Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. PowerShell and Graph API support for managing Multi-Factor Authentication

    Currently, the only available option to automate Azure MFA administration appears to be the MSOnline PowerShell module, released back in 2015.

    The MSOnline module's Set-MsolUser and Get-MsolUser cmdlets allow administrators to enable and disable MFA on a user object using PowerShell scripts.

    Alas, the MSOnline module itself does not support MFA when connecting to Azure AD. Administrators hoping to make use of the MSOnline module cannot have MFA enabled on their accounts. In short, for an admin to manage MFA with PowerShell, the admin's account can't be protected by MFA.

    The new AzureAD and AzureADPreview PowerShell modules support connecting to…

    834 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    123 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    We’re really pleased to let you know that we’ve released the first authentication method APIs to public preview:

    https://docs.microsoft.com/graph/api/resources/authenticationmethods-overview

    So far there are APIs for managing phone numbers and password resets. When phone numbers are set with the API, the user can use that number for MFA and SSPR (as allowed by your tenant’s policy).

    The team is hard at work at building out APIs for all of the other authentication methods, and we’ll update the response here as they’re released.

  2. Enable per user MFA bypass for Azure MFA (Cloud) make this both temporary and permenant based on settings

    Currently per user bypass is not capable in Azure MFA (Cloud only) this can be done using the Azure MFA on premise server. This functionality make Azure MFA more usable for a end user community that often loses or forget cell phones and need temporary bypass. Also using Azure MFA with NPS/Radius there is no way to allow services accounts that do network equipment monitoring to avoid Azure MFA if we want to enable MFA to access critical network infrastructure or VPN using radius this would help this scenario too

    210 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    29 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Azure MFA Trusted IP limitation of 50 address ranges

    Currently per the article: https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-whats-next the Trusted IP for configuration "For requests from a specific range of public IPs" is restricted to a hard limit of 50 IP Address ranges.

    Please provide the ability to extend this number as there are companies like ours where the limit of 50 IP Address ranges makes this not usable for production environments.

    50 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. IPv6 Whitelisting option in Azure Multi-Factor Authentication

    The Azure Multi-Factor Authentication server software only allows IPv4 whitelisting. IPv6 whitelisting would be great for the future.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Azure MFA Cloud : Abillity to remove specific sign-in option like Telephone for work

    I've not heard two times from customers that they REQUIRE that they can manage / choose which authentication methods are available to users during the MFA enrollment proces.

    The IT administrators would like to control the phone authentication numbers or limit access to the Azure Authenticator.

    It would also be nice, if it would be posible to define different policies for specific users or group of users

    @Shawn Bishiop

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base