Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. MFA Phone Numbers Verification or Encryption in DB

    It would be beneficial to be able to enforce that multiple users are not using the same phone number for MFA within the on-prem MFA server.

    Additionally due to privacy concerns, it would be beneficial if the phone number field were encrypted in the database such that admins are unable to retrieve them in clear text from the server.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Change Sign-ins from infected devices title to Sign-ins from suspicious IP

    Change Sign-ins from infected devices title to Sign-ins from suspicious IP. The title of this detection is inaccurate, it is actually when a sign in has been detected from a suspicious IP. Improved wording would be appreciated.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. MFA Limit the Amount of One-Time Bypasses Allowed

    It would be nice if it were possible to limit the amount of one-time bypasses a user can issue themselves within a 24 hour period. Because a user is able to login to the MFA User Portal using security questions when they do not have access to their primary MFA device, someone can essentially bypass MFA altogether by using security questions and issuing themselves a one-time bypass as many time as they want. This also violates PCI compliance in that it doesn't meet the criteria that "MFA should be implemented so that authentication mechanisms are independent of each other."

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Unique Sender

    We have been reported by our users that the MFA codes are being sent by totally different numbers. Although we know that this is an expected behaviour, it would be good to consider at least calling the senders in the same way, and if possible not Microsoft, but an agnostic name.

    It would also be good to be able to customise the message with a custom text to offer a better user experience.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. MFA Verification Method, "Call to phone", The user answers the call and presses #. This should be a configurable option to use different key

    Sometimes the users' local phone system reserves the "#" key for a special purpose on incoming calls. Meaning that the touch tone sound is not passed onto the caller, in this case the MFA incoming call. Currently, MFA doesn't allow changing this to use a different key. This should be configurable (to use a different key) in the same way that the voice message being played is configurable.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure MFA Server On Prem - Disallow Phone Extensions or Specific Phone Numbers

    PCI compliance puts services like soft-phones and VOIP as a risk for use with Multi-Factor. The reason being, if an employee has a soft-phone on a laptop that was stolen and their multi-factor is sent to the phone associated with that soft-phone, then both primary and secondary factors are on the same device, thus it is not true multi-factor.

    To mitigate this, it would be nice if we could disallow phone extensions and/or specific ranges of phone numbers (i.e. office phone numbers) from being used as valid options in the MFA server. Has anyone come across this scenario? If so,…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow AAD Guests to become members of mail-enabled security groups

    AAD Guests can be added to a security group in Azure, but Azure does not allow for the creation of a mail-enabled security (MES) group. An MES group can be created in the O365 admin portal or the EAC, but AAD guests are not listed as entities who could be added to the MES group. This makes it impossible to use groups to control access to SPO and O365 while also being able to communicate with the group via e-mail.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Move old MFA for Azure portal into AAD portal

    The current MFA Portal is terrible slow. Please move it into Azure AD Portal and make it faster. Currently on-prem MFA Server can be managed.

    I am sure this already is an idea, but I can't for my life find it.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Switch first and second faktor

    Make it possible to authenticate with OTP as first factor and if a strong authentication is needed the password works as second factor.
    Should be configured per App

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Management portal of MFA/conditional policies and automated management of users with conditional policies

    We have the MFA Conditional Policy in place but no good way to monitor and manage users. Manually running a powershell command to verify who is registered and who is not is an administrative headache.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. This SUCKS. I'm trying to get the authentication app to work on my Samsung Galaxy S8

    I've got the authentication installed, but when I want to set up the first account, it wants the QR code. When I try to get the QR code, it wants the verification code first. If I had the verification code, I wouldn't need all the rest of this ****! I'm sick of going in circles! I can't verify that its me unless you let me in to verify. The only choices its giving me is to use the authenticator app on my phone! Aaaargh!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Poder aplicar los dos pasos tanto en la PC (uso en el hogar) Lapto fuera del hogar.

    Que pueda aplicar los dos pasos cuando uso la PC en mi hogar, y aplicarla tambìen cuando uso la Lapto fuera del hogar. (estudios, oficina, viajando, etc)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. mfa

    sign-in log improvement for MFA info.
    It would be helpful to identify which application (defined in a conditional access policy) has triggered the MFA for a particular sign-in activity.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. This sucks!!! Very confusing and time consuming! What code do I use to get into the first log in?

    Why not just Keep It Simple Silly??? The is too time consuming to do on our own time, and it is frustrating for some of us!!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Adding Authenticator App Timeout

    Adding Authenticator app fail every time with timeout for new setup in new experience in Czech Republic.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow the user to unenroll from MFA

    After Two-Way auth is enabled (aka.ms/mfasetup) there is no turning back from the users perspective.
    The users should be given an option "Remove" from the attached screenshot, which is again at the aka.ms/mfasetup.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow Authenticator app in administrator password reset policy

    The default (and enforced) password reset policy for Administrative accounts does not allow the use of Authenticator (either codes or notifications), forcing instead the use of external email and either call/sms.

    From my perspective Authenticator seems a more secure choice than either of these two enforced methods.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Converged registration for self-service password reset and Azure Multi-Factor Authentication

    the new Converged registration for self-service password reset and Azure Multi-Factor Authentication needs to tell the user that the Administrator has set a minimum number of methods needed before the DONE button is available.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Hola. No me envía mensaje de comprobación ni llamadas y no es problema de señal

    No recibo mensaje ni llamada y no es problema de señal

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. authenticator app "work or school" account

    Why can't we use a work or school account along with iCloud account to back up the Microsoft Authenticator app? As a business, we'd like to improve the iOS device replacement process with a restore of the Microsoft Authenticator app. Most users do NOT have a personal Microsoft account, but DO have a work or school account.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base