Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow the creation of custom administrator roles in Azure Active Directory

    Allow the creation of custom administrator roles in Azure Active Directory. In our case we want to assign rights to our helpdesk to allow them to reset users MFA forcing them to proof up. The Authentication Administrator role allows for this but also grants too many other permissions that we don't want to give. Creating a custom role allowing for just MFA reset would resolve this

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Authenticator App For Windows (Linux, OSX)

    It would be nice to have a MS Authenticator app for computers. PingID provides a mobile app that can be used when phone is unlocked and a Windows app that requires a pin code to access.

    My phone is a single point of failure for using Microsoft's multi-factor authentication (MFA) to verify logon attempts. While office-based employees can use their desk number as an alternate contact, traveling staff have a computer and phone. Phone bricks, battery dies, whatever my sad phone story may be and I'm stuck. The work-around is to have a friend or family member's number in as…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow E.164 formated data for Office Phone in Azure MFA registration page

    Office Phone in Azure MFA registration page usually get the data syncs from Azure AD but it will fail to get the data and display on Azure MFA registration page if the Azure AD is having the data in E.164 standard format.

    Either let the users enter the office phone in the MFA registration page https://aka.ms/setup by themselves or allow the E.164 standard format from Azure AD to Azure MFA registration page

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Request code during MFA authentication - Conditionnal access

    To reduce the risk of identity theft or employee that always press approve on their mobile phone during the 2 step validation, could it be possible to add a request code so the user can validate that he/she approve a legitimate authentication request?

    For integrity purpose, this process will give the opportunity to the end-user to easily identify from which application he/she initiate the authentication and approve the right request on their mobile device during the MFA notification (phone call or by the Authenticator app).

    This feature is already in place for 2FA validation for personnal account (hotmail.com email address…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. See recent MFA events, source IP, & requested app

    On the mobile app, display source IP and requested app in the prompt, as well as show recent requests in a list sortable by timestamp

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add otpauth protocol support to Microsoft Authenticator

    The Microsoft Authenticator app cannot add accounts directly from URLs using the otpauth URL schema. All otpauth:// links are intercepted by Google Authenticator only, this prevents the user from adding his accounts from third party sites directly with the click of a button in the mobile browser.
    Check out https://daplie.github.io/browser-authenticator/ to see the links in action (unfortunately they are not actually creating a clickable link, but the otpauth:// URL is generated and it works with Google Authenticator when linked properly).

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add MFA in Azure AD Domain Services

    I would like to have MFA natively included in Azure AD Domain Services It will be much more easyer to protect IaaS ressources that are member of Azure AD DS, preventing to use MFA server.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. App Services Deployment Credential Security Improvements

    Deployment credentials or publish profiles use single factor authentication . Please provide a way to toggle off publishing post deployment or add MFA to deployment credentials.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. In place of the Microsoft Authenticator app, can we use a different OTP generator app for MFA?

    In place of the Microsoft Authenticator app, can we use a different OTP generator app for MFA?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure MultiFactor Service

    Dear Microsoft,

    We would like to be able to programmatically set the "White List IP's" in Azure Multi Factor Service. In some cases , our end points change IP Address, and we would like to be able to set these IP Addresses using a powershell script to similar. This would be particularly important if we have a large number of end points changing IP address on a regular basis.

    Thank you.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Restrict MFA App registration to device with the same phone number assigned.

    Some organizations would like to prevent a user from having Mobile text/SMS/App from being 2 separate devices but rather require by policy that they be the same device. IE during registration of the OATH token in Azure Authentication check that mobile phone on the device matches the mobile phone registered in Azure MFA.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add support for Flash SMS messages in Microsoft Azure MFA (Both Cloud and On-Prem)

    Add support for Flash SMS messages in Microsoft Azure MFA (Both Cloud and On-Prem)

    @Shawn Bishop / Nitika Gupta

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Require specific Multi Factor Authentication method for App

    When using Conditional Access to give access to a specific application it will today per default use the user specified preferred Multi-factor Authentication method.

    We would like to be able to protect the access to some apps a little further to ensure that the user must unlock the phone and open the authenticator app.

    Add support for forcing the authentication method towards specific apps with Conditional Access

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Value of "RememberDevicesNotIssuedBefore" when MFA is enabled with Powershell command

    As MFA gets acctivated by PowerShell command, the display of "RememberDevicesNotIssuedBefore" shows like below.“0001/01/01 0:00:00”.

    So please make it display the correct date and time.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. The Combined Enhanced method for SSPR and MFA has a design flaw in that users can choose a non-MFA auth method when registering.

    If using the Combined Enhanced method, the only authentication options which should be presented to the user are options which can be used for either SSPR or MFA. Currently, any enabled SSPR method is presented as an option in the combined so if the user chooses a non-MFA auth method (eg. email or questions), they are under the impression that they are registered for MFA.
    Yes, you can try to combat that with user education or documentation but you know users....

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. MFA partnership with V-Key

    V-Key (https://www.v-key.com/) is a MFA solution working with Singapore Govt and few international banks in APAC. We would like to be Microsoft's MFA partner. How do I take this forward?

    Below program from Microsoft Azure Active Directory is where we would like to partner:
    Custom controls (preview)
    Custom controls are a capability of the Azure Active Directory Premium P1 edition

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. MFA for multi-tenants

    Many customers, specially in Education run multiple tenants for several reasons, including security and functionality, and is not feasible to join the tenants. These customers, use Microsoft MFA for tenant 1 and are forced to go to third party MFA to allow their ADFS to work with both tenants. By creating a dual tenant MFA solution it will enable the customer to stay with a single provider.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow admin to change timeout for response time of each MFA method

    Now the response timeout for each MFA method (Ex. App push notification is 1 minute etc.) is NOT changeable.
    Customer would like to be able to change this timeout.
    Because when they use NPS extension they are able to set timeout to NPS server but it does effected by the timeout above.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow no verification options to be selected

    If you allowed admins the choice to allow all verification options to be unchecked, combined with a bypass for trusted IPs, you'd be able to allow access to Office 365 from only known locations.

    Conditional Access (AAD Premium P1) is proving expensive for this one requirement.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure AD Reporting include Disabling MFA

    Need the ability to see when an admin disables MFA. Currently there is a specific log for Enabling Strong Authentication, but no log for Disabling Strong Authentication.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
1 2 5 7 9 16 17
  • Don't see your idea?

Feedback and Knowledge Base