Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Access Review Process needs to be complete

    Access Reviews don't reflect the azure ad recommendation (example: user not logged for last 30 days etc.) for reviewers of 3rd party SaaS applications. Also, will be great to automate the line manager for each user as the access reviewer, as it would help in larger organisations to better manage and speed up the review process

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Niket,

    Thanks for the suggestion! Good news is that both of your asks are on our roadmap! Are you using Log Analytics in AAD? We’re working to integrate with the user login data in log analytics and surface those in our recommendations.

    As for line managers as reviewers, does your tenant have the manager attributed populated for your users? Great if you are, because we’re working on pulling that info from the user profile page.

    - Fionna

  2. Release API capabilities for Access Packages and Identity Governance

    I want to automate Access Package deployment with Terraform as I do with user groups as well as make dynamic groups compatible with Access Packages. This would allow me to assign users to groups based on user attributes, as I can do with Dynamic groups, but also enable group members the ability to request an access package based on their dynamic group membership, which are automatically created after deploying a new subscription with Terraform. Access Packages would be specific to each subscription and include resource and application roles that are applicable to users of that subscription. This would replace the…

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  3. AAD Connect - View Current Configuration

    AAD Connect - View Current Configuration needs an option to export the configuration. This should be to text file and CSV format for viewing. Also to XML format for backup and later importing of the configuration if ever needed.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  4. Create seperate sign in risk policies for medium and high risk events

    Would like to be able to create a seperate sign-in risk policy for medium and high risk events, medium policy would enforce MFA but let user continue working, high risk policy would block user access and preferably intiate sign out of all existing logins/tokens as this is a confirmed breech/exposure of credentials.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Search users

    Find group or user by contains or *

    I can only find a specific groups if I know how the name starts, with several hundreds of groups and users, this is not how i remember this. Support
    partofname

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback! Our feature team is is looking into options for addressing this scenario for users. For now, we are happy to announce that we’ve released the Enhanced Groups experience preview which includes improvements for search, sorting, and filtering of groups. This preview adds capabilities like substring search on groups lists and new member search.

  6. Allow quick search and find of user

    When activating Freshdesk for users, I have to manually scroll through pages and pages, until I see the name on the list. But it would be great to have an option to quickly find the user from the list (something like a search bar or the use of Ctrl +F).

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  7. PIM - multiple approvers required

    At the moment you configure multiple approvers in the role setting details dialog. As soon a one approvers approves the request gets accepted.

    I would like to have an option to require multiple approvers, that allow the request
    eq. configure 5 approvers - 2 are required to approve the request

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. Managed Service Identity needs new shorthand. MSI is taken

    Please please get an abbreviation checker at Microsoft. MSI is already a thing. Desktop isn't quite that dead yet. I have a hard enough time keeping up, without stepping on the same 3 letter from the same company meaning completely different things!

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  9. Force object based AD sync for automation

    From a sourcing perspective we often have to deal with hybrid cloud environments. For the User Workspace (webbased) we make use of both Active Directory systems (LocalAD and AzureAD) for access control to multiple applications.

    To optimize End User Experience it is neccessary to sync both Active Directory systems as fast as possible (realtime is preferred).

    Antoher possible workaround is object based (specific user or group) synchronization from command line to integrate with automation tools.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  10. I changed the attribute to "not set" in Azure AD but the attribute doesn't sync to Azure ADDS.

    When I update the attributes, I can see the updated values on the Azure ADDS.
    However, if he delete the value of an attribute (= update with not set), the value is not changed.

    Please correct this behavior.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  11. Translation are bigger than window

    Some localized translations (for example Czech) are bigger than window to fit in. Some are also not so good at all. For example screen from branding.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. Azure MFA Cloud : Abillity to remove specific sign-in option like Telephone for work

    I've not heard two times from customers that they REQUIRE that they can manage / choose which authentication methods are available to users during the MFA enrollment proces.

    The IT administrators would like to control the phone authentication numbers or limit access to the Azure Authenticator.

    It would also be nice, if it would be posible to define different policies for specific users or group of users

    @Shawn Bishiop

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Access Review to delete user account

    We use access reviews to monitor 3rd party Office 365 accounts and licences. The users are in a security groups that assigns the licences. So if they are denied as part of the access review they are removed form the security group so their Office 365 licences are removed.

    Is there a way to also delete the user accounts as part of the process

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Nikki,

    Thanks for the feedback! If you’d like to delete the user in addition to removing the user from the resource (group), we are running a private preview on this exact feature, and we’d love to have you try it!

    Please fill out this form for tenant info and we’ll whitelist you for the preview – https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR5dv-S62099HtxdeKIcgO-NUMzE4VzM2QllPTkxTVjRWOUFCMEZLQzJPVy4u

    Thanks
    Fionna

  14. synchronisation triggered from website

    Allow an AD sync to be performed from the Azure AD website.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  15. Service Principals is so broken from a UI standpoint. Needs to be redone.

    Here is a link to the official documentation, notice how it is like 200 steps:

    https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal

    This is HORRIBLE guys. On Amazon, to grant API access to something it is one click - Generate API Key.

    I wasted 20 minutes trying to follow above steps. Guess what - at the end, it still doesn't work. Awesome! Now I get to debug your broken system for you instead of being productive.

    Can you please either:


    • Get rid of Service Principals (please shoot it), and just add a Generate API key command to replace it.

    • Add Generate API Key as an alternative…
    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  16. SaaS Application experience

    Plugin for SaaS application (logging onto Facebook, for example) presents to install plugin. There are issues on that page, and it may not be intuitive for users.
    Also plugin on Apple Mac OSX with Firefox 45.x version did not work, even after plugin installed successfully.

    Attached is a screenshot of the issues on the page, they include:
    1: Formatting on page background shows the HTML code which it shouldn't. Looks unproffesional.
    2: when resizing the window, the context page does not re-center on the page.
    3: Report a problem Link is broken.
    4: Tip is not very intuitive for end…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  17. MyApps Portal Frequently Used Collection

    We would like to have a collection in the MyApps portal that duplicates the functionality of the Secure Sign-in Browser Extension so a user would see their individual frequently used SSO apps in a collection.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  MyApps portal  ·  Flag idea as inappropriate…  ·  Admin →
  18. Risk based conditional access for b2c

    In order to reduce user friction the product should have conditional access programing to allow a safe sign in without asking to mutch information and avoid sending to much sms tokens

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  19. Ability to export Risky Sign in policies programmatically

    We need a way to export/consult Risky sign in policies.

    In general, a feature should be released with its associated API to allow Microsoft customers to perform automation.

    Support case 119070422001895 confirmed this was not possible.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. add GC port 3269 to AD-DS created LB

    Hi,

    right now we can't access port 3269 (Global Catalog) of our AD-DS service.
    After open it in NSG and modify the LB it only stay open for hours. The LB get's overwritten every now and then.

    Request: Add LB rule for 3269 to the auto-create script of AD-DS. Customer still can control access this via NSG.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  5 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base