Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable per user MFA bypass for Azure MFA (Cloud) make this both temporary and permenant based on settings

    Currently per user bypass is not capable in Azure MFA (Cloud only) this can be done using the Azure MFA on premise server. This functionality make Azure MFA more usable for a end user community that often loses or forget cell phones and need temporary bypass. Also using Azure MFA with NPS/Radius there is no way to allow services accounts that do network equipment monitoring to avoid Azure MFA if we want to enable MFA to access critical network infrastructure or VPN using radius this would help this scenario too

    52 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Azure AD MFA enhancements

    Like to suggests a couple of enhancements to Azure MFA (not MFA server).

    Ability to pre-provision users at scale (send QR code to selected users via email, import mobile numbers to protected 'authentication contact info' area in users profile via PowerShell, etc.)

    Provide method for users to change MFA device or bypass MFA if device isn't available (security / secret questions in lieu of MFA, alternate email - personal, etc. )

    Provide administrators a method to bypass MFA for a user (one time bypass, bypass MFA for 'x' amount of time, provide temp code that will work for 'x' amount…

    49 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. One-time Bypass in Azure MFA Cloud Only

    We need an option to allow for one-time bypass to allow users to reset their MFA if they dont have access to their Authenticator App (phone damaged or lost,stolen). Phone number as backup is not an option

    45 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. MFA only allow initial setup from inside corporate network.

    Please allow configuration of initial MFA setup for users so that they can only provision MFA from within our corporate network. Also the ability to pre-provision and lock-down their MFA settings (cell phones etc). We need to be able to make sure that not just anyone from outside can do the initial provisioning of a users MFA setup. In case a users password is compromised.

    45 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Adding non-listed 3rd Party MFA via Azure AD Custom Controls

    How do you get an MFA Server on the list, as at present it seems to be restricted to RSA, Duo and Trusona. Or when will you open up support for the general MFA providers, and/or provide the information that will allow another vendor to integrate in the same fashion.

    Reason:
    We have a very large customer we are working on with their whole of Staff UAM 2FA upgrade. They are looking at both on-premise and cloud options, but require the 2FA to be on-premise. Azure's approach with ADFS will be restrictive as compared to AWS and GCP's approach, especially…

    44 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. New method for automating onboarding of users in MFA

    Current onboarding mechanism in O365/Azurd AD requires that the users onboard themselves. They can choose MFA-method and telephone number themselves.

    We strongly suggest a new method of automate onboarding for end users. We would like to map telephone number from the organization AD and choose one of the MFA methods as preferred. We also would like to have a option to turn on/off the possibility for end users to change their MFA-profile (MFA method and telephone number).

    The benefit for all customers will be that the CA/MFA solution will be more secure since no onboarding for users can be done…

    42 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Prevent Change Contact Phone Number by Users in Azure Multi-Factor Autentication.

    I want to allow change contact Phone Number by users ofAdministrator in Azure Multi-Factor Authentication.
    To prevent user to sign-in to system outside of the comany.

    If prevent change contact phone number by users,
    Admin set User's contact phone number to Admin's phone Number,
    and set Trusted IP of Azure Multi-Factor Autentication to the company office's public ip.
    and prevent change contact phone number by useres.

    42 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. 39 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Azure MFA synchronization between on premise and cloud

    Hi. We are currently AAD Premium subscribers (via EMS) If I'm reading all current documentation correctly deploying a MFA server on premise would be completely independent of any Cloud based MFA registrations for O365 and other SSO apps. This results in a userbase needing to register with 2 different MFA servers and causing some confusion. It would be nice if the on premise MFA server could synchronize or even proxy requests to the cloud based MFA server so only 1 registration would be needed.

    For example, user John Smith has 2FA turned on in the O365 cloud portal, and goes…

    38 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add company preferred MFA option

    Company should have option to choose preferred option for MFA for users. For example, we allow Mobile Phone and App. But in onboarding, portal asks only for phone setup and not for app. Users complain about SMS codes, they do not find an App option in advance settings.

    36 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. MFA cloud-only solution should support an additional PIN option.

    In order to compete with equivalent solutions available today, it would be great to have the ability to enforce a PIN as a prefix or suffix to a verification code, or even as per the current on-premise MFA offering. This allows systems an additional "what you know" option, where primary authentication is weak or only deals with identification and not authentication.

    35 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Azure MFA Trusted IP limitation of 50 address ranges

    Currently per the article: https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-whats-next the Trusted IP for configuration "For requests from a specific range of public IPs" is restricted to a hard limit of 50 IP Address ranges.

    Please provide the ability to extend this number as there are companies like ours where the limit of 50 IP Address ranges makes this not usable for production environments.

    33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Improve Azure Authenticator App to require password or touch id validation before approving push request.

    Currently, if you receive a push notification to the Azure Authenticator app while the phone is locked, merely swiping the notification and selecting View allows access to approve (or deny) the request. Other authenticator apps (Google, Lastpass, etc.) require the device password or touch id (on iOS) before the request can be approved. This is a security flaw and needs to be fixed.

    32 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Enable Flash SMS for MFA/Multi Factor Authentication

    I'd like the possibility to use Flash SMS (http://en.wikipedia.org/wiki/Short_Message_Service#Flash_SMS) when sending one-way OTPs using Azure MFA / Multi-Factor Authentication.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Delegate Azure MFA One-Time Bypass to other roles used by Servicedesk engineers

    Include Azure MFA One-Time Bypass in Role User Account Administrator or Privileged Role Admin or Password Helpdesk Admin

    26 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. change default MFA method / configuratble default MFA method

    Hi,
    Currently when users enable MFA on their accounts, "OneWaySMS" method is the default option. This is a less secure and higher friction UX of the available options.

    It being the default method seems to contribute to it being the most common method used.

    Request the defaults to be reconsidered.
    - no default. Require the user to make an explicit choice
    - change the default to either PhoneAppNotification or PhoneAppOTP
    - make the default an admin configurable option

    thanks

    25 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. We would like to activate MFA at our designated time.

    At present, MFA is activated at the time when the administrator enables MFA per user.
    We would like to activate MFA at the administrator's designated time. We believe that this enables us to broaden our range of operation.
    It would be great if we could, for example, control by designating the time to parameter "RememberDevicesNotIssuedBefore".

    24 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow Applications to be Protected by MFA through CA

    Allow the following appliations to be protected by MFA through Conditional Access:

    • Office365 Shell WCSS-Client
    • Microsoft Office 365 Portal
    • O365 Suite UX

    These applications are related to the Office Portal.

    24 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Show the Country and App/OS that triggered the MFA request via Authenticator app pop up

    If using the Microsoft Authenticator app with App Notifications for Azure MFA requests why can't we also have the Country and App or OS which has triggered the MFA request?

    This will help users from blindly always tapping Approve and also give them more info on what app has requested MFA.

    You can already see this info in the Azure AD sign in and audit logs so why can't it be pushed through to the app pop-ups too?

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Control “Remember MFA for devices that users trust” on an application basis

    At the moment “Remember Multi-Factor Authentication for devices that users trust” is only a global setting

    For most of our application InfoSec is fine to have 14 day before reauthentication and that’s a fair compromise between usability and security especially for things like the SfB App on the mobile

    Nevertheless for some applications we want to have AAD enforce MFA for every login as the data in those systems is highly confidential, e.g. the system that manages the payroll and benefits for our top executives

    So we’re asking to have an option to overwrite the “Remember Multi-Factor Authentication for devices…

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base