Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Restrciting access to Azure Service Principals.

    If anyone has the below information, can connect to Azure from any network and issue Azure PS commands.
    <#
    Display Name : MS-PoC-ServicePrincipal
    APP ID : XXXXXXXXXXXX
    Tenant ID : YYYYYYYYYYY
    Object ID : ZZZZZZZZZZZZZ
    Key : oooooooooo
    MS Link
    https://github.com/squillace/staging/blob/master/articles/resource-group-authenticate-service-principal.md
    #>

    Best possible scnario is to restrict is using RBAC. Agreed.
    An extra layer of conditional access to the Azure Service Principal would be good. This security flaw can compromise the AAD data, since most of the Service Principals have OAuth2 enabled and Read access to AAD.

    Can MS look into this please.
    I had raised case with MS…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  2. Ability to filter users with onPremisesSamAccountName with Microsoft Graph API

    I would like to have a filter on the users api of Microsoft Graph API, where I will be able to filter the users based on onPremisesSamAccountName, which is currently not available with Graph API.

    We have the internal employee id to be stored with onPremisesSamAccountName variable which is present in users API of Microsoft Graph. We are trying to filter with onPremisesSamAccountName property to filter based on the internal employee id. Currently we are not able to do that with Graph API but we really need this to be workling or would be happy if we get know any…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow signed JWT Bearer token flow (get user access token without password / SAML)

    We will need Oauth support to get user access token without having to provide the user name password or saml assertion from ADFS.

    The trust would be the certificate trust.

    Other implementations from other vendors -

    https://tools.ietf.org/html/rfc7523

    1. Google https://www.jhanley.com/google-cloud-creating-oauth-access-tokens-for-rest-api-calls/
    Refer to --

    def create_signed_jwt(pkey, pkey_id, email, scope): and
    exchange that for the user access token in
    def exchangeJwtForAccessToken(signed_jwt):

    Docusign https://developers.docusign.com/esign-rest-api/guides/authentication/oauth2-jsonwebtoken

    2. Atlassian https://developer.atlassian.com/cloud/jira/software/oauth-2-jwt-bearer-token-authorization-grant-type/

    3. Box https://developer.box.com/docs/construct-jwt-claim-manually#section-3-create-jwt-assertion

    4. Saleforce - https://help.salesforce.com/articleView?id=remoteaccess_oauth_jwt_flow.htm&type=0

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  4. Release API capabilities for Access Packages and Identity Governance

    I want to automate Access Package deployment with Terraform as I do with user groups as well as make dynamic groups compatible with Access Packages. This would allow me to assign users to groups based on user attributes, as I can do with Dynamic groups, but also enable group members the ability to request an access package based on their dynamic group membership, which are automatically created after deploying a new subscription with Terraform. Access Packages would be specific to each subscription and include resource and application roles that are applicable to users of that subscription. This would replace the…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  5. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  6. Turn Off Risky Users Impact to AD/Office

    You're clearly not ready to introduce this feature, it's in Preview, so shut off the impact. You are blocking users on a product I don't have rights to turn on or off.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  7. API to manage SAML SSO

    graph API to automate managing SAML SSO configuration : renew certificate, configure SSO details...

    with the amount of apps configured for SSo it started to be hard to manage Certificate ( renew process is so manual)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  8. Powershell Azure AD provisioning and registrations of FIDO2 keys

    Powershell Azure AD provisioning and registrations of FIDO2 keys

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  9. Native app user consent

    After the update of the Microsoft Identity Platform to version 2.0 it seems users cannot perform the "User Consent" for Native app registration programatically or via Azure Portal.
    For web application based on Power BI Embedded it is a problem because without the "User Consent" the application doesn't work.
    After the update only Global Admin user can grant the permissions but it is a very restrictive condition.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  10. Power Apps Extended Attributes

    We are in Gov Cloud, and are really looking to leverage Extended Attributes that exist in Azure AD in PowerApp's. This is a huge benefit for all organizations because it allows them to increase our referencing ability for custom built applications. Everything from PhoneBook's, advanced organization structure references, quick submitting for editing user data to support staff etc.

    I don't know why this already hasn't been done. It really prevents use of a single source of information, Active Directory.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  11. How to convert Lotus Notes NSF files to MS Outlook PST files?

    NSF to PST Converter is the best and effective tool, that designed to convert all the Lotus Notes mailboxes into MS Outlook PST securely and safely. Through this amazing tool, you can easily convert NSF file to PST file. The NSF Converter Software provides NSF to PST Conversion without any change. This software easily exports all Lotus Notes emails, contacts, calendars and contacts to Outlook. This Software Allows users to Save NSF files to PST, MBOX, EML, etc.

    NSF to Office 365 Migration:-

    KDETools NSF to PST Converter software has the feature to migrate Lotus Notes Emails to Office 365…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  12. B2B: Please expose the "source" property in the Graph API

    We would like to have the Source attribute available in order to manage guest accounts differently based upon what kind of account it is ("Microsoft Azure Active Directory", "Microsoft account", or "Microsoft Azure AD (other directory)"). If the account is a Microsoft Account, we need to be able to have more scrutiny around it. (ie. check to see if the user still works for the partner company.)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  13. C++ Library

    It would be nice to have client libraries for C++.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  14. Can I migrate my win32 c/c++ software to azure active directory and run on x86 intel CPU windows OS on active directory?

    Dear All,

    I have a technical query on Azure PaaS service features. This is related to my ongoing
    research at the University of Liverpool,UK as part of my Post Graduation in MS Big
    Data Analytics. Please forward the below query to your Azure technical consultants.

    I have a query on Azure PaaS cloud computing. I'm aware that we can create VMs on IaaS.
    Can we create VMs on PaaS? Like in Azure PaaS?. I want to run my custom software on Intel

    CPU only and test. I know in IaaS I can create VM image of specific OS say Windows…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add Equipment or create room resources through MS Graph API

    Hi,
    We cannot add equipment or create room resources through Microsoft Graph API or Azure AD Graph API.
    Also it'll be nice if we could connect or link equipment to room so that we can filter rooms based on the availability of equipment for each room.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  16. OST Recovery tool

    Free OST Recovery tool has a master characteristic which helps you to get back you’re lost and permanently deleted files and manage them in the same file. It gives you a convenience that you can easily repair OST file and recover the entire data in a couple of clicks. After the recovery of the database you can also extract them into new accessible PST and other file formats like EML, EMLX, MSG, vCal, vCard, MBOX, and HTML without any data loss. It gives a demo version to convert 30 emails in each and every folder of OST files without any…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add support for cert-based authentication using EC certs(ES384)

    Elliptic curve based certs provide stronger security with less overhead - this is particularly important for mobile devices.

    Per https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials , only RSA certs are supported, given than only RS256 can be used for signatures. If you try authenticating with an ECDSA cert, it just fails with a NullReferenceException.

    Looking at the code, there is currently no support for EC certs, but it shouldn't be difficult to add, given that .NET supports EC certs. Obviously this would need to be added in the client and the server.

    https://github.com/Azure/azure-sdk-for-net/blob/master/src/SdkCommon/Auth/Az.Auth/Az.Authentication/ClientAssertionCertificate.cs#L46

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD API  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base