Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

We have a new log in experience integrated with Azure AD, and we strongly recommend you log in with your Azure AD (Office 365) account. If your UserVoice account is the same email address as your Azure AD account, your previous activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Merge office365 and live accounts that use the same email address

    I use both Azure/msdn and office 365
    I already had an msdn account mvdl@our-company.com ( Windows Live account) and our company recently migrated to Office 365 which resulted in a mvdl@our-company.com Office365 account.

    Wich is causing a lot of grieve when switching between asure web portal / msdn web portal / office 365 web portal

    Even when I have no portals open, I cant switch accounts. I need to explicity open the portal that I last logged in to. Log out, and then I can switch accounts.

    And having both office 365 portal and Azure portal open at the same…

    1,127 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      228 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

      Folks,

      Thanks for the questions and suggestions. And apologies for not sharing any update on this thread for so long. We’ve been working on this problem and have announced changes on our official team blog (see here: https://cloudblogs.microsoft.com/enterprisemobility/2016/09/15/cleaning-up-the-azure-ad-and-microsoft-account-overlap/).

      First, we are acutely aware of the UX pain this is causing and we are sorry for this. We are trying to undo a decade and a half of systems divergence. There are literally hundreds of different engineering teams across Microsoft involved in this effort. So this is taking time.

      Second, we can’t easily “merge” two accounts, or allow IT to “take over” personal Microsoft accounts. There are two main hurdles: (1) The terms of service are fundamentally different for the two account types and (2) they are based on different technologies with different stacks (different identifiers, SDKs, token formats, etc.). We’re working to converge the two stacks but again this…

    • Add support for nested groups in Azure AD (app access and provisioning, group-based licensing)

      A lot of organizations use nested groups in on-premise AD. Syncronizing these groups to Azure AD have no value today. But the group itself have value on-premise
      Creating new group in AD with only users and then synchronize it to Azure AD creates extra administration for administrators and confusion for end-users.

      Dynamic Groups in Azure AD as of today don’t have support for “Member Of” or similar hence don’t solve the problem.

      Adding nested groups to Azure AD would add a lot of value to Azure AD.

      846 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        96 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

        We’re continuing to investigate options for adding this support. There are technical challenges to overcome in order to make this happen. We thank you for all your valuable comments so far, and welcome any additional feedback you have on what are the most important use cases involved with these scenarios.

      • Customer-owned domains

        Run Azure AD B2C's sign-up & sign-in pages under a custom domain, for e.g., login.contoso.com, instead of login.microsoftonline.com.

        479 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          51 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

          Due to various technical limitations, the first iteration of the customer-owned domains functionality will not be available for a few more months. We will provide an update as soon as we can get a more specific ETA.

          If you are looking to use custom domains to use javascript, we are now looking to enable that experience by providing a new (non-customizable) domain. Please look for updates here: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/15493536-add-support-for-javascript-inside-the-custom-ui-br

          /Parakh

        • Allow Long Passwords

          the current max password is 16 chars, please make it larger

          https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/

          Longer is (Usually) Stronger section

          source of current max length: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-policy

          450 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            51 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →

            We are aware of the importance of this feature and are working on it. I don’t have an ETA to share at this point but will update you once we are closer to preview.

            Eliza (via Chen)

          • Include users' last logon time

            Last Logon is missing from the user objects in Azure! I'd like to be able to read the Last Logon information through the Graph API, to tell which users are actually logging in. But very surprisingly I can't find any such attribute!
            Can we please please add this attribute to the user object?

            415 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              33 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
            • B2C Fully Customizable Sign-In Page

              Create a Sign In Policy by which we can provide our own template for the sign in page. It could work the same way as the Sign Up policy does.

              339 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                60 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
              • Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library

                Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library, just like Azure AD and Active Directory Authentication Library has.

                The Azure AD B2C page has been saying 'Get tokens using a username & password with the OAuth 2.0 Resource Owner Password Credentials Flow (coming soon)' since September 2015.
                https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-reference-protocols/

                292 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  62 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                  Just to provide an update, we are close to launching a private preview. We are in the final testing stages for this feature. We will have another update in the next few weeks with instructions on how to join the private preview.

