Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

We have a new log in experience integrated with Azure AD, and we strongly recommend you log in with your Azure AD (Office 365) account. If your UserVoice account is the same email address as your Azure AD account, your previous activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Linux compatibility for AzureAD Powershell Module

    As mentioned in https://github.com/PowerShell/PowerShell/issues/5274, the AzureAD module is not compatible with Linux.

    69 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      8 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
    • Recycle Bin For Deleted Devices

      Would be great if there was a recover-msoldevice cmdlet or some way to recover a bitlocker recovery key after a device was deleted.

      51 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        8 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
      • Find all users with app passwords

        We think that it's necessary to have a command for PowerShell to show app passwords per user. It would also need to show what app the password is being used for. MFA is pointless with thousands of app passwords. Not every user we've enforced has set up app passwords. this is what me and many other admins would like to know.

        32 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
        • Ability to add Microsoft Accounts through PowerShell

          We can add Microsoft Accounts (Live IDs) to an Azure AD through the GUI, but PowerShell support is still missing.
          We are in a situation where we use AAD to authenticate external users on an on-premises system, which hands off account management (expiration, password reset, etc) to the account's owner, while retaining the ability to enable or restrict access to the system by adding or removing the account to AAD.
          Adding the ability to use PowerShell, allows for a certain amount of automation and efficiency in managing these accounts.

          20 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            2 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
          • Powershell command to update the authentication contact email

            Need to change the user alternate authentication emails for azure user accounts using Powershell. We are able to change the same in azure portal i.e. Azure active directory >> Users and groups >> all users >> profile >> Authentication contact info >> email.

            17 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              4 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
            • Possibility to set attribute LastPasswordChangeTimestamp

              Following to the article
              https://support.microsoft.com/en-us/help/4025960/federated-users-in-azure-ad-are-forced-to-sign-in-frequently we're trying to set the attribute LastPasswordChangeTimestamp with powershell.

              By using the CMDlet "Set-MsolUser" with the parameter "LastPasswordChangeTimestamp" nothing happens. The value stays empty / does not change. No error message from the CMDlet. Seems to be a bug!

              The new CMDlet "Set-AzureADUser" does not like to support this action, at least there is no parameter like “LastPasswordChangeTimestamp”: https://docs.microsoft.com/en-us/powershell/module/azuread/set-azureaduser?view=azureadps-2.0

              Please give us a way to programmatically set the attribute LastPasswordChangeTimestamp for an azure ad user.

              14 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
              • Add support for creating native AD applications via PowerShell cmdlets

                The current version of the New-AzureRMADApplication cmdlet only supports creating web applications in Azure AD. Please add support for creating Native Applications as well.

                14 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  4 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →

                  The new Azure AD PowerShell module that is under development will include support for applications. (Note: These will be following the -AzureAD pattern, not -AzureRm, convention, which is specific to Azure Resource Manager.)

                • Provide PowerShell access to user extension attributes used in Azure App SAML claims

                  We need access to get and set the values using PowerShell for user.extensionattribute1 to user.extensionattribute15. On-prem users have these values synchronized via Azure AD Connect, but I'd like to set the values manually for our cloud-only users.

                  See suggestion: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/13743219-allow-for-employeeid-as-a-selection-for-nameidenti

                  13 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                  • Use Powershell standards for Powershell cmdlets

                    The AzureADcmdlets do not obey standard Powershell coding guidelines/rules/practices that make them weird and harder than necessary to use. Three examples:

                    -All (For instance in Get-AzureADUser Get-AzureAD...) should be a switch, not a boolean.

                    -WhatIf should be supported by all Set-* commandlets, and should ideally be able to display the object being changed (like Set-ADUser does). If it doesn't, then at least it will be possible to validate the parameterset.

                    -Set-AzureADUser -ExtensionProperty wants a 'system.collections.generic.dictionary[string,string]'. However, you only need a hashmap, and Generics is not straight forward in Powershell. Hashmaps are.

                    11 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      1 comment  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                    • Install and configure Azure Marketplace Enterprise Applications using PowerShell

                      We need to be able to automate from start to finish the installation and configuration of Azure Marketplace (not custom) Enterprise Applications like AWS, ServiceNow, etc....using PowerShell.

                      10 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        2 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                      • Add a parameter for Set-MsolUserLicense for enabling individual features.

