Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

We have a new log in experience integrated with Azure AD, and we strongly recommend you log in with your Azure AD (Office 365) account. If your UserVoice account is the same email address as your Azure AD account, your previous activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Merge office365 and live accounts that use the same email address

    I use both Azure/msdn and office 365
    I already had an msdn account mvdl@our-company.com ( Windows Live account) and our company recently migrated to Office 365 which resulted in a mvdl@our-company.com Office365 account.

    Wich is causing a lot of grieve when switching between asure web portal / msdn web portal / office 365 web portal

    Even when I have no portals open, I cant switch accounts. I need to explicity open the portal that I last logged in to. Log out, and then I can switch accounts.

    And having both office 365 portal and Azure portal open at the same…

    1,151 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    229 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

    Folks,

    Thanks for the questions and suggestions. And apologies for not sharing any update on this thread for so long. We’ve been working on this problem and have announced changes on our official team blog (see here: https://cloudblogs.microsoft.com/enterprisemobility/2016/09/15/cleaning-up-the-azure-ad-and-microsoft-account-overlap/).

    First, we are acutely aware of the UX pain this is causing and we are sorry for this. We are trying to undo a decade and a half of systems divergence. There are literally hundreds of different engineering teams across Microsoft involved in this effort. So this is taking time.

    Second, we can’t easily “merge” two accounts, or allow IT to “take over” personal Microsoft accounts. There are two main hurdles: (1) The terms of service are fundamentally different for the two account types and (2) they are based on different technologies with different stacks (different identifiers, SDKs, token formats, etc.). We’re working to converge the two stacks but again this…

  2. Add support for nested groups in Azure AD (app access and provisioning, group-based licensing)

    A lot of organizations use nested groups in on-premise AD. Syncronizing these groups to Azure AD have no value today. But the group itself have value on-premise
    Creating new group in AD with only users and then synchronize it to Azure AD creates extra administration for administrators and confusion for end-users.

    Dynamic Groups in Azure AD as of today don’t have support for “Member Of” or similar hence don’t solve the problem.

    Adding nested groups to Azure AD would add a lot of value to Azure AD.

    956 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    110 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

    We’re continuing to investigate options for adding this support. There are technical challenges to overcome in order to make this happen. We thank you for all your valuable comments so far, and welcome any additional feedback you have on what are the most important use cases involved with these scenarios.

  3. Customer-owned domains

    Run Azure AD B2C's sign-up & sign-in pages under a custom domain, for e.g., login.contoso.com, instead of login.microsoftonline.com.

    511 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    58 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    Due to various technical limitations, the first iteration of the customer-owned domains functionality will not be available for a few more months. We will provide an update as soon as we can get a more specific ETA.

    If you are looking to use custom domains to use javascript, we are now looking to enable that experience by providing a new (non-customizable) domain. Please look for updates here: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/15493536-add-support-for-javascript-inside-the-custom-ui-br

    /Parakh

  4. Support exporting and importing conditional access policies using PowerShell

    Support exporting and importing conditional access policies using PowerShell. This would be handy for backup purposes, but also for re-use of the same policy rules between test and production tenants.

    The Microsoft Graph API currently do not have any REST APIs for accessing and creating conditional access policies: https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/intune_graph_overview

    353 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    18 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. B2C Fully Customizable Sign-In Page

    Create a Sign In Policy by which we can provide our own template for the sign in page. It could work the same way as the Sign Up policy does.

    353 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    60 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library

    Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library, just like Azure AD and Active Directory Authentication Library has.

    The Azure AD B2C page has been saying 'Get tokens using a username & password with the OAuth 2.0 Resource Owner Password Credentials Flow (coming soon)' since September 2015.
    https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-reference-protocols/

    308 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    64 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    Just to provide an update, we are close to launching a private preview. We are in the final testing stages for this feature. We will have another update in the next few weeks with instructions on how to join the private preview.

  7. 291 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    37 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add an Azure AD Identity Provider

    AADB2C is great, but why not adding an Azure AD provider? We're developing an application where we can have customers with social identities as well as Azure AD identities, it would be great in the AADB2C login page to have an option like "Organization Account". In this way we can code against one single API and not be forced to use two different entry points.

    280 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    36 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  9. SAML protocol support

    Azure AD B2C currently supports OpenID Connect and OAuth 2.0. Add SAML protocol support as well.

    268 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    28 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  10. Automate Seamless SSO Kerberos decryption key rollover AZUREADSSOACC

    Currently to automate the Kerberos SSO decryption key rollover for AZUREADSSOACC , we would need to store domain admin and tenant global admin credentials in a script or scheduled task.

    This is obviously not ideal. We currently having to perform the rollover task manually each month.

    Please look at how this process could be improved for automation.

    193 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    34 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →

    We are currently working on an approach that will allow Tenant Admins to do key rollover from the Azure AD portal; without the need for PowerShell or scripting. This will be released within the next 4-6 months. Subsequently, we will release an update that will perform key rollover automatically every 30 days

    Swaroop

  11. Programmatically register B2C applications

    I want to be able to call a Graph API to register new B2C applications

    132 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  12. Programmatically manage B2C policies

    I want to be able to call the Graph API or use PowerShell to manage Azure AD B2C policies.

    112 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  13. Authentication Phone

    Make the Authentication Phone and Authentication Email field settable with Powershell.

    105 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  14. Custom password complexity

    Allow the ability to set different password complexities for local accounts in a B2C tenant.

    95 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add reporting to see how many users have or have not registered for Self Service Password Reset.

    Would be helpful so we know who to target to get them registered within our organization

    80 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  16. Go Direct to Password Reset from Sign-In/Sign-Up

    The Sign-in only policy allows the user to go directly to the password reset.

    The Sign-in/Sign-Up does not allow this. The user gets redirected back and you have to handle AADB2C90118.

    Reference: https://stackoverflow.com/questions/41497158/azure-ad-b2c-self-service-password-reset-link-doesnt-work

    While this flow is useful for some people the opposite is also true. Please allow me to specify the password reset policy in my sign-in/sign-up policy so the round trip is not required if I don't want it.

    71 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    21 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  17. SSO / Sign in to Azure via Google Apps IDP

    We'd like to enable our users for lots of Azure services (incrementally), starting with some RemoteApp services. We do *not* want to move user authentication to Azure AD (users have lots of complex Google Apps logins, with 2-Factor and U2F Keys).

    Is there an easy way for us to enable Google Apps as an IdP in Azure AD?

    Like, can we copy user profiles from Google Apps -> Azure, and on login attempt, redirect to the Google Apps sign in screen?

    67 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  7 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  18. Delegate permissions to remove devices

    The user role User administrator is not able to remove users registered device objekts in Azure AD. I think that roles should be granted that permisson.
    Or create an addiotional role that have the permission to remove device objects in Azure AD.

    62 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  19. 62 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add CORS support for discovery and JSON Web Key Set endpoints

    Adding CORS support to the following endpoints would allow them to be downloaded via a JavaScript application:
    - https://login.microsoftonline.com/<tenantid>/v2.0/.well-known/openid-configuration
    - https://login.microsoftonline.com/<tenantid>/discovery/v2.0/keys

    The signatures for these endpoints could then be used to verify JWT's directly within the JavaScript.

    42 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base