Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Intune Ap Protection for Azure B2B users

    I have app and I am using Intune app protection and every thing is working fine. I have few azure B2B users.
    I also read some app configuration policies.
    My question is how I will read the app configuration policies for my Guest users.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  2. B2B invitation status

    Azure Active Directory B2B account.

    Now there isn't possiblity to generate report, if B2B user has activated account or not. It would be good to have feature to list not activated users from administrative perspective. Example when doing acocunt clean up.

    There are fields in profile like Source which contain Invited user or Resend invitation button is visible. Those indicates if user hasn't activated invitation.

    Or even have automatic removal on directory, if invitation hasn't been approved within X days, B2B account is removed automatically. As if account hasn't been activated, it cannot be used anywhere.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  3. Additional information for Azure B2B shadow user during invite creation

    Allow us to add more information about the Azure B2B shadow user before sending Azure B2B invite

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  4. Update displayed username for a guest user when its' UPN is changed

    You can change UPN on guest users using PowerShell. You can even drop the "#EXT#"-part, and use any verified domain in the guest tenant, not only the initial onmicrosoft address.
    One problem with this, is that the visible username for the actual guest user when logging into Azure for instance is not changed. It remains the email address used to invite the user initially. Even though the SMTP address or UPN used for inviting is removed from both the source and the guest tenant, this is still shown in the username.

    Request: Update displayed username for a B2B guest user…

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  5. Enable full Language customization for Azure B2B

    Azure AD B2B sends verification code emails to external guests only in english. There is no possibility to change language & design? Besides, if the external user has to set the new passwort for his MSA/AAD, the page is in english and cannot be customized as well. Any plans on this? Or any other idea to get this working in local language? Any plans when there will be a possibility to customize the design? Thanks a lot!

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  6. OTP Precedence order and migration of existing B2B users

    Currently, the new OTP B2B feature provides this as the default authentication type for non AAD or MS accounts. We want the ability to force this method of auth for those who already have MS accounts. We also want the ability to convert already invited users who are using MS and viral accounts to use OTP. This way, we only have to support two types of guest users - Those with organisational O365 accounts and those using OTP.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  7. Prevent guest users from seing security groups/content through Access Panel.

    In B2B setup guest users can see the members of a security group used for e.g an app through the Access Panel. This is unfortunate as they may be competitiors or membership exposes information that is not supposed to be public.

    I am aware that you can turn of group view for all users in the access panel, but the access panel is also a nice feature.

    B2C will also solve it, but not a good option for many cases.

    Could it be solved with a property hidden or secret only open for internal og owners/admins?

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  8. SharePoint Online / Microsoft Teams inviter should be written back to Azure AD

    A lot of functionality seems to be missing on the backend from a governance and compliance point of view. All Azure B2B accounts magically gets created in Azure Active Directory, when the users accept the invite send from SharePoint Online. We can see the invites within SharePoint Online, but they are missing this within Azure B2B invitation summary view and under Azure Audit. We would have expected to see an entry from SharePoint Online as the "Initiated By (Actor)" with the "Activity" sending out Azure/SharePoint B2B invitation on behalf of user XYZ. I would be preferred with the users UPN.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  9. Update UPN/Mail of B2B account

    Add possibility to update mail / UPN of Azure Guest account. That is required if mail of host user has been changed.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  10. B2B - Expose source tenant UPN and ObjectId in the guest tenant

    There is currently no immutable, unique property to match a user in the source tenant to the guest user in a guest tenant with PowerShell (AzureAD, MSOnline) or Azure AD web GUI. The unique identifier which I believe is the ObjectId from the source tenant, is not exposed in the guest tenant.

    UPN on a guest user can be changed to <anything>@<anyverifieddomaininguest_tenant>, and thus is NOT a unique identifier.

    Request: Expose a guest user ObjectId and UserPrincipalName from the source tenant as attributes/ properties on the guest user object.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  11. Enrol B2B users into intune

    I was hoping to use a large majority of B2B (External Azure Active Directory) accounts for my deployment, including allowing these users to enrol their devices into Intune on my tenant (their current provider does not offer intune). Is this likely to be supported in the future?

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  12. B2B Guest-user security scope restriction.

    We want to restrict the scope of API processes to guest-users only, thus isolating and separating Directory members at the API layer. This is currently only achieved when inviting guest users, however, on-going management such as updates to group membership, appears to apply to the entire directory which poses a huge security/integrity risk to directory members. This risk could be alleviated by ensuring B2B guest-related API calls are only made possible on B2B guest users only. Thanks!

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  13. Guest Account Expiration Date

    Add the ability to mark an expiration date on guest accounts. Once the expiration date has passed, it should automatically unable to login to resources in the tenant (similar to the block sign it bit on a member account)

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  14. Set Additional User Properties in New-​Azure​AD​MS​Invitation -Title -Mobile -GivenName -Surname, etc.

    PowerShell and portal.azure.com should enable more attributes to be set when inviting external users, such as their Mobile number, GivenName, Surname, Title, etc. rather than waiting until the invited user is added and then having to lookup their object ID and setting the attributes with Set-ADUser

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure AD B2C KMSI as Built in policy

    Moving from builtin policies to custom policy for only kmsi is a real pain. Need KMSI as a Builtin policy setting not under custom policies

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  16. restrict b2b

    I desire the ability to allow B2B collaboration with only allowed tenants thru a config managed at the tenant side. As an org we may not want to federate with all tenants. The existing workaround involving Tenant Restriction thru proxy injection is not viable in our org.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add support guest user login on common endpoint.

    Current Azure AD B2B doesn't support guest/external users login on common endpoint. Hence it is very difficult to develop a multi-tenant application supporting guest users login. Developers have to set a specific tenant id to use OpenId Connect Authentication.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  18. B2B Guest User schema to indicate Host and Guest Org Unit data

    Although the current gust user schema contains Org unit information, there is a need to distinguish between the guest Org Unit details and the Host Org unit details for proper access decisions, segregation of duties verification and account and access governance.
    Suggestion: please update the guest account schema to include both guest and host Org unit information.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  19. B2B include Manager access reviews

    B2B governance options are currently limited to the group and app reviews. If a guest account that has no group membership or application access these guest users fall between cracks.
    Although the review can be performed by User Admin this will require centralization of the governance function.
    Suggestion: add a Manager review and fall back to User Admin or Security team review of guest accounts as a last resort.
    Develop and publish governance process ensuring all guest accounts are accounted for, outlining options for guest account internal ownership allocation ( Manager or responsible person), ways to include a responsible person…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add tenant name to AzureAD tenant restrictions error log

    Azure AD tenant restrictions work great, however rely on you being told the 3rd party tenant name, eg contoso.onmicrosoft.com. Many orgs users simply have no idea what their tenant name is as they use the org domain name instead.

    In the AAD signin logs you clearly see the target tenant id code, but there is no way to map that on to a tenant name to use in your proxy configuration. This would make life soooo much simpler for organisations that restrict access to tenants and need to manage the config.
    In my case this is for a large central…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base