Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure AD Application Manifest - Resource type declarations

    Azure AD application manifests offers a fantastic mechanism for ISV"s/Multitenant SaaS providers to provide a transparent declaration of roles. Most customer's when they hear of the capabilities of the Application manifest like this transparency and like this feature.

    However, it falls short as the role declarations do not permit for Resource based declarations by the consumers of the services.
    A role could define the entity types for the resource along with the data type - A role could be defined with specific accesses to resources and assigned to user's - all inside Azure AD.

    This is a feature which would…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. Delegated permissions not working

    I have registered an application at the application registration portal (apps.dev.microsoft.com) and configured it to use delegated permissions (specifically "Files.Read.All", "Sites.Read.All" and "User.Read") which are marked as "User can consent".
    In one tenant (used for development) the app works exactly as expected, asking the user to consent in the first access. However, in the client environment (I registered another app in their tenant, with the exact same configurations), the user is not asked to consent the permissions, instead it is shown a message:
    "{App name} needs permission to access resources in your organization that only an admin can grant. Please…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  3. app reply address does not update

    Under "apps.dev.microsoft.com" app url redirect does not update despite deleting old app entry. Trying to create quick prototype for client thinking of migrating to O365 and therefore only using the trial version for now.

    To update reply address, it requires login into azure. Permissions are limited for trial version and therefore unable to update "reply address".

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add Windows Store as a platform to an existing app in Application Registration Portal

    Hi,

    I had a UWP app working with OneDrive, allowing users to read and write to a file.

    Then I accidentally deleted my app from the Application Registration Portal and now any OneDrive related code throws an authentication error.

    How can I re-register my app with the Registration Portal to get it working with OneDrive again?

    I can add anew app but cant see a way of getting the Windows Store platform back. All my other apps have this platform by default.

    I've attached an image illustrating the platform that I want to add.

    Thanks for any help anyone can…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. Cannot save web platform added to app in Application Registration Portal

    Whether I create an app on
    https://identity.microsoft.com/portal/register-app
    or edit an existing app on
    https://identity.microsoft.com/#/appList
    I cannot add a web platform. The Save button on the registration page is always disabled. Only the Discard Changes button works.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. I cannot see my app after registering in apps.dev.microsoft.com, but I see it in the Azure AD Portal

    Unable to get app to show up on apps.dev.microsoft.com/#appList after trying to 'Add' Azure AD Only application. My registrations show up in the Azure AD portal.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  7. 3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. EndPointv2: List of Native Apps in the new apps.dev.microsoft.com portal

    At the moment when creating a new V2 app in https://apps.dev.microsoft.com/ the list of previous apps is restricted to the current user account only.

    There is currently no way in the new portal to see all Native apps if someone else (other developers) in the company created such an app as well.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  9. Restructure the Azure Active Directory product tiers to enable common App Dev Features

    Currently Azure AD comes in three pricing Tiers with a heavy focus on Office 365 interoperability.

    Azure Web Applications - particularly ones built using Cloud Services have no need of most of these features but do have need for
    ==> Authentication and Identity management
    ==> Brand Management
    ==> LDAP /Oauth 2.0 Federation

    Self-service password reset is also a Nice to have feature.

    Yet for a startup developer or someone building their first app on AzureAD, it makes no sense whatsoever to upgrade to either Basic or Premium since that involves signing an Enterprise Agreement, which often is not viable at…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  10. AppModelV2: support additional 'scope' values when using OpenId connect

    It looks like the current V2 implementation doesn't allow requesting OpenId scope values beyond "openid". At least with the ASP.Net MVC sample, if I modify the Owin Auth setup code to request additional values (e.g. "openid profile email"), an error is returned.

    Please consider supporting other values such as 'profile', 'email', 'address', 'phone' etc. (https://openid.net/specs/openid-connect-basic-1_0.html#Scopes) to request additional claims from the user.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  11. Search App Registrations by tag

    Today is possible to add tags to App Registration via the "tags" property in the manifest. This field is searchable via the Microsoft Graph API but it's not on the Azure Portal. Please, add the capability to search for App Registrations via tags directly from the portal

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  12. MSI Access token timeout

    Provide a timeout config to refresh access tokens generated by MSI. As of now the timeout is 8 hrs and there is no option to force refresh. So having a lesser refresh time ~ 1 hr is helpful or if it is made configurable it is really assists the customers.

    Scenario failed:
    I added an MSI to the reader group of a shared image gallery. This MSI could read the image only after 8 hrs, until then an http 403 was returned.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  13. Would be great if Azure function apps also start supporting Azure AD authentication via MSI

    If one Azure function apps can access another azure function app using MSI, it would be great as we will get rid of client credentials which are being used by the function apps for authentication

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow AAD applications as AD group owners

    We want to be able to delegate responsibility setting the membership of a set of Azure AAD groups to an AAD Application.

    This would allow the application to add and remove users from >only< the groups it owns.

    Currently the only way to achieve this uses a rather risky workaround, by providing the application with the Graph Directory.ReadWrite.All role, this enabling the application to manage >all< groups in the AD tennant.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  15. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  16. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  17. Bing Content API Batch Request failure

    I tried to use product batch request to insert( or update) products, but I continuously received the following error:

    Internal error occurred. Please retry executing the operation. If the problem persists, please report this issue to us together with the request you're trying to execute.

    Request is attached below.

    Could anyone help about this?

    Thank you

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provide a way to signout of portal.azure.com after ClaimsPrincipal has been creted in an External app

    Currently, I am using OpenID Connect to successfully create a ClaimsPrincipal in an external ASPNetCore application.

    The problem I have is that the user can then go directly to portal.azure.com (and they are signed in) -- Can we have a way to keep them OUT of portal.azure.com? These are just general users of an EXTERNAL app.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  19. Shared App Roles

    Azure AD App Registration should give the ability to share App Roles between apps. The scenario to enable is between a Back-end Web API and multiple client apps (Web, iOS and Android). A user is assigned an admin role in the client web app, this user will have that same role in the iOS app and Android app.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  20. Select Active Directory in the app registration portal

    I'm a member of two Active Directories. I'm a regular user in AD1, which is my default AD. App registration is disabled here for regular users, so I created AD2 where I am a global admin, so that I can create Bot Channel Registration resources which involves app registration. When I create the bot, there is a link to the app registration portal to manage app IDs and app secrets, but there I can't see my AD2 resources, because that portal is probably associated with my default AD1 and I cannot select AD2 there. Altogether this means that the bot…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base