Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 510 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    67 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. B2C Fully Customizable Sign-In Page

    Create a Sign In Policy by which we can provide our own template for the sign in page. It could work the same way as the Sign Up policy does.

    387 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    61 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    Page Customization is in Public Preview with V2 Policies.

    User interface Customization: https://docs.microsoft.com/en-us/azure/active-directory-b2c/customize-ui-overview

    JavaScript/PageLayout Enforcement: https://docs.microsoft.com/en-us/azure/active-directory-b2c/user-flow-javascript-overview

    Please continue to provide feedback through the survey mentioned in the previous update: https://microsoft.qualtrics.com/jfe/form/SV_0Gu45RkBy2YR1kh

    ~Sean

  3. SAML protocol support

    Azure AD B2C currently supports OpenID Connect and OAuth 2.0. Add SAML protocol support as well.

    357 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    44 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library

    Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library, just like Azure AD and Active Directory Authentication Library has.

    The Azure AD B2C page has been saying 'Get tokens using a username & password with the OAuth 2.0 Resource Owner Password Credentials Flow (coming soon)' since September 2015.
    https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-reference-protocols/

    322 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    65 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add an Azure AD Identity Provider

    AADB2C is great, but why not adding an Azure AD provider? We're developing an application where we can have customers with social identities as well as Azure AD identities, it would be great in the AADB2C login page to have an option like "Organization Account". In this way we can code against one single API and not be forced to use two different entry points.

    304 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    35 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  6. 295 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    37 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support for Hardware Token in Cloud hosted Multi-Factor Authentication

    If the MFA server supports hardware tokens, why can't the azure hosted MFA support it ?!
    Please add this feature.

    265 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    63 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Machine Rename - Azure AD

    Win10 machines joined to azure AD - if they get renamed this isn't reflected in Azure AD or Intune.

    218 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    56 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable Self Service Password Reset from Windows 10 Sign In Screen

    Azure AD self service password reset works great. The issue being if a user cannot log on they haven't a browser to access the portal easily.

    Can the reset portal be integrated with a "Forgotten my password" link on the Sign In screen. Azure AD join integrates with web based services such as MFA so it hopefully the foundations are there.

    206 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    50 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  10. Activate Office 365 ProPlus through Azure AD Connect SSO feature instead of ADFS

    Activate Office 365 ProPlus through Azure AD Connect SSO feature instead of ADFS.

    The only thing missing I think is the Office GPO 2016 template setting. Now there is only the ADFS option in "Microsoft Office Microsoft Office 2016/Subscription Activation"

    See my post below:
    https://answers.microsoft.com/en-us/msoffice/forum/msofficeinstall-msowinother/office-365-proplus-2016-activation-shared-computer/a5b571f2-da34-4dd6-a67a-5188d99adb6b

    201 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    40 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →

    This Seamless SSO feature is now live in production. For this feature to work, you need Office client versions 16.0.8730.xxxx and above. No GPO for automatic activation needs to be set for this feature to work.

  11. Update the Azure Active Directory PowerShell Module to allow MFA

    According to MS Support [1] you cannot use an account with MFA to connect to AAD via PowerShell. This is a problem, because most activities done with PS require Admin rights, and we want Admin accounts to have MFA.

    I did some digging and I believe this limitation comes from the fact that the AAD PowerShell module still uses the Microsoft Online Services Sign-In Assistant [2] for authentication.

    It looks like MS is updating Office applications to use ADAL instead of the MSOL Sign-in Assistant to "enable new authentication flows, including support for Multi-Factor Authentication (MFA)." [3]

    I propose making…

    161 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    22 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    The new Azure AD Powershell module, which supports MFA is now generally available.
    See this link for more info: http://connect.microsoft.com/site1164/content/content.aspx?ContentID=32016

    If you’re interested in O365/Exchange PS module support for modern auth and MFA, please see this UserVoice entry:
    https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/15523143-enable-windows-powershell-to-use-mfa

    /Saca

  12. Phone number sign-up

    Local accounts currently allows email addresses and usernames as sign-in identifiers. Add phone numbers as well.

    144 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    39 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    We recently announced the public preview of adding phone sign-up and sign-in with custom policies: https://docs.microsoft.com/en-us/azure/active-directory-b2c/phone-authentication

    We would love to hear any thoughts or feedback through this short survey: https://microsoft.qualtrics.com/jfe/form/SV_86C0d46O8Tw6Ghv

    We are currently working to bring this functionality to built-in user flows, but do not have a timeline for release.

    ~Sean

  13. Make Azure AD Domain Services available in CSP subscription

    Currently Azure Active Directory Domain Services are not available for CSP subscriptions. Firstly because you can't deploy classic VNets in CSP subscriptions and this service is required to setup AADDS. Secondly because AAD is not available for CSP subscriptions to manage from Classic Portal and according to https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-faqs there is no Powershell cmdlet to turn on AADDS. This means you can't use AAD features like Kerberos authentication in CSP offerings.

    136 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    25 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  14. Ability to connect Azure Active Directory Account to Windows 8/10 Account

    For small deployments (without ADDS/ADFS on-premises) it would be very useful if user could login Windows with a WAAD Account. That means: same user experience with WAAD Account as todays experience with public Microsoft (Live) ID.

    133 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  15. Programmatically manage B2C policies

    I want to be able to call the Graph API or use PowerShell to manage Azure AD B2C policies.

    131 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  16. Reduce pricing for Azure AD B2C

    Azure AD B2C seems to be an interesting and very important service, however in my opinion it is >dramatically< overpriced. Having to pay thousands of dollars >per month< just for a few million users is in no relation to other Azure Services.

    E.g. Storing 10 million users would cost 950k * €0.00093 + 9mil * €0.00076 = 7723,5€ per month. And this doesn't even include authentications.
    This makes me wondering if your case study Real Madrid really would like all of their 450 million fans use this service. I think they would have to sell a player in that case!…

    127 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support OAuth 2.0 implict flow

    Many modern apps have a Single Page Application (SPA) front-end that is written primarily in JavaScript and often uses an SPA framework such as AngularJS, Ember.js, Durandal, etc. These apps need to be secured using OAuth 2.0 implict flow. Azure AD B2C needs to add this capability.

    122 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add Azure Active Directory to portal.azure.com

    As more services become only available for management in portal.azure.com (such as API Apps), it's annoying to have to go back to the "old" portal.

    121 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    29 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enable legacy Windows Server Active Directory functionality for compute services

    I want use this Windows Azure Active Directory services to standard compute services to remove complecation.
    for example, we need Active Directory for building failover cluster services IaaS. I don't want to make DC only for that...

    118 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  20. Device Authentication Conditional Access for Azure AD

    Today, it's possible to setup Conditional Access logon rules in ADFS3 and ADFS4 based on Device Authentication. We've found this to be widely applauded by end-users in MFA scenarios.

    it would be great if Azure AD authentication without federation could also support Device Authentication for Conditional Access.

    We would like to be able to create a rule that says that Azure AD Registered Devices don't need to MFA.

    113 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    27 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 16 17
  • Don't see your idea?

Feedback and Knowledge Base