Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure AD Domain Services is forcing me to change passwords, even set password never expires

    Azure AD Domain Services is now forcing me to change passwords for every account, inclulding service accounts, in every 30 days, even I have set password never expires. Hopefully this will be fixed soon, this is preventing or at least making inconvenient to run SharePoint workloads integrated with Azure AD Domain Services.

    47 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    closed  ·  9 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  2. Provide AAD-DS support for geo-dispersed deployments

    We are deploying IaaS and PaaS solutions which span multiple regions and geographies. We wish to leverage Azure AD Domain Services as the directory service for these solutions but are currently constrained by the single region requirement. Please provide the ability to enable AAD-DS in all subscriptions, Regions and VNet's associated with an Azure AD tenant.

    Geo-dispersed limitation:
    https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-comparison#geo-dispersed-deployments

    30 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support smart card login on windows 10 devices which are Azure AD joined

    We have increasing demand from clients to use smart cards or MFA for desktop login on windows 10 devices that are only using Azure AD.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add more resource to B2C development team

    Any chance of adding a couple more people to B2C development team as there is a massive backlog of items

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    closed  ·  0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  5. Bind an Azure AD Application Proxy application to a specific connector instance

    Today, the Application Proxy service maintains a list of active connectors and it can potentially use each one of them to interact with the on-prem network.

    This means that, should you have 2 different websites, each one belonging to a separate on-prem network, is extremely tricky to use the Application Proxy and expose both of them to the public internet at the same time.

    Azure AD Application Proxy should allow me to specify which connectors I want to use for a specific application, perhaps keeping the current implementation only as a default.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow Custom Token Lifetime

    For web applications that are not implemented as a SPA using Azure AD for a line-of-business application with a token lifetime of an hour not enough in some scenarios.

    Can we please have the ability to customise when the token will expire?

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    After hearing from customers during the preview of token lifetime management, we’ve implemented authentication session management capabilities (https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime) in Azure AD Conditional Access. You can use this new feature to configure refresh token lifetimes by setting sign in frequency. After May 1, 2020 you will not be able to use Configurable Token Lifetime policy to configure session and refresh tokens. You can still configure access token lifetimes after the deprecation.

  7. Allow Azure AD Domain services in multiple virtual networks

    Right now AADDS is only available for one virtual network. In our organization we have split applications up with each application having its own VNET.

    Some of these don't support SAML or OAuth2 as an authentication mechanism and only LDAP. It really sucks to have a virtual network gateway set up just for LDAP authentication.

    Please allow multiple VNETs to use AADDS.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  8. Skype For Business Modern Authentication

    Please support modern authentication in Skype for Business 2016 in AD Connect Pass Through Authentication scenarios

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    closed  ·  2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  9. Guidance to migrate to the new ARM domain services and remove the ASM domain service

    We currently use Domain services with ASM and a VPN to the ARM network, Microsoft has migrated the AAD Domain service to Azure ARM, however, it is still connected to the network in ASM. How can we migrate the service so it will use the ARM network? Because the we can remove the ASM network and gateway which lowers the costs. Can you give us a guidance of how to accomplish this?

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  10. User provisioning: optimized

    User/Group provisioning: optimize SCIM requests

    Please optimize SCIM requests. We found that Azure (unlike other SCIM clients) makes requests as "small" as possible, thus making multiple requests in a short span of time. This is sub-optimal and uses up a lot of "bandwidth/resource" on our side.

    For example:
    1. provisioning a group with 5000 memberships. instead of creating a new group with 5000 members or making a single patch with 5000 members to add to, Azure AD SCIM makes 5000 individual PATCH requests.
    2. provisioning a user. instead of making a single POST call with all the attributes as stated…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Provisioning to Applications  ·  Flag idea as inappropriate…  ·  Admin →
  11. To provide a list of the applications the users have consented to access their data.

    We are unable to determine the list of the applications the users have consented to access their data.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enable Remote Desktop between 2 physical on prem machines that are both joined to the same Azure AD

    Machine A wants to remote desktop to Machine B. Both machines are Win10 joined to AAD. I am a global admin logged into A and I want to remote desktop to B using my AAD global admin credential - that does not work currently. You still can only remote with local user credentials (assume no on-prem AD, only AAD). For small organizations, there is no need for an domain controller on prem - but for an admin to not be able to connect to machines using their AAD credentials makes an AAD network environment (assume all machines Win10) a non…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  13. Microsoft Azure AD Sync Windows service is not running or could not start

    Microsoft Azure AD Sync Windows service is not running or could not start. As a result, objects will not synchronize with Azure Active Directory.

    Start Microsoft Azure Active Directory Sync Services
    1. Click Start, click Run, type Services.msc, and then click OK.
    2. Locate the Microsoft Azure AD Sync service, and then check whether the service is started. If the service isn't started, right-click it, and then click Start.

    event viewer ..
    Windows Azure Active Directory has sent a redirection. Redirection url: https://adminwebservice-s1-co2.microsoftonline.com/ProvisioningService.svc. Code: 87. Description: Azure Active Directory has sent a service redirection to 'https://adminwebservice-s1-co2.microsoftonline.com/ProvisioningService.svc'. Server…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    closed  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow for the renaming applications

    Once an application has been created it can no longer be renamed. This is very annoying given that you may wish the rename the application down the track. Renaming an application should be available from within the UI.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure AD Connect Health show IP or UserAgent for last bad passwords

    The Azure AD Connect Health already reports on users with the most bad passwords in the last 30 days along with the last time they had a failed attempt. Is there any way this report can be enhanced to show the last IP address or UserAgent the attempt was from? I think this shows in the audit logs, but would be great to show this in the report or allow drill downs.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →

    Risky IP feature is in public preview. It would allow you to see top IP address that have impact on the multiple users.
    We are also working on the correlated report to have the entire sign-in history available for deep analysis.

  16. Guest User writeback

    We want to sync Guest Users from AzureAD to On-Prem AD.

    Because we have an SharePoint 2016 Farm published over Azure AD APP Proxy and we want to give external users the rights to login.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    closed  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  17. Integrated support for:

    MIM is not supporting such things:
    1.MS SharePoint
    2.Office365
    3. SharePoint
    4. Lync

    Also wouls be great to have more flexible Exchanhe support.

    Thanks!

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  18. Use AAD group membership to filter/control user writeback to ADDS

    The new Azure AD Connect "User writeback" should also have the option to filter/scope which users are synchronized to on-premise ADDS with AAD group memberships. Just as Sync-Filtering options for syncing pilot users to AAD.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    closed  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  19. AAD-FIDO2 Integration

    As per below url,

    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone

    AAD & FIDO integration is possible using Azure portal & MS self service portal "https://myprofile.microsoft.com".

    Is this integration can be accomplished, programmatically via graph api endpoints or any other rest end points?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Passwordless  ·  Flag idea as inappropriate…  ·  Admin →
  20. Exclude "register security info (preview)" from Conditional Access

    We need to exclude "register security info (preview)" from conditional access policies.

    We use Azure MFA for RADIUS (non azure / o365 services) Authentication and our user have to self register their authentication method.

    This registration is not possible from private workstations, because our Conditional Access Policies says User needs MFA and combpiant device. Result: User tries to register his secuirty info from non compliant device --> fail

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base