                        Currently, the Set-MsolUserLicense cmdlet uses reverse logic for what features should be enabled for a user's license.

                        You need to define what features should not be enabled rather than what features should be enabled.

                        This causes challenges when it comes to rolling out a new feature if there is not complete autonomy in how an organization's features are configured.

                        It is not as easy to for example go through and indicate to turn on a particular feature for all users and leave their existing features intact.

                        It would be very helpful to have an option to enable a particular feature…

                        7 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                        • Edit Office 365 Group ProxyAddresses

                          There is an issue with Office 365 group and email aliases. If a user creates a group named "All amazing people" it will create Office 365 email alias allamazingpeople@contoso.com. But in certain instances there are customers (like us) that use Azure AD Sync. So when I create distribution group in our AD, with same email name I get a sync issue.

                          If I rename Office 365 group and change email address, for some reason all aliases are kept, so the only solution is to remove Office 365 group. I have worked with support when it was mentioned "remove group,…

                          7 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                          • There is currently no way to specify a manager of a user using PowerShell

                            Currently, using the MSOnline PowerShell module, we can specify many properties of an Azure AD User, including the title, city and name, things like that. However, there is no ability to specify the user's manager, among other fields.

                            The only method to achieve this is through the REST API, which requires using oAuth2.0, something which is very difficult to accomplish using PowerShell.

                            I'd recommend these missing management areas be covered with an update to the PowerShell module.

                            7 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              1 comment  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                            • Infrastructure as code

                              In following the Infrastructure as Code model, all settings management available through the GUI should be available through an API, even if it evolves from v1 through REST, to v2 through a PowerShell module.

                              6 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                1 comment  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                              • Get-MsolUser should return the "Source" of the AD entry

                                Both the Classic portal and the ARM portal clearly display where each AD entry is sourced from. Usually, this is either "Microsoft Azure Active Directory", "Microsoft account", or "Microsoft Azure AD (other directory)". I want to have that information available in the data returned by Get-MsolUser but it is not.

                                6 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                                • Enable Unattended Sign-in for Federated Users

                                  Currently I can sign in to Azure AD with the Connect-AzureAD cmdlet's -Credential parameter with a cloud-authored account. When I try to do this with a federated account that is synced from our on-premises directory, I receive this error:

                                  accessing_ws_metadata_exchange_failed: Accessing WS metadata exchange failed: The remote server returned an error: (400) Bad Request.

                                  I had the same issue with the preview versions of the msonline module with ADAL. Please address this so unattended sign in works with federated accounts as well.

                                  Thanks!

                                  6 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Password-based SSO - change credentials using powershell

                                    We want the ability to be able to update user credentials for password-based SSO apps using powershell so we can script it, as we set credentials for each user individually. To set up for hundreds or thousands of users this will take a very long time using the UI.

                                    I have googled this for hours, and came close to finding a script that could do it but unfortunately couldn't get it to work in our scenario.

                                    Can we please get this functionality?

                                    5 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      1 comment  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Fixing New-AzureADApplicationPasswordCredential

                                      When using New-AzureADApplicationPasswordCredential with a CustomKeyIdentifier, it is not possible to edit keys in the Azure Portal anymore (an error "Unable to complete the request due to data validation error." is raised).

                                      It should be possible to manage keys with these cmdlets without breaking the portal.

                                      See https://stackoverflow.com/questions/47081133/how-can-i-add-an-app-registration-key-with-powershell-without-breaking-the-azure for the exact steps to reproduce the problem.

                                      5 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Improve filtering of results

                                        Currently with the MSOnline module we can easily filter for users based on domain name, department, etc. but this is not easy using the AzureAD module since it is dependent on the Azure AD Graph oData filtering. Beyond this it seems to have its own limitations as well. For instance, the Azure AD Graph supports the 'startswith' method in oData filters, but this is not supported by the AzureAD module.

                                        Please consider expanding on the filtering capabilities of the AzureAD module to allow us to find users by domain name or other properties easily.

                                        5 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                                        • PowerShell PIM Access Reviews

                                          It doesn't appear like there are any PowerShell cmdlets for PIM to support access review creation and management. This would be helpful for automation purposes so someone doesn't have to log into the GUI to create access reviews, check status, etc.

                                          4 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            under review  ·  1 comment  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3
                                          • Don't see your idea?

                                          Feedback and Knowledge Base