Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

We have a new log in experience integrated with Azure AD, and we strongly recommend you log in with your Azure AD (Office 365) account. If your UserVoice account is the same email address as your Azure AD account, your previous activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow Long Passwords

    the current max password is 16 chars, please make it larger

    https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/

    Longer is (Usually) Stronger section

    source of current max length: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-policy

    510 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    63 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support for Hardware Token in Cloud hosted Multi-Factor Authentication

    If the MFA server supports hardware tokens, why can't the azure hosted MFA support it ?!
    Please add this feature.

    265 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    61 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Machine Rename - Azure AD

    Win10 machines joined to azure AD - if they get renamed this isn't reflected in Azure AD or Intune.

    218 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    47 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  4. Enable Self Service Password Reset from Windows 10 Sign In Screen

    Azure AD self service password reset works great. The issue being if a user cannot log on they haven't a browser to access the portal easily.

    Can the reset portal be integrated with a "Forgotten my password" link on the Sign In screen. Azure AD join integrates with web based services such as MFA so it hopefully the foundations are there.

    206 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    48 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  5. Activate Office 365 ProPlus through Azure AD Connect SSO feature instead of ADFS

    Activate Office 365 ProPlus through Azure AD Connect SSO feature instead of ADFS.

    The only thing missing I think is the Office GPO 2016 template setting. Now there is only the ADFS option in "Microsoft Office Microsoft Office 2016/Subscription Activation"

    See my post below:
    https://answers.microsoft.com/en-us/msoffice/forum/msoffice_install-mso_winother/office-365-proplus-2016-activation-shared-computer/a5b571f2-da34-4dd6-a67a-5188d99adb6b

    201 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    39 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →

    This Seamless SSO feature is now live in production. For this feature to work, you need Office client versions 16.0.8730.xxxx and above. No GPO for automatic activation needs to be set for this feature to work.

  6. Update the Azure Active Directory PowerShell Module to allow MFA

    According to MS Support [1] you cannot use an account with MFA to connect to AAD via PowerShell. This is a problem, because most activities done with PS require Admin rights, and we want Admin accounts to have MFA.

    I did some digging and I believe this limitation comes from the fact that the AAD PowerShell module still uses the Microsoft Online Services Sign-In Assistant [2] for authentication.

    It looks like MS is updating Office applications to use ADAL instead of the MSOL Sign-in Assistant to "enable new authentication flows, including support for Multi-Factor Authentication (MFA)." [3]

    I propose making…

    161 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    22 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    The new Azure AD Powershell module, which supports MFA is now generally available.
    See this link for more info: http://connect.microsoft.com/site1164/content/content.aspx?ContentID=32016

    If you’re interested in O365/Exchange PS module support for modern auth and MFA, please see this UserVoice entry:
    https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/15523143-enable-windows-powershell-to-use-mfa

    /Saca

  7. Make Azure AD Domain Services available in CSP subscription

    Currently Azure Active Directory Domain Services are not available for CSP subscriptions. Firstly because you can't deploy classic VNets in CSP subscriptions and this service is required to setup AADDS. Secondly because AAD is not available for CSP subscriptions to manage from Classic Portal and according to https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-faqs there is no Powershell cmdlet to turn on AADDS. This means you can't use AAD features like Kerberos authentication in CSP offerings.

    136 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    25 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  8. Ability to connect Azure Active Directory Account to Windows 8/10 Account

    For small deployments (without ADDS/ADFS on-premises) it would be very useful if user could login Windows with a WAAD Account. That means: same user experience with WAAD Account as todays experience with public Microsoft (Live) ID.

    133 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  9. Reduce pricing for Azure AD B2C

    Azure AD B2C seems to be an interesting and very important service, however in my opinion it is >dramatically< overpriced. Having to pay thousands of dollars >per month< just for a few million users is in no relation to other Azure Services.

    E.g. Storing 10 million users would cost 950k * €0.00093 + 9mil * €0.00076 = 7723,5€ per month. And this doesn't even include authentications.
    This makes me wondering if your case study Real Madrid really would like all of their 450 million fans use this service. I think they would have to sell a player in that case!…

    128 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    We are happy to update that Azure Active Directory B2C (Azure AD B2C) is lowering the cost of managing identities for your consumers. Effective April 1, 2019 there will be no charges for stored users. The price for authentications and optional multi-factor authentication (MFA) is unchanged. This update applies to all customers and will be automatically applied, no action is required.

    See the pricing page for details: Azure AD B2C Pricing. https://azure.microsoft.com/en-us/pricing/details/active-directory-b2c/

  10. Support OAuth 2.0 implict flow

    Many modern apps have a Single Page Application (SPA) front-end that is written primarily in JavaScript and often uses an SPA framework such as AngularJS, Ember.js, Durandal, etc. These apps need to be secured using OAuth 2.0 implict flow. Azure AD B2C needs to add this capability.

