Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. MFA of guest accounts should reference to the user object

    The MFA information is redundant over multiple stores, if I have multiple guest accounts. It would be better if there is one place, because there is also only one valid user. If I have to update my MFA information (e.g. a new phone number), I have to open myapps.microsoft.com, switch to every directory, and provide the approbiate information. All this for guest accounts which I can use only if my user account in the default directory is valid.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow an Application Service Principal to be added as a guest in other tenants

    We manage multiple tenants across our extended organiation and would like to have a single application service principal to do so rather than having a separate service principal in each tenant.

    The work around is to use a standard user account but we would prefer not to do it this way. Since service Proncipals don’t have UPNs, there doesn’t seem to be a way to invite them via the B2B guest invite API.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  3. Fix Account Provisioning for B2B users in SaaS Apps like Salesforce

    Currently account provisioning for B2B users in SaaS apps like Salesforce is broken. More info: name attribute in SAML response from Azure AD for B2B user is suffixed with azure ad tenant name e.g. testuser_yahoo.com#EXT#@azureadtenantname.onmicrosoft.com because of this external users\b2b users are not able to login to the SaaS application.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  4. Preload B2B invited users in SharePoint Online

    At the moment, when you add someone to a Security Group, that grants access to SharePoint Online, using the B2B invite process, they often get the:
    "We're sorry, but EMAILADDRESS can't be found in the TENANT.sharepoint.com directory. Please try again later, while we try to automatically fix this for you."

    error. If they wait a few minutes and try again, all is good.

    There's no point in having an SPOnline URL in the invite, if they can't get to it straight away.

    Preloading the user into SPOnline might fix this, or having some way to force, "instantly", the user to…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add B2B Users via both CSV or by searching via email

    Love the new AAD Admin Portal. It's currently missing the capability that the classic Azure portal has to invite B2B (other AAD) users. In the new experience can we have the ability to not only bulk upload with CSV, but also be able to add one at a time with a simple email search?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  6. Document the process that enables a B2B partner invite

    The B2B invite process is failing with "This invitation may not be used to signup a new user". What are the prerequisites for the invited partner organisation. What is being checked for the invited user?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  7. View organizations where users are guest member

    Users can be guest member in different organizations. The user can view the organisions where they are guest member in https://account.activedirectory.windowsazure.com/r#/profile/organizations#organizations-section. But as a global admin I'm unable to view the guest memberships of a user in other Tenants. I would like to be able to view the organizations memberships of users and/or create an export of all users and their organizations memberships.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  8. Please reconsider removing support for redemption of invitations by creating unmanaged Azure AD accounts

    Per your Azure B2B documentation "Starting March 31, 2021, Microsoft will no longer support the redemption of invitations by creating unmanaged Azure AD accounts and tenants for B2B collaboration scenarios. In preparation, we encourage customers to opt into email one-time passcode authentication."

    This is a big issue for us because we develop SaaS applications and use this feature to create accounts for users that don't have Azure AD accounts. The passcode authentication that you recommend instead offers suboptimal user experience since access to email is required to sign in. I cannot imagine our customers being happy without option to create…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  9. Guest invitation sender email customization

    Currently when Guest user is created in Azure AD invitation is ent to guest using "invites@microsoft.com" email address and due to this sometimes guest users ignore this email as spam. Instead of @microsoft.com domain , can we use our own company domain email here?

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  10. Show the B2B-blocking proxy address in my tenant's logs

    Scenario:
    I try to invite user@partnerdomain.com to my tenant (via Azure AD B2B), but get the error message "The user you're inviting already exists in the directory." But there are NO traces at all of that account in my tenant.

    It turns out that the user@partnerdomain.com have another proxy address (user@anydomain.com) in THEIR OWN TENANT, and a user in my tenant also happen to have user@anydomain.com as proxy address. There are valid reasons for this to occur.

    I makes sense that you cannot have more than one proxy address per tenant, but there is no way for us…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  11. B2B display name

    Hi,

    We have noticed change on B2B accounts display name. Now Azure AD overrides it from actual user properties, meaning
    * If user belongs to some Office 365 already, our directory shows that display name
    * If user doesn't belong to any O365, it shows firstname.lastname

    And this display name change happens after user has activated their account to our directory. In our company there is naming standard, which we would like to follow. Previously, when support invited user, they could chagne display to correct format directly. Now our support does extra work, when chasing has user activated account and…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  12. Improve the experience of creating and managing Azure AD B2B security groups of guest users

    We created a security group of 200+ external users across 80+ vendors.


    1. Please create the ability to easily manage the membership of a security group in Azure portal. For example, we cannot currently sort the list of members by name. Also, to drill into a member's profile, it takes two clicks when it should only require one click.


    2. Please create the ability to track responses to invitations within a group. After multiple rounds of mass invitations via PowerShell, 80 users responded to the invitation, but 120 people have not and they likely cannot find the email. We need the ability…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  13. sign in codes

    IMO would love to not have to receive codes to sign in. already signing in w/ our password, so i think codes are time consuming/unneccessary

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  14. What happened to inviting "users in partner companies"?

    In the old portal we had the ability to bulk upload a CSV file of "Users in partner companies" into B2B. There doesnt' appear to be an equivalent in the new portal.

    This allowed us to invite external users, add them to an appropriate group and send them to a SPOnline URL, all in one hit. Plus monitor the invite process in the AzureAD reports.

    Great for Extranets!

    Now I have to invite individuals, then add them to a group, then send them a URL to go to once they're finished.
    I can script a lot of this out, but…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  15. Bulk b2b invite in the New portal as now this feature is available in the old classic portal using the CSV file.

    As of now I don't see the Bulk B2b invites possible in the New Azure portal, where as in the old Classic portal it is there using the .csv file, we have moved to new portal since there are restricted permission model available, but we are missing the great future missing bulk b2b upload, so it would be very appreciate ful if you provide that feature.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow users to use their email on sign in even though the adress is associated with an account

    When we invite external users to our Azure AD, we use an email that they provide. This works fine for a lot of cases. However, in some situations, the user gets a message like this:

    You have been invited to access <somedomain>
    To access applications in the <someorg> organization, you'll
    need to sign in with <yourEmail>. This email
    address is associated with an account named
    <someaccount>

    To get this to work, the user needs to use the account as login, and not the email we used to invited them. This is very confusing for the users, as some of them…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  17. Invite redemption url get

    We are able to invite new guest users into our AD Tenant using either PowerShell or Graph API. Using this approach we may choose not to send the Invitation E-Mail, in which case we would get the Invitation Redemption URL and we can send it to the "guest" in any way we choose allowing us to better control the first step of the overall invitation experience.

    The issue is that once we get the URL, we have no way to retrieve that URL back in the future. It is up to us to save that URL for future use or…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  18. the Guest account login activity

    the Guest account login activity

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  19. B2B account login to domain joined computers

    Industry: Higher Ed
    Currently, we provision AD accounts so students (and vendors) can access domain-joined computers/servers. The challenge, this provisions an Office 365 account/mailbox and our current practice allows students to keep those mailboxes after they graduate.

    Higher Ed institutions would benefit from the ability to provision B2B accounts for these user types (especially students), and allow those accounts to login to ADDS-joined computers/servers.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  20. Extend B2B Federation capabilities to Google Business (aka GSuite) accounts

    Currently, B2B Federation setup only covers "normal" Google IDs (aka @gmail.com IDs).

    We need to setup Federation with GSuite IDs urgently in our current project requirement.

    The idea is to invite a GSuite ID (via email adress) and use Google authentication to access Azure resources, without adding a "shadow" Azure AD account with an own password and security policy.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base