Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Improve MFA registration process when completed on a mobile device

    When you start MFA setup on a mobile device there are two main issues that can occur from our testing. You cannot capture the QR code on screen mobile device on your mobile devices camera, so the MS Authenticator app needs to be able to accept either a screenshot from your mobile device capturing the QR code, or accept the https:// URL and the Code provided by copying them, however the spaces in the Code when copied drop characters in the MS Authenticator app, so you need to remove the spaces, then add the missing digits for it to work.…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Give Users a way to choose which authentication method to sent the authentication code to during initial sign on.

    Give Users a way to choose which authentication method to sent the authentication code to during initial.

    We need to be able to authenticate from a work place where cell phone usage is illegal from work. But when we leave work or can not come to work we can not authenticate from work or go in to change the Authentication number and Alternate Authentication number. There is a real need to be able to choose the authentication number to send the authentication code to during sign on.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Improve Azure (and Office365) MFA user management screen

    Hi,

    Currently the screen to manage user MFA (disabled, enabled, enforced) is quite limited. A typical use case for me is:

    "As an administrator I want to know which users have MFA set to disabled"

    Currently there is no way to get this information from the screen as there is no filter available for status "Disabled". Also the "Status" column cannot be sorted.
    So the only resort is to go over 100s or 1000s of accounts over lots of pages to identify the users. Or use powershell.

    It would be very helpful to get one or more of the following…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Please allow granular RADIUS authentication filtering

    As it stands, we can use the on-premises MFA server to authenticate RADIUS clients in an all-or-nothing fashion. Our real-world requirements include only letting people in a specific group into a specific VPN endpoint (RADIUS client), while allowing a different group to get into a different client. It would also be very useful to be able to say, for a single client to accept users in group A with MFA challenge, but group B without. A rich rule set like ADFS provides would be even nicer, but intermediate steps in that direction soon would be a huge improvements.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide Multi Factor Auth for Microsoft Accounts when logging into the Azure Portal

    Currently multi factor authentication can be enabled for accounts created in Azure AD, for securing login to the Azure Portal. However Microsoft accounts such as user@live.com can not have multi factor authentication enabled for them. This creates a security risk for those that may not have organization ID for the tenant they are working in, or the Microsoft Account has been granted co-admin or RBAC access to other subscriptions.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Windows Authentication for Terminal Services support for Windows Server 2012 R2

    Windows Authentication for Terminal Services support for Windows Server 2012 R2

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Prompt for secondary authentication method when Phonenumber is pre-populated

    Take a look a this Github issue: https://github.com/MicrosoftDocs/azure-docs/issues/57279

    When I use My Staff to set the user's phone, strong auth method is registered.
    This statisfies the Indentity Protection en SSPR reset registration.
    I configured to register 2 methods, but the users is never prompted.

    1.Brand new user is created
    2. User is added to Administrative unit
    3. Manager sets phone number
    4. Add user to the identity protection and sspr registration policy
    5. User logs in, is prompted for MFA like expected (caused by Conditional Access)
    6. Users changes password (new user)
    7. User is NOT prompted to register second…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Change the information on Windows Hello for Business enrollment screen

    We would like to modify Windows Hello message to say Hello for Business message so the difference is apparent. We are currently are experiencing confusion as to which solution the user enrolls to.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. azure MFA setup with NPS, should allows passwordless as first authentication method rather tan secondary

    azure MFA setup with NPS, should allows passwordless as first authentication method rather than secondary, we want to validate user with OTP at first level and then enter password as secondary method

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Provide MFA support for the new AZ modules

    We are currently and successfully using the ‘StrongAuthenticationRequirement’ object to enforce MFA via PowerShell with MSOline modules. We are reviewing our code base in prelude to upgrading to the new PowerShell AZ modules and we came across what we think is no support for MFA in the new PowerShell AZ modules. Security being such a fundamental requirement in this day and age we are hoping it’s the case that we have just missed something.

    Note: We are well aware that there are things we can now do to ease the upgrade namely coexistence between MSOnline & AZ modules and also…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow the ability to import and assign MFA hard tokens to be delegated

    right now, only a global admin can import and assign mfa hard tokens. It'd be great to be able to delegate that ability to helpdesk or security team members. It really seems like something the existing Authentication Administrator role should be able to do

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow per user exceptions to Azure AD MFA

    I have several service accounts that need to work with NPS Radius MFA and O365 MFA. I would like these accounts to automatically be successful not requiring MFA prompt so they will work for service accounts

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Provide Office Phone as a Multi-Factor Authentication option

    We had an issue with "Office Phone" (with extension) not being available anymore as a MFA method for end-users to select. Turns out that we had a "preview feature" enabled that no longer supports office phone in the MFA Registration process. This is a problem for us, as it is very hard for us to require end-users to use their personal phone for MFA business needs. Please add Office Phone and Extension as an option in the preview feature of MFA. Here are references to this change that Microsoft is previewing... https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-registration-mfa-sspr-combined

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. MFA enrollment date

    Would like to see when user originally enrolled in MFA. Date/time/ip address/

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Provide admin role ability to view / delete registered authenticator apps

    Ran into an issue where user is capped at (5) registered authenticator apps. Working with support, there is currently no way for an admin to see how many registered authenticator apps a user has nor is there a way for an admin to delete them.

    Need ability for an admin role to view/query/modify registered authenticator apps.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Support 3rd party MFA tokens with NPS Extension for Azure MFA

    The ability to use 3rd party MFA tokens with the NPS Extension for Azure MFA.
    It is very handy to use Azure MFA for VPN authentication but it is not always practical to use the Microsoft Authenticator app for MFA. There are often times where we need to give 3rd party contractors access to the VPN and providing them with a single hardware token is much easier to manage than having the Microsoft Authenticator app setup on a phone.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. DUO MFA - Does Not Re-prompt for Authentication when used with Azure CA

    Azure keeps the DUO MFA session cookie active in the browser even when an application has timed out or has been closed and re-opened. When re-authenticing with the application the CA Policy does not call the DUO servers for new session cookie (DUO have confirmed this). I would like to control DUO Authentication session times as you can with the native Azure MFA.

    In addition, I would like to see the following in azure sign-in logs:


    • DUO MFA has been used

    • CA Policy was triggered when DUO MFA is used

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. Please add Maldives to phone verification list.

    There is no option to select maldives whilr trying to do sms verification. I think this is a bug as all other Microsoft services has full support in maldives.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Currently there no visibility who approved the user the one time by pass from MFA User Portal and to skip the MFA step.

    Issue:-
    Currently there no visibility who approved the user the one time by pass from MFA User Portal and to skip the MFA step. Alos if Possible Please add info bar which will contain the reason of one time bypass, also How the user portal admin will verify the requested user is the real one.
    Impact:-
    The is Security loophole, there is possibility to missuse of account or this functionality with help of MFA User portal admin.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Email Notifications on MFA Initial Setup or Changes

    We would love to have customizable email notifications for users that establish their MFA profile or make any changes to their settings. We cannot find an easy way to trigger this currently, and it seems like basic security functionality.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
1 2 6 8 10 16 17
  • Don't see your idea?

Feedback and Knowledge Base