Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

We have a new log in experience integrated with Azure AD, and we strongly recommend you log in with your Azure AD (Office 365) account. If your UserVoice account is the same email address as your Azure AD account, your previous activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Merge office365 and live accounts that use the same email address

    I use both Azure/msdn and office 365
    I already had an msdn account mvdl@our-company.com ( Windows Live account) and our company recently migrated to Office 365 which resulted in a mvdl@our-company.com Office365 account.

    Wich is causing a lot of grieve when switching between asure web portal / msdn web portal / office 365 web portal

    Even when I have no portals open, I cant switch accounts. I need to explicity open the portal that I last logged in to. Log out, and then I can switch accounts.

    And having both office 365 portal and Azure portal open at the same…

    1,127 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      228 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

      Folks,

      Thanks for the questions and suggestions. And apologies for not sharing any update on this thread for so long. We’ve been working on this problem and have announced changes on our official team blog (see here: https://cloudblogs.microsoft.com/enterprisemobility/2016/09/15/cleaning-up-the-azure-ad-and-microsoft-account-overlap/).

      First, we are acutely aware of the UX pain this is causing and we are sorry for this. We are trying to undo a decade and a half of systems divergence. There are literally hundreds of different engineering teams across Microsoft involved in this effort. So this is taking time.

      Second, we can’t easily “merge” two accounts, or allow IT to “take over” personal Microsoft accounts. There are two main hurdles: (1) The terms of service are fundamentally different for the two account types and (2) they are based on different technologies with different stacks (different identifiers, SDKs, token formats, etc.). We’re working to converge the two stacks but again this…

    • Add support for nested groups in Azure AD (app access and provisioning, group-based licensing)

      A lot of organizations use nested groups in on-premise AD. Syncronizing these groups to Azure AD have no value today. But the group itself have value on-premise
      Creating new group in AD with only users and then synchronize it to Azure AD creates extra administration for administrators and confusion for end-users.

      Dynamic Groups in Azure AD as of today don’t have support for “Member Of” or similar hence don’t solve the problem.

      Adding nested groups to Azure AD would add a lot of value to Azure AD.

      841 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        96 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

        We’re continuing to investigate options for adding this support. There are technical challenges to overcome in order to make this happen. We thank you for all your valuable comments so far, and welcome any additional feedback you have on what are the most important use cases involved with these scenarios.

      • Fix Error AADSTS50020 when logged in user doesn't have permissions to selected Application.

        Currently if the logged in users doesnt exist in the Tenant Directory for a given application. The user is shown a very unhelpful page with the following:

        Sorry, but we’re having trouble signing you in.
        We received a bad request.

        The debug error is :
        AADSTS50020: User account 'some email address' from external identity provider 'https://sts.windows.net/someguid/'; is not supported for application 'https://someappurl'. The account needs to be added as an external user in the tenant. Please sign out and sign in again with an Azure Active Directory user account.

        122 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          planned  ·  32 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
        • Allow different login branding customizations per-domain

          We have a number of subdomains in our tenant which are used for various purposes - clients, partners, staff etc.
          It would be great to be able to customise the login branding customisation settings on a per-domain basis rather than globally across the tenant.

          104 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            11 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
          • Device-level authentication as primary authentication like ADFS 4.0 (Windows 2016) in Azure AD

            It would be AWESOME, if Azure Active Directory would provide device-level authentication as primary authentication like ADFS 4.0 (Windows 2016)

            We need this please!

            70 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              3 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
            • Allow more customization of the myapps.microsoft.com portal.

              Would be great if I could forward a subdomain to our myapps.microsoft.com portal. Instead of giving users a the microsoft.com URL, I want to give them one.theblaze.com.

              Second, would be great if there was a newsfeed widget at the top of the portal that could show an RSS feed of company news.

              66 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                10 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

                Thanks so much for the feedback! Customizations of the My Apps portal for both end users and admins are on our roadmap. This includes providing the ability to re-arrange and group apps and as well as using a customizable domain.

                We are also looking to see if we can enable embedding other components like widgets. We’re still in process of validating options for this.
                Please keep sharing your feedback and ideas around this!

              • Support pin to taskbar in Enterprise State Roaming

                The taskbar settings work with Enterprise State Roaming, they roam between different computers, but not the pinned apps. When users work at different computers, the roaming of pinned apps would be the most valuable part of a roaming taskbar.

                35 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
                • Password expiry notification for Azure AD joined devices?

                  It would be great if a Password Expiry notification could be implement for full Windows 10 Azure AD-joined clients in the same way as the domain joined clients receive them. A notification that pops up at bottom-right corner of the screen. At the moment I wasn't able to find any way of enabling that.
                  We use Azure Directory Sync - no ADFS.

                  34 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    7 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
                  • Customizable Password Policy and Account Locking Features

                    1. Configurable password requirements (e.g., complex passwords, password length, character limitations etc)
                    2. Configurable number of attempts before Account is locked

                    33 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      6 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

                      Hey folks, thanks for the interest in this, and we have some good news to share. Configurable lockout is in development now (mostly done, actually) and we’re aiming for June or July public preview.

