How can we improve Azure Active Directory?

← Azure Active Directory

Allow for customized error messages in Azure AD Conditional Access policies

Allow for an administrator to create customized error messages to replace the generic AAD conditional access "you do not meet the criteria." For example, if I have a conditional access policy that blocks access for Windows devices based on a specific criteria, I could display a custom error message that would offer links to support sites, or IT support #. In addition, allow for multiple custom error messages to be defined, and linked to specific policies that block access. For example, we could display a different error message on PC, iOS, or Android devices that are blocked via a conditional access policy.

343 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Steve shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

27 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • John R. commented  ·   ·  Flag as inappropriate

    Same comment as @Swaranjit. Why tell the hacker, you just successfully guessed/cracked a PW, but you have to VPN to X country/browser/OS to continue hacking me?

    I want a 'blocked' generic message regardless of whether the password is correct. I would prefer if they aren't allowed to login from a blocked country then don't bother checking the password. Do I honestly have to go to a competitor to get this level of security?

  • Amit Sood commented  ·   ·  Flag as inappropriate

    Agreed with other comments, that we need option to customize error message that can be more descriptive to end users based on the context.
    Or Is there way to send to a different End Point (Url) on authorization failure.

  • Swaranjit commented  ·   ·  Flag as inappropriate

    We are also looking to submit a feature request to change the “access denied” or support customized message when a user successfully authenticates to AzureAD but do not get permission to the resource when attempt to access it due to a conditional access policy.

    We do not want any indication if the authentication was successful or not.

  • Steinar Mollan commented  ·   ·  Flag as inappropriate

    The AADSTS50105 is not very intuitive to end user. Customizing the error message or altering the standard text is needed.

  • shreyance commented  ·   ·  Flag as inappropriate

    A MUST have feature. No brainer.. don't forget end users are not technical. And they want to read something that makes sense

  • Moe commented  ·   ·  Flag as inappropriate

    We badly need customized error messages in Azure AD conditional Access policies. Please make this feature available soon.

  • Gareth commented  ·   ·  Flag as inappropriate

    Dave Draffin's comment from 2017 +1! - we do much the same thing. Would be excellent to have this feature.

  • Anonymous commented  ·   ·  Flag as inappropriate

    +1
    We have conditional access policies blocking phishy countries that effectively say: "Almost there! You got the password right, just use a VPN endpointing somewhere not in the 3rd world and you're in!"

    Absurd!!! I want a 'blocked' message regardless of whether the password is correct. If they aren't allowed to login from a blocked country then don't bother checking the password.

  • db commented  ·   ·  Flag as inappropriate

    Yes, please implement this ASAP! The fact the message provides validation to a possible attacker that the combination of username and password was successful is a major issue for security.

  • Peter Selch Dahl commented  ·   ·  Flag as inappropriate

    Hi Caleb,

    Please work with the entire Azure AD team to make a unified strategy for error messages in Azure Active Directory. We also have issues with Azure B2B and would really like the option to have custom error message depending on the SaaS app the user is trying to access.

    B2B issue

    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/34736548-
    customize-error-message

    @Jose & @Sarat from the B2B team.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Ok it has been about 4 months and I still do not see the feature to customize such notifications. I do see this under Compliance , but not under Conditional Access.

  • Dominic Corso commented  ·   ·  Flag as inappropriate

    Awesome! We are patiently waiting for this. When a user is blocked from access in most cases we can direct them to some basics for help and prevent a helpdesk call all together. Can't wait!

← Previous 1

Azure Active Directory: Conditional Access

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice