Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Include users' last logon time

    Last Logon is missing from the user objects in Azure! I'd like to be able to read the Last Logon information through the Graph API, to tell which users are actually logging in. But very surprisingly I can't find any such attribute!
    Can we please please add this attribute to the user object?

    295 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      22 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
    • Expose user last password changed date

      Please add the capability to retrieve the date a user change the last password using the Graph API.

      71 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        4 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →

        We’re currently working on an API to provide CRUD access to authentication methods (password, SMS, voice, etc), and we’re considering adding last pw change time and/or password expiration time. Thanks for the feedback!

        Michael

      • Expand navigation property of children with a single query

        Impossible to get members of Azure AD group with expanded 'manager' property in one request.
        for example:
        https://graph.windows.net/<tenant_id>/directoryObjects/<group_id>/members/?api-version=1.6&$expand=manager

        we gets the following response:
        {"code":"Request_UnsupportedQuery","message":{"lang":"en","value":"An unsupported query was observed. Please ensure you query does not navigate across multiple reference-properties."}

        I suppose reason of such response is clear. and current workaround is the following:
        1) Get group members
        2) for each five members(using OData batch) get manager
        But this way make us do a lot of requests to Azure AD and we expect performance degradation here.

        We develop multi tenant application which access Azure AD of all our customers and it's…

        65 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
        • Possibility to enable/disable multi-factor authentication for a user via the Graph API

          We would like to be able to set MFA for users from a custom application, by using Graph API or Azure AD SDK.

          39 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            5 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →

            We’re in the process of building APIs for both conditional access policies and authentication method registration. Between the two, you’ll be able to programmatically register your users’ auth methods (sms, voice, etc) and also create and edit conditional access policies to require MFA.

            Michael

          • 16 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              1 comment  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
            • Support for query deleted users (recycle bin) from Azure AD Graph API

              Support for query deleted users (recycle bin) from Azure AD graph api, today GET user on AzureAD graph only return user who is not in recycle bin.

              15 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                3 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
              • Expose user Authentication Phone and Authentication Email

                why graph api don't sending user authentication email and phone number using this api endpoint https://graph.windows.net/myorganization/users/{user_id}?api-version.

                in my application i need the email address user used for signup and mobile number which user used for MFA. but i can't find any of those.

                14 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  2 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
                • Graph API differential query: need a way to distinguish change from creation

                  At this time, in the response of a differential query, there is no formal way to distinguish if item is about creation or update. No problem with deletion which is signaled by the property aad.isDeleted.

                  14 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
                  • Unable to retrieve user Description attribute through Graph API

                    We are using Graph API to retrieve the Users from Azure Active Directory Instance which are synced from On-premise Active Directory instance. As part of it, We are able to fetch most of the information from Graph API Except "Description" Attribute. After discussing with Microsoft support team, it is identified as a limitation from the Graph API side. Can you please include this Description field as a member of User Entity Object. We are in need of this for a High profile Customer requirement, please include this at the earliest possible.

                    7 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
                    • 6 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
                      • Allow programmatic access of BitLocker recovery keys

                        Currently it is possible (if you have permission) to view BitLocker recovery keys on the "Device" page of the Azure Active Directory portal.

                        It is also possible to view Device information through the API or through Microsoft Graph, but this does not include the BitLocker recovery information.

                        A programmatic way to view this data would be incredibly useful for creating a secure backup of the recovery keys.

                        Another use case, which is what I was hoping to achieve, is to have users in the field encrypt data with their BitLocker key and then send a CD containing the encrypted data…

                        5 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          1 comment  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
                        • Exchange Permissions - Ability to restrict send/receive to a specific mailbox

                          Requesting application based permissions to restrict sending/receiving email to a specific mailbox. The current set of application permissions allow to access to any mailbox. One of our use cases involves sending mail from a back end service (i.e. no user interaction) using the client credentials grant flow but we need to limit the app team's ability to send from one mailbox.

                          5 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            1 comment  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
                          • Support current password when changing a user's password

                            When you change a user's password using the update user operation you supply a passwordProfile. This profile only allows for the new password. Add a new property to the passwordProfile for the current password and only allow the change if the current password is correct.

                            https://msdn.microsoft.com/en-gb/library/azure/ad/graph/api/users-operations#ResetUserPassword

                            5 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
                            • Access to OtherMails Property

                              REALLY need a means to enter an email for a user other than their Exchange account. In the AAD Graph we used OtherMails. In the Portal we can use the Alternate Authentication Email. Both of these are hacks. It would be nice to simply have "ExternalEmail" or at least OtherEmails back.

                              5 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
                              • Azure AD Graph API: Support for encrypted password

                                Updating user password though Graph does not support encrypted passwords, the passwords are in clear-text and the security is handled at transport level https.

                                5 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
                                • The instruction is totally useless. It is a waste of my time. I hate it..

                                  The instruction is totally useless. It is a waste of my time. I hate it..

                                  4 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Calculate & expose device's primary user based on usage (user to device affinity)

                                    In many reporting scenarios it is necessary to map between users/devices. E.g.,
                                    * VIP Victor is complaining about something, we need a list of the devices he uses
                                    * I need to report on crashes (or some other device data) by the user's department/building/etc.

                                    Today we have registeredUsers and registeredOwners, but these can't be used for this purpose because:
                                    A) They seem to reflect primarily administrative enrollment activity, not end-user-affinity
                                    B) They are many:many and don't automatically calculate a "primary user" based on logon activity

                                    4 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      1 comment  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Support Delta Query for Schema Extentions

                                      Delta Query on Schema Extensions would be incredibly powerful. Especially when paired with services like the Event Grid. Changes to user data would be an incredibly rich source for automation triggers.

                                      4 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Azure AD Graph API should return PasswordLastChangedDate and PasswordExpiryDate for signed in user

                                        return "LastPasswordChanged" and "PasswordExpiryDate" for signed in users. former is currently accessible using powershell but not using c# graph api

                                        4 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
                                        • 4 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4
                                          • Don't see your idea?

                                          Feedback and Knowledge Base