Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Invite redemption url get

    We are able to invite new guest users into our AD Tenant using either PowerShell or Graph API. Using this approach we may choose not to send the Invitation E-Mail, in which case we would get the Invitation Redemption URL and we can send it to the "guest" in any way we choose allowing us to better control the first step of the overall invitation experience.

    The issue is that once we get the URL, we have no way to retrieve that URL back in the future. It is up to us to save that URL for future use or…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  2. the Guest account login activity

    the Guest account login activity

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  3. B2B account login to domain joined computers

    Industry: Higher Ed
    Currently, we provision AD accounts so students (and vendors) can access domain-joined computers/servers. The challenge, this provisions an Office 365 account/mailbox and our current practice allows students to keep those mailboxes after they graduate.

    Higher Ed institutions would benefit from the ability to provision B2B accounts for these user types (especially students), and allow those accounts to login to ADDS-joined computers/servers.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  4. Extend B2B Federation capabilities to Google Business (aka GSuite) accounts

    Currently, B2B Federation setup only covers "normal" Google IDs (aka @gmail.com IDs).

    We need to setup Federation with GSuite IDs urgently in our current project requirement.

    The idea is to invite a GSuite ID (via email adress) and use Google authentication to access Azure resources, without adding a "shadow" Azure AD account with an own password and security policy.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  5. Uniform Guest Invitation Process across all Microsoft Products

    As of now B2B guest invitation process is not streamlined across Microsoft Products especially Sharepoint and Teams .Because of this we are not able to provide single solution to customers for Identity life cycle management
    . Following are few of them
    1) If you invite the Users from SharePoint Online, the Guest Invitor is SharePoint Service Account >> Because of this behaviour we can't track the Guest invitor and impose Guest Invitor Role functionality as Sharepoint never look Azure AD whether the user has Guest Invitor role or not. The workaround is create Group Based Invitor functionality within SPO apart…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add and AAD Tenant Restrictions logging option to log all external tenant usage

    Currently with AAD Tenant Restrictions, we can get AAD log records of blocked sign-ins by having our proxy insert the request header "Restrict-Access-Context". This is good as far as it goes (and I upvoted another user's suggestion to include the external tenant's name and not just the ID).
    I'm asking that there be an additional option to log all use of external AAD tenants (both sign-ins, and the URIs of resources for which tokens are issued). The use case is analytics for risks of data leakage and malicious data exfiltration as well as for potential legal liability scenarios. If we…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  7. Read first/last name from external AD for guests

    Currently only the display name of an external guest is imported when the guest accepts a B2B invite. If possible, when the guest allows their profile to be read, read the first/last name and add them to the AAD would improve the user experience AND search.
    Display names are not controlled by the "inviting" AAD and mess up the user experience in search. Search only works as expected when first/last name have been added manually.
    BTW, also annoying is that is not possible to add this data manually before the invitee has accepted the invite. This requires the inviting admin…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  8. Extend the branding abilities of b2b

    The branding abilities of b2b are not on par with b2c. Azure for authentication has severe branding limitations like, 265 characters and allowing a couple of pictures .

    Let me have more control over layout, custom error messages. Also allow me to embed links into the experience.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  9. B2B against custom IdP

    We control access to our customer resources through a custom OpenIdConnect provider that we integrate to group information in Dynaocs365.

    If we could select custom IdP like this in our Azure AD tenant, we could deploy external collaboration (eg Teams) to our customers using a single login.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  10. Reset Password option for B2B User should be grayed out to avoid confusion

    had a real life scenario today whereby Azure AD Admin / Support person was having issues with a B2B / External Login and so clicked on the available Reset Password for the login . And got rather generic error message below which made them think they didnt have correct rights

    "The password can not be reset. This may be due to an incorrect level of administrative privilege or if trying to reset your own password."

    Ask : If a B2B / External User , have the Reset Password button grayed out and ideally with a "hover over" of something like…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  11. support removal of the forgotten password link for B2B users

    At the moment in AD Connect you can remove the Password Writeback option however the microsoft company branded page has no option to remove the "forgotten password" link.

    So users end up trying to use that link and end up saying the Admin hasnt enabled the option.

    It would be better to support an option to either customize the link or removal completed when the password writeback is turned off.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enforce MFA for Azure B2B during first sign in after invite

    Consider adding support for Enforcing MFA during the first Azure B2B sign in after accepting the invitation.

    @Sarat Subramaniam

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  13. Enable SSPR for B2B invited users when there is no admin for their domain

    When an external user is invited and there is no existing Azure AD domain for him a dynamic one is set up and his account created there, this is all well and good.

    However, if he looses his password there is no way to reset it. I have tried it with a mail address on a test domain and I could not recover the password. The only option I could see is to claim the dynamically created Azure AD for the external user's domain, so that the new admin of that domain can reset the password. But this is of…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add B2B collaboration and Guest Access for GCC-H

    Please add the ability for GCC-H users to add Guests into Microsoft Teams or provide a way to add them into Azure AD as organizational Guests in GCC-H. This capability was a selling point while using the commercial version, but now we are trying to work around this issue. Please implement this feature as soon as possible.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  15. Send As Option for B2B Invite Email

    Different Admins create B2B accounts so the invite emails will have a different sender which also displays the Admin account details.

    Send As option would allow a consistent name to be displayed for all B2B invites - shared mailbox for example which also prevents privileged account E-Mail Address details from being included in the email

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  16. Assigning roles to B2B Guest Users - M365 Workloads

    The owner of a CSP (Cloud Solution Provider) subscription must be associated to a specific tenant, and we want to keep our main corporate tenant separate for security purposes. We intended to invite necessary corporate users (or partner accounts) via B2B and allocate CSP roles to them.

    This (allocation of roles to B2B users) is currently impossible due to each M365 workload (EXO, SharePoint, etc) not yet support assigning roles to B2B users.

    As a result, we may have to maintain separate identities -- possibly for each of our customer's CSP tenants -- which is highly inconvenient and can represent…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  17. Show accounts in 'Delete/block accounts not used in last 30 days'

    SecureScore does not tell you which accounts are not used in the last 30 days, and there is no way to find out. It only says "You have XX accounts that have not been used in the last 30 days."

    Please include an easy way to show which accounts are not used. The suggested Powershell script does not do the job correctly, and is not very userfriendly.

    Ideally, i would like a notification if a useraccount has been unused for xx days.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  18. I would like to restrict access Guset users who are Microsoft Account

    when I invite guest users, if he or she has both Microsoft Account and Work or School Account (has same upn), he or she can select which one user to access my tenant's resources.

    In order to strengthen a security, I would like to restrict access to Microsoft Account but Azure AD does not have this feature.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow B2B Domain allow/deny list override for Global Admins

    Currently we only allow invitations to guest users from specific domains (e.g. .com) due to security policies BUT also allow members to invite guests (.com is a trusted company).

    Sometimes, however, we need to add users outside of that domain (e.g. gmail..com) in one-off cases ONLY. We do not want to add this exception domain to the allowed list FOR ONE GUEST USER invite. Because the members have the ability to add guests, we then open up that domain to them as well (not good).

    The option to override the domain DENY/ALLOW lists should be available to global administrators…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure AD B2B Collaboration: Automatic invitation of users belonging to a specific group of a specific tenant

    Some companies are using multi-tenant in many places. Therefore, there are multiple requests for the function of automatic invitation. Currently, many companies use their own scripts in PowerShell.
    Please carry out the function of automatic invitation.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base