                      For configurable password complexity, length, etc, we hear you. Longer passwords are in planning now, and we’re thinking about our approach to how we want to enable the other configurability features. I don’t have any more details to share on this for now, but we do have interest in building features.

                    • Support roaming of network printers with Enterprise State Roaming

                      It would be great if the connected network printers would also roam between different computers with Enterprise State Roaming.
                      They roam with UE-V. But if you combine UE-V with Enterprise State Roaming (what is the recommended solution of Microsoft) you loose the possibility of roaming network printers.

                      28 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
                      • Create sample code for a customized landing page for Azure AD applications

                        The MyApps portal isn't customizable enough (many requests to improve this). Why not create and share sample code so customers can imbed Azure AD applications into their OWN landing pages?

                        28 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          5 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

                          Thanks so much for the feedback! Customizations of the My Apps portal for both end users and admins are on our roadmap. This includes providing the ability to re-arrange and group apps and as well as using a customizable domain.

                          Alongside this, we are looking at ways to expose these capabilities through APIs that allow customers to create their own version that meets their needs.
                          Please keep sharing feedback and ideas!

                        • Support roaming of more settings in Edge browser with Enterprise State Roaming

                          We're very happy that with Enterprise State Roaming we've got a solution to roam different settings from Edge browser, specially the favorites. But for a good end user experience it would be necessary that also the possibility to set a specific page as the homepage and other settings like the preferred search engine in the address bar would roam between different computers.

                          27 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
                          • Need to add categories of applications in the myapps portal

                            Need to add categories of applications in the myapps portal - as you add a large amount of SSO apps, need to make it easier for user to navigate

                            24 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              3 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

                              Thanks so much for the feedback! We know how important it is for users to have the ability to customize their app list and make it very easy to find their core applications.
                              Customizations of the My Apps portal for both end users and admins are top priority on our roadmap. This includes providing the ability to re-arrange and group apps and provide users sets of categorized apps.

                              Please keep sharing your feedback and ideas around this!

                            • Support HTML support in Azure AD Branding

                              My colleague and I receive several customer requests regarding enabling support HTML support in Azure AD Branding like Samuel D. (Mr.ADFS) provided for ADFS.

                              Microsoft currently only support plaintext for the "sign in page text".

                              Please support the following bold, italics, colours, etc. text and support href links?

                              Top request is for bold text and links. We don't need advanced stuff like JavaScript injection like in ADFS.

                              23 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                3 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
                              • Application Management In Access Panel

                                There are some issues, with the way apps are presented to the users in the access panel, this would bring the access panel experience up to par with equivalent 3rd party application portal apps.

                                1. Please allow the administrative removal of any O365 application from a group of users in their Access Panel Application, even if they are licensed for a O365 product we dont necessarily want to have it display on a users access panel. e.g. Delve - we dont want the user to not have Delve access but we dont necessarily want the app linked on their access…

                                15 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  2 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

                                  Thanks so much for the feedback! Customizations of the My Apps portal for both end users and admins are on our roadmap. This includes providing the ability to re-arrange and group apps and as well as using a customizable domain.

                                  We’ve also recently add a few new features to allow you to better manage the visibility of apps on My Apps. You can now hide specific third party applications and as well as the set of Office applications. Learn more about it here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-coreapps-hide-third-party-app

                                  Please keep sharing feedback and ideas!

                                • My Apps portal getting crowded with Published Apps

                                  The Azure My Apps portal is getting crowded with Published Apps and there is no way to customize the look and feel. It would be nice if the portal allowed better oganization/customizations of the published apps where you could move around apps, hide apps, put apps into a folder structure, etc....

                                  15 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    3 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                  • All Admin to hide some Self-Service Group tiles (such as Delete) in MyApps portal

                                    Allow Admins to remove the Delete tile to prevent Group Owners from "Deleting" Azure AD Groups. We need to allow them to modify membership but not delete/edit/change ownership of the group that they have been granted owner access.

                                    15 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Azure AD Smart Lockout unlock capability for admins

                                      I'm blown away by the lack of options once your account gets locked out by the Azure AD Smart Lockout feature. Not having the ability to monitor the account lockout duration or have the option to unlock an account using this feature is insane.

                                      13 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Provide a better end user message for "We received a bad request" or AADSTS50105 message when user doesn't have permission to an application

                                        When using SAML-based SSO within Azure via a built-in app, or a custom non-gallery application, the error message that end users receive when they are not in a group that provides access is confusing.

                                        Users could attempt to access the application if someone sends them the "User access URL", and the message that they receive is the following:

                                        "Sorry, but we’re having trouble signing you in.
                                        We received a bad request."

                                        In very, very small text at the bottom of the screen, it says:
                                        "Additional technical information:
                                        Correlation ID: XXXXX
                                        Timestamp: 2017-08-10
                                        AADSTS50105: The signed in user 'user.name@contoso.com'…

                                        13 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          2 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                        • AADDS: Make it possible to move Users synched from AAD to other OUs then "AADDC Users" OU

                                          Putting all Users/Serviceaccounts synched from On-Prem AD in one OU is a little bit confusing...

                                          11 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 6 7 8
                                          • Don't see your idea?

                                          Feedback and Knowledge Base