                • 281 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    37 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                  • Support exporting and importing conditional access policies using PowerShell

                    Support exporting and importing conditional access policies using PowerShell. This would be handy for backup purposes, but also for re-use of the same policy rules between test and production tenants.

                    The Microsoft Graph API currently do not have any REST APIs for accessing and creating conditional access policies: https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/intune_graph_overview

                    276 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      14 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                    • Add an Azure AD Identity Provider

                      AADB2C is great, but why not adding an Azure AD provider? We're developing an application where we can have customers with social identities as well as Azure AD identities, it would be great in the AADB2C login page to have an option like "Organization Account". In this way we can code against one single API and not be forced to use two different entry points.

                      272 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        36 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                      • SAML protocol support

                        Azure AD B2C currently supports OpenID Connect and OAuth 2.0. Add SAML protocol support as well.

                        247 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          24 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                        • Machine Rename - Azure AD

                          Win10 machines joined to azure AD - if they get renamed this isn't reflected in Azure AD or Intune.

                          218 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            45 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →

                            Just to provide an update. It will be available in the next version of Win10, and will be available for Insiders starting next month. Note that the change we’re doing only applies to unmanaged devices, as Intune is the authority for managed devices.

                          • Automate Seamless SSO Kerberos decryption key rollover AZUREADSSOACC

                            Currently to automate the Kerberos SSO decryption key rollover for AZUREADSSOACC , we would need to store domain admin and tenant global admin credentials in a script or scheduled task.

                            This is obviously not ideal. We currently having to perform the rollover task manually each month.

                            Please look at how this process could be improved for automation.

                            150 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              We are currently working on an approach that will allow Tenant Admins to do key rollover from the Azure AD portal; without the need for PowerShell or scripting. This will be released within the next 4-6 months. Subsequently, we will release an update that will perform key rollover automatically every 30 days

                              Swaroop

                            • Programmatically register B2C applications

                              I want to be able to call a Graph API to register new B2C applications

                              123 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                11 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                              • Programmatically manage B2C policies

                                I want to be able to call the Graph API or use PowerShell to manage Azure AD B2C policies.

                                102 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  8 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                • Authentication Phone

                                  Make the Authentication Phone and Authentication Email field settable with Powershell.

                                  90 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    14 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

                                    We are building an API that will allow you to get and set credential information (i.e. Authentication Phone, Authentication Email, etc.) for both multi-factor authentication (MFA) and self-service password reset (SSPR). We will keep you updated when this becomes available.

                                    We appreciate your feedback and look forward to adding more awesome features to SSPR!

                                  • Custom password complexity

                                    Allow the ability to set different password complexities for local accounts in a B2C tenant.

                                    88 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      14 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Add reporting to see how many users have or have not registered for Self Service Password Reset.

                                      Would be helpful so we know who to target to get them registered within our organization

                                      65 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        13 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
                                      • SSO / Sign in to Azure via Google Apps IDP

                                        We'd like to enable our users for lots of Azure services (incrementally), starting with some RemoteApp services. We do *not* want to move user authentication to Azure AD (users have lots of complex Google Apps logins, with 2-Factor and U2F Keys).

                                        Is there an easy way for us to enable Google Apps as an IdP in Azure AD?

                                        Like, can we copy user profiles from Google Apps -> Azure, and on login attempt, redirect to the Google Apps sign in screen?

                                        65 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          started  ·  7 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
                                        • 60 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            2 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                                            We are looking for private preview customers who are interested in using Azure AD (single tenant only) or any other custom OIDC compliant identity providers in your built-in policies. If you are interested, please send an email specifying this specific request to aadb2cpreview@microsoft.com with your Azure AD B2C tenant name.

                                          ← Previous 1 3 4
                                          • Don't see your idea?

                                          Feedback and Knowledge Base