Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. azure active directory role

    I have a scenario where azure active directory users login to fronend app and will be able to handle user administration using graph apis. These users will not having access to subscription/resources these users are access to only Azure AD who can update/create/delete usrs/profiles. To achieve those actions users should have user admin directory role. But the issue here is these users can login to azure portal and have admin assess to all users. For ex: if I have few applications where users are different i can manage from frontend app and business logic to show only users to related…

    25 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Azure AD services to support User Defined Routes.

    I deal with a great deal of small businesses which don't always have the IT resources to support enterprise level services such as Active Directory. All too often do I see AD domains setup with a single server running far too many services such as AD, SQL, File , Print, etc. Azure AD as a service gives you the ability to run AD in a highly redundant fashion without having to managed the servers. However it only works in Azure and only based on the default routes which only Azure has access too. I'm trying to build an environment which…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

  3. Add the ability to disable the "Stayed Signed in" page at the user level not just at the tenant level.

    Instead of only offering the ability to disable the Stayed Signed in page at the tenant level in Azure, could this be a feature that is configurable for a user or a group of users.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  4. Give the virtual machine contributor role all rights needed to create a functional virtual machine

    The Virtual Machine Contributor role currently lacks rights to create a new network interface on a virtual network for a new VM to be able to actually be used.

    It seems that is a key permission that would be required for someone to be able to contribute new virtual machines.

    Network contributor is too broad if you need operations engineers to be able to add new VMs but not be able to change any other vNET settings.

    So currently you need to set up a custom role for someone to be able to fully deploy new virtual machines.

    It would…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to up-vote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  5. Storage - Permission to create without permission to overwrite

    Currently, with the RBAC service, we can distinguish between permission to write and permission to delete. But, as the permission to write enables permission to overwrite, it is nearly the same as if it enables to delete. If i can create blob "test1", i can overwrite it with another content, which is really like destroying it in some case. So, i suggest it shoud be possible to distinguish between permission to create and permission to modify, update, overwrite a blob or another content.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure Policy: Override a deny policy according to user identity

    Azure policy does not discriminate who is the current user when applying a deny effect, if the resource created does not comply with a policy it will be rejected at validation.

    We have some cases where it would be more practical to be able to consciously override the policy at resource creation, then right after it create an exclusion for this resource. Typically, these are cases where the resource creator is a super-admin and knows its job.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  7. Keep allowing individual user consent on Azure AD native apps in the Azure portal

    Make this available in the "new" portal experience as it was in the "old" UI (which will soon be retired). Also add this operation to the Azure REST API, to perform it prgrammatically.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  8. To provide the option to the admins to enforce the Password complexity options by selecting all the 4 combinations of properties.

    admins should be able to manage AD as well as Azure AD to enforce password complexity by using all 4 options. Currently only 3 out of 4 are applied while changing user password,

    Characters allowed
    A – Z
    a - z
    0 – 9
    @ # $ % ^ & * - _ ! + = [ ] { } | \ : ‘ , . ? / ` ~ " ( ) ;
    blank space

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

  9. Change default settings for Azure Acces Panel Group settings

    As explained in this blog article: https://techcommunity.microsoft.com/t5/Office-365-Groups/Hide-Groups-from-a-Guest-User/m-p/574284#M6183

    from Toby Guest user have access to groups in the azure panel.
    When a guest account is added through Azure AD and the invite email is sent, they follow the instructions to login into the Guest tenant and end up on this landing page.

    https://account.activedirectory.windowsazure.com/r#/applications

    The Guest User can then click on Groups and Join Group and see a list of all the tenant groups and the members of any of the groups.

    This is not desired behavior. Default setting should be to not enable group options.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Groups/Dynamic groups  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

  10. Azure B2C Custom Page Content needs warning if no URI is provided

    On this page, https://portal.azure.com/#blade/Microsoft_AAD_B2CAdmin/TenantManagementMenuBlade/userJourneys - it would be helpful to have a warning or information box pop up when you select "Use custom page content" Yes to say that you need to enter your own Custom Page URI location. I kept changing the No to Yes but did not enter a different URI and it would revert back with no warning back to No.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

  11. Allow for the default Microsoft Authenticator account named of “Azure AD” to be configurable.

    If a user goes to https://aka.ms/mfasetup and sets up their account preference then they do get an account named accordingly in their Authenticator app…
    However if a user doesn’t setup their account preferences and they log into the Outlook app on their phone for the first time and receive Intune app protection policies they end up with an Authenticator account named “Azure AD”.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

  12. Azure Policy - MFA Policies support for an internal MFA Server

    We would like to use the Azure MFA policies, however they assume the usage of Azure MFA, and within our company we are using an On-premise MFA server. We have now disabled the policies, based on a statement from the PG on supporting this feature:

    - You have disabled the default policies since you had no clear view on when it works.
    - We have checked the policy "Audit accounts with write permissions who are not MFA enabled on a subscription" and some of the users that had write permissions on the subscription were not enabled for MFA in Azure…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to up-vote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  • Don't see your idea?

Feedback and Knowledge Base