    122 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add Azure Active Directory to portal.azure.com

    As more services become only available for management in portal.azure.com (such as API Apps), it's annoying to have to go back to the "old" portal.

    121 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    29 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enable legacy Windows Server Active Directory functionality for compute services

    I want use this Windows Azure Active Directory services to standard compute services to remove complecation.
    for example, we need Active Directory for building failover cluster services IaaS. I don't want to make DC only for that...

    118 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  13. Device Authentication Conditional Access for Azure AD

    Today, it's possible to setup Conditional Access logon rules in ADFS3 and ADFS4 based on Device Authentication. We've found this to be widely applauded by end-users in MFA scenarios.

    it would be great if Azure AD authentication without federation could also support Device Authentication for Conditional Access.

    We would like to be able to create a rule that says that Azure AD Registered Devices don't need to MFA.

    113 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    24 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add PowerShell commands to manage "Users flagged for risk" in Azure AD

    I have quite a few users who have been tagged as "Users flagged for risk" in Azure AD. I'd like to be able to "Dismiss all events" for those users that were "Last updated" more than XX days ago. It seems I can only do this via the web GUI one user at a time. This stinks. This particular report had gone unwatched for a bit. PowerShell to the rescue please!

    111 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    36 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Provide new "Authentication Methods" for SSPR (Auth Phone, Alternative Auth Phone and PIN Code)

    Please add more authentication methods to the Self Service Password Reset in Azure Active Directory.

    Provide new "Authentication Methods":
    - Authentication Phone
    - Alternative Authentication Phone
    - PIN Code
    - Biometric authentication (Based on the Azure Authenticator)

    90 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

    Users can now reset their password using the Microsoft Authenticator app (or any other authenticator app). This feature is now in public preview and can be enabled under Password reset → Authentication methods in the Azure AD portal. Go to aka.ms/authappsspr to learn more.

    We will continue to add new authentication methods in the future.

  16. Azure AD Domain Services available in ARM VNets

    Make it possible to add ARM Vnet to AAD DS. As of now, AFAIK it's only possible with a ASM-to-ARM VPN connection which incurs its own cost

    77 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  17. Make Active Directory deletable

    Please allow Active Directory entries to be deleted from management portal when they're empty and no longer used.

    76 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow for deactivating "Windows Hello" and "Set Up PIN" for good on Azure AD joined devices

    Dear Microsoft,

    We are midst in rolling out Azure AD joined Windows 10 clients (primarily notebooks) and right now, with every restart, the system prompts for setting up Windows Hello and a PIN. Since the latter only works with a mobile phone number and we do not provide every of our employees with a corporate phone, we cannot possibly force this on them.

    Please allow quickly to deactivate these two settings in Azure AD, right from the start. It kills user experience to click this away every single time.

    69 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    34 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →

    If you must disable Hello, we recommend you do so by following the instructions here: https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-manage-in-organization

    If you can’t use an MDM or GPO, it is possible to disable Windows Hello provisioning via the registry. Run the following command:
    REG ADD HKLM\SOFTWARE\Policies\Microsoft\PassportForWork /v Enabled /t REG_DWORD /d 0 /f

    Best,
    Kristina

  19. Share more on the Azure AD B2C timeline/plans

    Hi! I'm an app developer, and I'd _love_ to have an offering from Azure AD that combines social login with user-generated email address logins that Azure AD just takes care of for me; no SQL Server tables, no writing the "forgot your password?" dance, no self-service password changes from apps and web, I don't want to write any of that. In other words, I want to give you money for this. Any chance we can find out more about when this will be available in preview? (My scenario, like many app developers, is that I'll have somewhere between 800 and…

    68 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support WebSocket protocol in Azure AD Application Proxy

    It would be great if Azure Application Proxy supported the websockets protocol. We publish some collaborative applications through AADAP and we have a lot of access issues.

    56 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →

    This feature is now available in Public Preview (Websocket support for QlikSense). You can learn more in the announcement we made this morning on the EMS Blog. To be notified when we move into GA or support for additional applications is available, please watch the Application Proxy blog.

    If you are following this post and would like to see support for other applications, please start another feedback item and specify the application.

    EMS Blog: https://cloudblogs.microsoft.com/enterprisemobility/2018/03/28/new-azure-ad-application-proxy-updates/

    Application Proxy Blog:
    https://aka.ms/appproxyblog

    If you have tried the new websocket support, or if you would use it if our support was expanded to other applications, please take a few minutes to fill out our short 7 question survey:
    https://aka.ms/appproxywebsocketsurvey

    Best,
    Harshini

← Previous 1 3 4 5 13 14
  • Don't see your idea?

Feedback and Knowledge Base