Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. provide a radius service for azure active directory so vpn clients can use azure mfa

    provide a radius service for azure active directory so vpn clients can use azure mfa

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Converged MFA and SSPR

    We have enable the converged Multi-factor Authentication (MFA) and Self-Service Password reset (SSPR). I feel this is easier for end users to update their info as it is all in one place. However, There should be some indication on each type of authentication/security option for what is can be used for (SSPR OR MFA or Both). This would help non-technical end users understand the configuration better.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add MFA support for server login including console mode (not RDP)

    I see many companies are using third-party MFA solutions to secure their servers.
    These solutions have 3rd party add-on that modify the GINA.dll so the server login screen will have additional field for OTP or will have a wait mechanism for push notifications. The add-on applies for both RDP and direct (console) connections without the need for RDG, and works on servers 2008 R2 to 2016.

    Azure AD MFA should also be able to:
    1. Leverage GINA.dll (it is MS code)
    2. Be able to pass requests to and from MFA Server or NPS Server
    3. It should be agent-less…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Provide Government MFA support for Azure File Shares, and allow integration with Azure Active Directory.

    Response from a recent Microsoft ticket "In short, MFA will not be possible for access to the Azure Files Shares, at least in the foreseeable future. Additionally, the Azure File Shares are not designed to integrate with Azure Active Directory. " when trying to monitor/provide MFA support for accessing a file share on the Azure Government platform.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add a filter to show "disabled" multi-factor users

    The multi-factor authentication users list has three filters currently

    All
    Enabled
    Enforced

    When the most important thing for me to know is the users who DONT have multi-factor enabled, wouldn't it make sense to have a filter for "disabled" ?

    Right now I have to page through 300 users looking for any that are "disabled" because I cant even sort by this column.

    Anyway, I am requesting that a filter for "disabled" be added and the ability to click the column headers to sort.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. mfa

    For MFA signup policy, it would be best to offer a 'user opt-in' option, rather than forced YES or NO. We are seeing a use-case where this would be needed as some users simply can't deal with the complexity.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Set UK Phone Number as Caller ID for Azurre Multi-Factor Authentication

    As our customer base is entirely in the UK we would like to set the caller ID to be from a UK number so that customers feel more assured about the two factor process.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Provide a prompt when using azure MFA with RDP

    Currently if you use Azure MFA and remote desktop with the NPS doing the authentication the user receives no prompt that the server is waiting for MFA to be approved on the devic. As per your own article on it the RDP connection will just sit at initiating remote connection until it fails so if the users phone is in another room they just call help desk asking why they cant login.

    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg#verify-configuration

    A simple "please approve the MFA prompt on your MFA device" notification on this screen would make it a 1000% more useful and cut down a heap…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. provide more specific error message for user MFA proof up

    when user is blocked for MFA and trying to proof up MFA in aka.ms/mfasetup, the returned error message is not so helpful - it just show "please check the phone number you specified or change your preferred option", along with a correlation ID and session ID. it would be better to return the specific failed reason so we could save a lot of time for troubleshooting.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Provide Office Phone as a Multi-Factor Authentication option

    We had an issue with "Office Phone" (with extension) not being available anymore as a MFA method for end-users to select. Turns out that we had a "preview feature" enabled that no longer supports office phone in the MFA Registration process. This is a problem for us, as it is very hard for us to require end-users to use their personal phone for MFA business needs. Please add Office Phone and Extension as an option in the preview feature of MFA. Here are references to this change that Microsoft is previewing... https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-registration-mfa-sspr-combined

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. MFA authenticator improvement

    It would be helpful to know which app was requesting the code or the approval. When the whole office suite is asking for it for example. On startup it can be Skype ondrive outlook teams SharePoint and more. Pretty annoying. Especially if the notification for the application on your PC hides behind the actual application you won't notice

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow admin to change timeout for response time of each MFA method

    Now the response timeout for each MFA method (Ex. App push notification is 1 minute etc.) is NOT changeable.
    Customer would like to be able to change this timeout.
    Because when they use NPS extension they are able to set timeout to NPS server but it does effected by the timeout above.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Azure Multi-Factor Authentication (MFA) - Microsoft Authenticator code reset options

    Provide us with the ability to ensure the MFA code reset password can be chopped up and sent to multiple individuals.

    I.e. the first half of the code gets sent to you and the second half gets sent to the IT Security Manager, System Admin or other Manager.

    Reason being is that I updated my work phone and needed to reset my Microsoft Authenticator code through the authentication web page. I followed the prompts to have it reset and the code was sent to my phone, from there I was able to scan the QR code on the screen and…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Provide additional details about a push notification (ie, source ip, source service, time, logs, etc)

    As we are starting to push MFA in our organisation, it will become more common to have popups from the authenticator app. We have issues where many of our user accounts get compromised, and we have noticed that some users just blindly click accept for a MFA push notification.

    What we would like to see is the ability to push more information along with the notification. This could possibly be done by sending specific VSAs to our NPS Radius server which in turn could deliver these variables to the client.

    Ie, source IP address, source country, source service (vpn, outlook,…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Authenticator App For Windows (Linux, OSX)

    It would be nice to have a MS Authenticator app for computers. PingID provides a mobile app that can be used when phone is unlocked and a Windows app that requires a pin code to access.

    My phone is a single point of failure for using Microsoft's multi-factor authentication (MFA) to verify logon attempts. While office-based employees can use their desk number as an alternate contact, traveling staff have a computer and phone. Phone bricks, battery dies, whatever my sad phone story may be and I'm stuck. The work-around is to have a friend or family member's number in as…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable usage of attribute "StrongAuthenticationUserDetails" for dynamic group membership

    Currently the attribute StrongAuthenticationUserDetails cannot be used for Dynamic Security Groups in Azure (on which we would like to apply conditional access). Could this be added as one of the additional attributes for a complex dynamic membership rule?

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Azure MFA is 2-step. It needs to be 2-factor.

    Our PCI auditor told us that Azure MFA will not be compliant with DSS 3.2 starting in January 2018.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Set context/description for MFA bypass IP address subnets

    It would me great, if Microsoft would provide a field that would provide IT security admin to set a description for the IP address subnets that he/she is white listing for MFA byPass.

    Basically just the same as the Azure AD Reporting team did for trusted locations.

    Thanks!

    @Shawn Bishop

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Manage Multi Factor Authentication via Group association

    Please add the option to add Multi Factor Authentication to Groups. Makes it much easier to manage.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. I'm having trouble logging in. "Come back again later You've hit our limit on text verification codes. Try to sign in again shortly

    Come back again later
    You've hit our limit on text verification codes. Try to sign in again shortly.

    This has started happening the past few days. I have not hit any limit; I literally sat down at my computer and tried once to log in.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base