Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Bulk b2b invite in the New portal as now this feature is available in the old classic portal using the CSV file.

    As of now I don't see the Bulk B2b invites possible in the New Azure portal, where as in the old Classic portal it is there using the .csv file, we have moved to new portal since there are restricted permission model available, but we are missing the great future missing bulk b2b upload, so it would be very appreciate ful if you provide that feature.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow users to use their email on sign in even though the adress is associated with an account

    When we invite external users to our Azure AD, we use an email that they provide. This works fine for a lot of cases. However, in some situations, the user gets a message like this:

    You have been invited to access <somedomain>
    To access applications in the <someorg> organization, you'll
    need to sign in with <yourEmail>. This email
    address is associated with an account named
    <someaccount>

    To get this to work, the user needs to use the account as login, and not the email we used to invited them. This is very confusing for the users, as some of them…

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  3. Guest account registration french translation issue

    Guest account registration
    When we register a guest account in Azure Active Directory, the text of the autorizations revision is not the same en fr-FR and fr-CA. In fr-CA, the word Photos is plural and this is incorrect and not well received by users. Only the profile photo is accessible. In fr-FR, photo is singular.

    I think that, for all languages versions, the text should be more specific saying «Your profile photo» / «Votre photo de profil». Guests don't want to share too much information.

    Thanks

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  4. Invite redemption url get

    We are able to invite new guest users into our AD Tenant using either PowerShell or Graph API. Using this approach we may choose not to send the Invitation E-Mail, in which case we would get the Invitation Redemption URL and we can send it to the "guest" in any way we choose allowing us to better control the first step of the overall invitation experience.

    The issue is that once we get the URL, we have no way to retrieve that URL back in the future. It is up to us to save that URL for future use or…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  5. the Guest account login activity

    the Guest account login activity

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  6. B2B account login to domain joined computers

    Industry: Higher Ed
    Currently, we provision AD accounts so students (and vendors) can access domain-joined computers/servers. The challenge, this provisions an Office 365 account/mailbox and our current practice allows students to keep those mailboxes after they graduate.

    Higher Ed institutions would benefit from the ability to provision B2B accounts for these user types (especially students), and allow those accounts to login to ADDS-joined computers/servers.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  7. Extend B2B Federation capabilities to Google Business (aka GSuite) accounts

    Currently, B2B Federation setup only covers "normal" Google IDs (aka @gmail.com IDs).

    We need to setup Federation with GSuite IDs urgently in our current project requirement.

    The idea is to invite a GSuite ID (via email adress) and use Google authentication to access Azure resources, without adding a "shadow" Azure AD account with an own password and security policy.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure AD B2B Collaboration: Automatic invitation of users belonging to a specific group of a specific tenant

    Some companies are using multi-tenant in many places. Therefore, there are multiple requests for the function of automatic invitation. Currently, many companies use their own scripts in PowerShell.
    Please carry out the function of automatic invitation.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add and AAD Tenant Restrictions logging option to log all external tenant usage

    Currently with AAD Tenant Restrictions, we can get AAD log records of blocked sign-ins by having our proxy insert the request header "Restrict-Access-Context". This is good as far as it goes (and I upvoted another user's suggestion to include the external tenant's name and not just the ID).
    I'm asking that there be an additional option to log all use of external AAD tenants (both sign-ins, and the URIs of resources for which tokens are issued). The use case is analytics for risks of data leakage and malicious data exfiltration as well as for potential legal liability scenarios. If we…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  10. Read first/last name from external AD for guests

    Currently only the display name of an external guest is imported when the guest accepts a B2B invite. If possible, when the guest allows their profile to be read, read the first/last name and add them to the AAD would improve the user experience AND search.
    Display names are not controlled by the "inviting" AAD and mess up the user experience in search. Search only works as expected when first/last name have been added manually.
    BTW, also annoying is that is not possible to add this data manually before the invitee has accepted the invite. This requires the inviting admin…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  11. Extend the branding abilities of b2b

    The branding abilities of b2b are not on par with b2c. Azure for authentication has severe branding limitations like, 265 characters and allowing a couple of pictures .

