Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add application name (and/or IP) to MFA prompt

    Hi,

    Currently the MFA prompt on the mobile device is very limited in the amount of information being shown. My users are getting prompts sometimes out of the blue, and they don't if those are legitemate or fraudulent.

    Legitemate prompts that are asynchronous from users:
    - Outlook on some computer needing to provide MFA again after X days
    - Outlook on mobile needing to provide MFA again

    Fraudulent:
    - Somebodies password was phished.

    The idea is to add some more context information to the MFA prompt in the authenticator app:


    • Application name requesting MFA, or

    • IP Address / geolocation, or
    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. allow for multi-byte (unicode) characters to be allowed when using the RADIUS authentication method in on-prem MFA

    Its currently not possible for users to authenticate via on-premises MFA if the given user has a unicode (multi-byte) character in their password like a £. This becomes inconvenient especially when MFA is being used as an authentication method for remote access and there aren't any other remote access methods available that don't use MFA.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Port Azure MFA Server (PhoneFactor) reports from "classic portal" to "new"/current portal and give "Security Reader" role access to them.

    Port Azure MFA Server (PhoneFactor) reports from "classic portal" to "new"/current portal and give "Security Reader" role access to them.

    The Azure MFA Server - Activity Report which is currently available in the "new"/current Azure portal and all of the MFA Server reports that are only available in the "Classic" are only consumable by "Global Admin" role members. This makes it difficult to utilize with the rest of the security protection model available to the "Security Reader" role members.
    It would be useful to get these reports moved to the "new"/current Azure portal and get them accessible to the "Security…

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Authenticator App

    Most organizations require their users to enroll with Intune before they can access their 365 email... why not enroll their device into the authenticator app automatically during the Intune enrollment. Or if they install the app from the intune store, it automatically enrolls the device into the authenticator app... QR code is a little clunky for average users, and at this point the device is managed and can be wiped at anytime by Intune admins

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add Windows Server 2016 support for Azure MFA server

    I hope that Microsoft will soon add for Windows Server 2016 for the Azure MFA server. Perhaps it should be added to Windows as a new role

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Show Sign-in info (location, client, device-type, etc) in Authenticator app

    especially for users (e.g. admins) who receive a lot of MFA signin requests via their Authenticator App (sometimes at unexpected moments), it is crucial that they can quickly verify where the authentication request originated from (detailed location info) and more details on the device (client app, device-type, etc) so the user can make an informed decision if the MFA authentication request on his phone is legitimate or not.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow multiple tenants connect to the same Azure MFA NPS extension or on-premise installed MFA server

    Right now it is only possible to connect the Azure MFA NPS extension to one Azure Tenant ID. For hosters it would be great to use a central NPS/Radius server or MFA servers where all the customers can connect to. Sll with their own tenant ID.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Provide MFA Reports via API or reporting services

    Currently we pull a daily user detail report from the MFA portal and add it to a spreadsheet we then visualise with Power BI. It allows us to monitor the success/failure rate across authentication methods. Linked to an AD extract it also allows us to report based on country.

    It would be useful if the report data could be obtained via API to automate the collection of this data

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Give option not to use trusted device as the MFA source

    We have noticed you don't get prompted for MFA, even if you have, "Require multi-factor authentication", "All Locations" and "Browser" ticked in Azure.

    I've been told by Microsoft Support that this is because the device I'm logging in from is a, "Trusted Device" (It is a Windows 10 laptop with, "Access work or school" in Accounts configured).

    You get prompted for full MFA if using Google Chrome, but if you are using Edge or IE then this is bypassed because the laptop fulfils the MFA request.

    In Conditional Access policy, "Require multi-factor authentication" is defined as, "User must complete additional…

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. provide a way to import OATH tokens into Azure MFA, assign them to users, and autoactivate them, in order to allow migration

    Need a way to import OATH tokens, assign them to users, and have them activated automatically, in order to allow migration from an existing system using the OATH tokens without having to manually activate each one individually.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Generate alert MFA information updates

    Create the possibility of generating an alert for MFA information update, so admins can keep track of them.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. MFA

    Update the Multi Factor Authentication (MFA) Gui so we can see any account that is NOT enabled or enforced. Seems like a basic setting but I cannot find any resource to help identify these risks and it is troubling (and manual).

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. There seems to be no Azure AD role to manage OATH tokens

    Currently it seems only Global Admins can manage OATH tokens in Azure AD. Would be good if you could delegate that topic.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Email address is available in Azure MFA

    Currently, email address is available only SSPR in Azure AD.
    But I would like to use user's email in Azure MFA.

    For instance, users receive a verification code by email.
    Then users perform two-step verification using a verification code.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. mfa nps extension for rds bypass wan ip

    It would be great to bypass MFA for RDS to given WAN IP adresses. So the users can login directly only from the office.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Management Portal 2 factor authentication

    Yes there is a way to enable 2 factor authentication for apps and hosted services etc, but if there is a way to enable it for the management portal I cannot find it.

    This is the same request, it's marked as completed by the Azure team, but the link they provide is for enabling it within hosted services and on prem servers, and doesn't actually appear to address the question.
    http://feedback.azure.com/forums/223579-azure-preview-portal/suggestions/3043211-two-factor-or-ad-authentication-for-management-p

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  3 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Move Identity Protection MFA Registration Policy to Azure AD Free or AADP1

    Each customer needs an easy way to request the MFA registration of his employees. With Conditional Access the registration is unfortunately only requested when the employee needs MFA for the first time, but the previous registration would be much better. Therefore, please move the Identity Protection MFA Registration Policy to Azure AD Free or at least AADP1.

    Yes security defaults would accomplish this but I have a lot of AADP1 / E3 customers that would like to enforce the enrollment. A workaround would be via SSPR reg policy. The CA policy with user action would only "secure" the registration not…

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. PAP authentication and special characters in passwords

    We are experiencing an issue where users with certain special characters in their passwords are being denied access.
    My research shows that this is most likely due to a limitation in NPS using PAP, where the deciphered password is treated as ASCII and not UTF-8, misrepresenting characters such as £, Æ, Ø, and Å.

    If ms-chap-v2 had supported SMS or code authentication, this would not be an issue.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Beter whitelist controls for MFA NPS Extention

    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-advanced

    IP_WHITELIST only allows for single IP addresses. Would be very usefull to provide CIDR ranges.

    Would also be nice to have to specify for wich IP address MFA should be triggered. So by default no MFA, only when the authenticating device matches criteria (e.g. IP address, etc.) Would be great if that was integrated in de NPS configuration.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. provide a way to sync the mfa codes between iOS and android.

    I'd like to sync between iOS an android devices. please add backup/sync feature

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base