cannot be disabled. Blacklist is possible, but whitelist is not without completely removing ability for users to manage their own consent, which is undesirable from…
9 votesWe have started worked on this features. For an initial release, we’re thinking on allowing admins to select the set of permissions users will be able to consent.
-
Let Azure AD retry failed exports with 429 response code as soon as the Retry-After has passed
We have implemented our own SCIM (2.0) Service with a rate limiting feature.
The Azure AD user provisioning application does not recognize 429 responses from our services when requests are sent to rapidly and just logs failures. These failures will be retried 40 minutes later, but this is a very long delay making an intial sync take way longer than needed. (especialy when the retries run into the rate limit again and again)
I suggest to retry requests that received a 429 response soon after the Retry-After header value ( has passed) to optimize the duration of a sync cycle.
…
8 votesHi we are actively working on honoring the retry-after header
-
Please extend Azure AD Identity Protection to the B2C tenant
Please extend Azure AD Identity Protection to the B2C tenant
8 votesHi all: Just a heads-up that we have announced public preview availability of this capability. Please read more on the blog post here, try it out yourselves, and let us know what you think on this feedback page!
-
Make provision sync on demand
Make provision sync on demand for testing purpose.
User and group sync normally takes about 5~30 minutes. It is very inconvenient and inefficient for testing. Azure AD should allow on demand sync when it is testing phase and the total users are less than a numbers, for example 50.
8 votesWe have an initial version of this publicly available – aka.ms/provisionondemanddocumentation
/Arvind
-
Enterprise Application
Create a SSO/Enterprise Application Admin role similar to Intune/Sharepoint admin role. Allow the delegation of the SSO and enterprise applications to an admin other than the global tenant admin.
8 votesWe are working on this now. Stay tuned for upcoming announcements.
-
Allow ICMP/Ping through NSG
The lack of the most BASIC functionality such as PING has forced my CTO to prevent the renewal of a $140,000 Enterprise Agreement. Our clients use external monitoring software. Amazon Web Services and Google Cloud Engine allow this, yet Microsoft's "Excuse" is that it is a security risk (It isn't, and anyone saying it is, is lying.)
Without Ping, I cannot approve the renewal of the contract. Please add Ping before I must also revoke our subsidiaries contracts with Azure!
8 votesWe have started to work on ICMP support for NSGs.
- Anavi N [MSFT]
-
REST API callout
Support for calling REST APIs at the start and end of end user sign-up, sign-in and other flows.
8 votesThis feature is now available in public preview through custom policies. Check out some examples here:
/Parakh
-
Make the AD Raw logs (event/logs) avaiable for SIEM monitoring
Been subscribed to Azure AD as an organization, it's hard to monitor scurity events realtime using SIEM solution without having access to Raw event logs. Although Audit log report offers what to extract out as a report but realtime monitoring to events for organizational domain is unavailable. This is quite crutial. oraganization doesn't have access to its own domain security events.
8 votesThanks for the feedback! Have you had a look at the Azure AD Reporting API? This will allow you to feed the reporting data from the Azure AD reports directly into your SIEM. See the following article: https://azure.microsoft.com/en-us/documentation/articles/active-directory-reporting-api-getting-started/
(I’m marking this as “started” and not “completed” because the API is still in Preview—feedback is welcome!)
Philippe Signoret
Program Manager, Azure Active Directory -
Enable "Sign in with a security key" option from any sign-in page (e.g. in case of frequency passed)
End-user experience of password-less sign-in options is broken in some user scenarios.
Example: The "Sign in with a security key" option is not available on sign-in page after the sign-in frequency passed (Conditional Access session policy).
7 votesThis is something currently working on to resolve.
-Libby Brown
-
Remove the option to enable phone sign-in in Microsoft Authenticator App
As we've disabled the option to enable passwordless in our Tenant, it would be helpful to remove / disable the option to enable phone sign-in in MIcrosoft Authenticator APp so the users won't be able to enable something that is not enabled for the company.
7 votes -
Add Azure Active Directory Role Customization
Add a Role Customization for Azure AD Roles to get more specified permission settings in Azure AD
7 votesHi,
Just a quick update here. We’re still actively working on support for custom roles (RBAC) across Azure AD. Stay tuned for more announcements in the next couple of months.You can have a look at what we’ve shipped thus far (custom roles for application registration management) here – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview.
Regards,
Abhijeet Sinha
Azure AD RBAC team -
A GUI interface for edit or create custom role on Azure
A GUI interface for edit or create custom role on Azure.
Currently any custom role create / edit needed to change by powershell, a GUI interface is more user friendly and easy to manage for customer admin.
7 votesHi,
We have started working on custom roles.
Here’s how you can create a custom role using GUI – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-create-customAbhijeet Sinha
Azure AD RBAC team -
Searching & Filtering in the Portal
We should be able to search and filter within the portal in a much more complete way than we can today.
Today, you can mostly search for startwith of a upn/name of a user. This is super limiting, so I go back and live in PowerShell to do anything more than a simple name search.
And if we want to filter, you can use show all users, or guest users only.Give us the ability to search / filter / sort / export any attribute available to us.
This extrapolates to Groups and other object types too.
7 votesWe’re happy to announce that the users enhancements are now in public preview. Improvements include better filtering, more columns and improved search. We are continuing to work on substring search and sorting, so look out for those improvements in the next few months.
-
AADC Health - Notification when AADC Scheduler is disabled
Send a notification when AADC Scheduler is disabled or when sync didn't happen for x number of hours/days.
7 votesThanks for the feedback!
This is in our backlog and our engineers are working on the new alert. -
AADConnect - Generate Preview
When viewing an object in AADConnect and generating a preview based on full or delta imports... it should actually go and perform the full or dela import of that specific object when you perform that action. If i'm troubleshooting an issue in a large directory environment, I dont want to have to wait 6 to 12 hours for a full import, full sync to run after making each change... It seems logical that i could update a directory object or an AADConnect rule and go preview the impact of those changes on a single object without having to import the…
7 votes -
Azure AD Connect "PasswordNeverExpires" Attribute not synced correctly
Last tests done with version 1.1.443.0 of AAD Connect
The User Attribute "PasswordNeverExpires" is not synced correctly from OnPremise to AAD (when doing an inital sync of an user account). Furthermore later changes of this Attribute are not synced correctly to the AAD.
I had different/random results when testing with this. Sometimes the initial value was transfered correctly to the Cloud accounts but the a change was not synced. Sometimes directly the initial value was wrong (when syncing a user the first time).
Kind Regards
Robin K.7 votes -
7 votes
This is currently in progress. Many of our articles have been updated in the past weeks and we’ll continue updating the rest.
/Saca
-
Let us manage or remove the limit of AD groups creation for a non-admin user or service principal (250)
We define from our side which user accounts and service principals can create Azure AD groups. The configuration that allows us to manage this:
- “EnableGroupCreation” set to “False” so that by default non-admin accounts cannot create groups
- and added a specific access group to “GroupCreationAllowedGroupID” to allow specific user accounts and service principals to create groupsAccording to https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-service-limits-restrictions - a non-admin user can create a maximum of 250 groups in an Azure AD organization.
This limit blocks us to move forward with business-critical tasks.
Purpose to remove the limit of AD groups created by non-admin user accounts/service: …
6 votesThank you for reaching out to feedback suggestion forum. This feature is in progress.
- Don't see your idea?