    Let me have more control over layout, custom error messages. Also allow me to embed links into the experience.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  12. B2B against custom IdP

    We control access to our customer resources through a custom OpenIdConnect provider that we integrate to group information in Dynaocs365.

    If we could select custom IdP like this in our Azure AD tenant, we could deploy external collaboration (eg Teams) to our customers using a single login.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  13. Reset Password option for B2B User should be grayed out to avoid confusion

    had a real life scenario today whereby Azure AD Admin / Support person was having issues with a B2B / External Login and so clicked on the available Reset Password for the login . And got rather generic error message below which made them think they didnt have correct rights

    "The password can not be reset. This may be due to an incorrect level of administrative privilege or if trying to reset your own password."

    Ask : If a B2B / External User , have the Reset Password button grayed out and ideally with a "hover over" of something like…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  14. Enforce MFA for Azure B2B during first sign in after invite

    Consider adding support for Enforcing MFA during the first Azure B2B sign in after accepting the invitation.

    @Sarat Subramaniam

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  15. Enable SSPR for B2B invited users when there is no admin for their domain

    When an external user is invited and there is no existing Azure AD domain for him a dynamic one is set up and his account created there, this is all well and good.

    However, if he looses his password there is no way to reset it. I have tried it with a mail address on a test domain and I could not recover the password. The only option I could see is to claim the dynamically created Azure AD for the external user's domain, so that the new admin of that domain can reset the password. But this is of…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow customization for OTP account verification code email

    The OTP email that is sent once daily to OTP Azure B2B guests is, quite frankly, ugly. We would like to brand this email with our firm's logo as well as put some friendly language that specifies what application they're trying to sign into so it does not look as much like a phishing email. Please allow us to customize this email and make it more friendly looking as opposed to a very operational security email that may confuse less-than-savvy users.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  17. Hide BitLocker key from the users

    Bitlocker encryption keys are found on laptops running windows on https://myaccount.microsoft.com/device-list. These can be abused either by an attacker with access to the machine, or by the final user since it has everyone read permissions on icacls. Furthermore a privilege escalation is possible by reconecting the disk to another computer and change files in order to achieve persistance and higher privileges, since the final user has is bitlocker keys, he can decrypt and see/change other files in another computer.

    Details:

    https://sec-consult.com/en/blog/2019/04/windows-privilege-escalation-an-approach-for-***********-testers/

    A machine that does not encrypt the Windows partition and allows booting from CD, USB or a pre-boot…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add B2B collaboration and Guest Access for GCC-H

    Please add the ability for GCC-H users to add Guests into Microsoft Teams or provide a way to add them into Azure AD as organizational Guests in GCC-H. This capability was a selling point while using the commercial version, but now we are trying to work around this issue. Please implement this feature as soon as possible.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  19. Send As Option for B2B Invite Email

    Different Admins create B2B accounts so the invite emails will have a different sender which also displays the Admin account details.

    Send As option would allow a consistent name to be displayed for all B2B invites - shared mailbox for example which also prevents privileged account E-Mail Address details from being included in the email

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  20. Assigning roles to B2B Guest Users - M365 Workloads

    The owner of a CSP (Cloud Solution Provider) subscription must be associated to a specific tenant, and we want to keep our main corporate tenant separate for security purposes. We intended to invite necessary corporate users (or partner accounts) via B2B and allocate CSP roles to them.

    This (allocation of roles to B2B users) is currently impossible due to each M365 workload (EXO, SharePoint, etc) not yet support assigning roles to B2B users.

    As a result, we may have to maintain separate identities -- possibly for each of our customer's CSP tenants -- which is highly inconvenient and can represent…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base