Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add Japan region to data residency location of Azure AD B2C

    Lots of Japanese customers would like to use Azure AD B2C. But they can not decide to adopt B2C because we do not have Japan region as data residency location.

    212 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      9 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
    • Azure AD B2C Data Residency in Australia

      Although Azure AD B2C is available for use in Australia, there is not option to create a directiry for which the user data resides in Australia. We would like to be able to ensure that our Azure AD B2C user data remains in Australia.

      140 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        33 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
      • B2C Support for client credential flow.

        To enable APIs to use authentication from another application with separate security credentials (clientId+secret). Needed for APIs to make graph calls.

        (This is not the same as on-behalf-of flow, which represents the ability to exchange an access token intended for one audience for an access token intended for a different audience)

        135 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          4 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
        • B2C Roadmap

          Deliver a roadmap which shows what functionality is planned and under review.

          96 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            6 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

            Hi all, unfortunately we don’t have plans to share out a public roadmap. This is constantly changing as we’re listening to customer requests. We will continue to update feedback.azure items as they come up so feel free to suggest anything you are curious about.

          • group naming policy using extension attributes

            Please implement additional functionality to allow the use of Extension Attributes as part of a Group Naming Policy. This is required as the Department name is too large and many organisations have a shortened department code which they apply via an Extension Attribute. Using a long department name in a Group Naming POlicy creates names that are too long to be useful, but using a shortened department code plus group name means that the group can be easily identified and attributed to a department without cluttering the name space.

            e.g. Information and Communication Technology has a short code of ICT…

            85 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              6 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →

              Thank you for your feedback! We have heard you and are considering future implementation options. There is no timeline yet for implementation. If this feature matters to you, keep voting as it will help us prioritize.

            • AADB2C: include username in JWT claims

              AADB2C supports either email addresses or usernames for accounts. If a directory uses usernames, you don't get that username as a claim in the JWT. This means an extra trip to Azure must be made to retrieve the username. Please consider including the username in the JWT.

              72 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                18 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                This is currently not on our roadmap. You can retrieve this value by making a call through the Graph API. If this is needed for your scenarios, please continue voting and we will review at a later date.

              • Support logout and single logout with SAML 2.0 claims provider

                Support for logout and single logout with SAML 2.0 IdP configured as claims provider on B2C.

                The logout and single logout os both requested in some customer cases and in relation to the Danish governments IdP called "NemLog-in". In relation to the Danish governments IdP it is a requirement to support logout and single logout to connect to the central federation.

                67 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                • Enable support for dynamic mail-enabled security groups

                  Dynamic security groups are great, mail-enabled groups are great too wouldn't it be great to have both. We have a requirement to create security groups (or distribution groups) based on employee attributes (i.e. Active Full-time, Active Parttime, etc...). These attributes live in Azure AD but aren't accessible in Exchange Online so I cannot create a dynamic distribution group. I am able to create a mail-enabled security group but the membership cannot be dynamic. And any dynamic group I create can't be mail-enabled unless it's a unified group but for the purposes we need the groups for Unified groups aren't appropriate.…

                  64 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    16 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →

                    Thank you for your feedback! We have heard you and are considering future implementation options. There is no timeline yet for implementation. If this feature matters to you, keep voting as it will help us prioritize.

                  • Add hashed password migration to Azure AD B2C

                    Currently, I can migrate user accounts from an existing database to Azure AD B2C. However, it only accepts unhashed passwords, which is completely useless for any modern system, which should ONLY be using hashed and salted passwords. What would actually make this feature useful is to include fields for hashed password, hash algorithm (any of several standard ones), salt and salt method (i.e., appended, prepended, etc).

                    64 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      4 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                    • Passwordless authentication

                      Add support for phone- and email-based passwordless authentication - using OTPs (one time passwords).

                      62 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        6 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                      • Spring Security Support

                        Storm Path is an example of an API/Service that provides all the same functionality as Azure AD B2C, and actually integrates with Spring Security very easily.

                        https://stormpath.com/

                        They provide code samples too:

                        https://docs.stormpath.com/java/

                        It would be fantastic, and ensure a much wider adoption market, if you were to create an open source project that provided the same easy integration and adoption.

                        52 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                        • AADB2C: Password Expiration

                          Unlike Azure AD, B2C does not allow you to set a password expiration policy. Please allow similar capability in B2C to set both a password expiry as well as the length prior to a notice being sent to the user before their password expires.

                          38 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            4 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                          • All Powershell/BASH/script Azure AD join

                            For converting BOYD to Azure AD in the field w/o user intervention, we need a way for elevated accounts to be able to perform an Azure AD join of devices via script.... come on, this is the basics...

                            Think of it as MDM self-enrollment... if not that, then give us a one-click way for users to self-enroll the device.

                            31 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              4 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →

                              Thanks for the feedback on this. There are several ways to do Azure AD join (OOBE, bulk enrollment and Autopilot) which provide a richer experience to join devices to Azure AD. We’re continuously working to enhance those, so currently this is unplanned for the near future. Please continue to vote to help us prioritize


                              Ravi

                            • Avoid verification code emails when the user is not registered

                              Azure B2C is gives a false impression that the user is in the directory when they try to reset their password.

                              Following is steps in reset password:
                              1) User clicks the Reset Password link
                              2) B2C presents a page with “Email Address” field and says “Verification is necessary. Please click Send button.”
                              3) User enters his email address and clicks “Send Verification Code”
                              4) B2C sends the verification code this that email address (Even if no user is associated with that email address. This is where the user thinks he is registered with the system)
                              5) Now the user enters…

                              31 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                              • Pre-populate username field with value from the query string like old Sign-In Policy

                                You provide policies for Sign-In, Sign-Up and Sign-In or Sign-Up. The "Sign-In" policies do not allow page customization because they are using an older (pre B2C) way of doing things. However, one advantage the Sign-In policy has is that I can add &username=myUsername and it pre-populates the Username field with this value.

                                In our system, we already know the username before we send them to the "sign-up or sign-in" Policy screen, and we'd like to add the username to the query string so the value is already populated.

                                28 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                • Enable Flash SMS for MFA/Multi Factor Authentication

                                  I'd like the possibility to use Flash SMS (http://en.wikipedia.org/wiki/Short_Message_Service#Flash_SMS) when sending one-way OTPs using Azure MFA / Multi-Factor Authentication.

                                  28 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    5 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Ability to add Microsoft Accounts through PowerShell

                                    We can add Microsoft Accounts (Live IDs) to an Azure AD through the GUI, but PowerShell support is still missing.
                                    We are in a situation where we use AAD to authenticate external users on an on-premises system, which hands off account management (expiration, password reset, etc) to the account's owner, while retaining the ability to enable or restrict access to the system by adding or removing the account to AAD.
                                    Adding the ability to use PowerShell, allows for a certain amount of automation and efficiency in managing these accounts.

                                    20 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      2 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Azure AD Applications - Needs

                                      - Allow applications in Azure AD to be organised into folders so business units who work in this space can 'claim' applications.
                                      - Provide the ability to rename applications or application instances once created.
                                      - Provide visbility of what user created an application.
                                      - Provide the ability to 'lock' applications from being accidently deleted.
                                      - Deletion of applications requires X global admins to approve, at the moment a rogue admin could destroy an SSO setup for an entire company in minutes...

                                      16 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        2 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

                                        Thank you for your feedback, some of the suggestions are already available:

                                        - Ability to rename applications
                                        - Provide visibility of what users created an application: You can use audit activity reports: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-activity-audit-logs

                                        Regarding the other suggestions, I’ll update this once it’s a planned feature. In the meantime, keep the voting coming so we can prioritize this higher.

                                        /Luis
                                        Program Manager

                                      • Do you know if the connector can update an Employee's Username in Workday?

                                        Our client is planning on using email address as the Username in Workday which also drives the SSO. The issue is - Let's say John Doe is hired in Workday and gets assigned John.doe@xyz.com. the new hire flows across to Active Directory and AD says that email is already in use and it needs to be updated to John.Doe1@xyz.com . We are using the Azure connector where the Azure app is able to update the worker's work contact information. Not sure if the Azure app has the ability to update the Username attribute in Workday account.

                                        9 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          2 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

                                          Hello,

                                          This scenarios is not currently possible with the Workday writeback connector. We’re evaluating solutions but it’s not planned yet.

                                          Keep voting to help us prioritize.

                                          Thanks,
                                          Luis

                                        • Custom error messages per SaaS App and tenant-wide also

                                          It would be really awesome, if Microsoft would provide developers with an option to provide custom error messages per Azure AD SaaS Apps and Global Admin to define some tenant-wide custom error messages as well. The error messages provided from Microsoft is not especially user-friendly or customer specific yet. This creates some confusions among internal and B2B users.

                                          I hope this would be taken into considerations like the Azure Conditional Access custom error messages.

                                          /Peter Selch Dahl
                                          Azure MVP

                                          Also see these related request:
                                          ---------------------------------------------------------------------

                                          Fix Error AADSTS50020 when logged in user doesn't have permissions to selected Application:
                                          https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/6795635-fix-error-aadsts50020-when-logged-in-user-doesn-t

                                          Customize…

                                          4 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

                                            We don’t plan to provide the capability to customize the error message for now. But, we have been working on making the error messages more actionable.

                                            If you have any suggestions for improving an specific error message. Please create another post and the team will improve it.

                                            /Luis
                                            Program Manager

                                          ← Previous 1
                                          • Don't see your idea?

                                          Feedback and Knowledge Base