Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add report for Extranet Lockout Protection - Account Lockout

    Add a new report to Azure AD Connect Health that allows support staff to see which accounts are locked out by ADFS Extranet Lockout Protection.

    20 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
    • Integrate Azure AD Connect Health with OMS/Log Analytics

      This information should be available in OMS/Log Analytics, as a one stop shop for all monitoring... It should not be available only separately to OMS/Log Analytics!

      19 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
      • I would love to be able to export and search the ADFS bad password attempts!

        I would love to be able to export and search the ADFS bad password attempts!

        14 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          4 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
        • SCOM Management Pack for Azure AD Connect

          Please create a management pack for SCOM to monitor AAD Connect, including the Pass-through authentication functionality. This is a critical component in the Microsoft cloud ecosystem. All on-prem products are supposed to be shipped with a SCOM management pack for monitoring them. This has been in prod for years and it is still missing.

          And no, AD Connect health does not cut it. For example, it does not even send an alert email when the "Microsoft AAD Application Proxy Connector" is not running.

          8 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
          • Azure AD Connect Health Bad Password Report improvement

            Add which application was the bad password logged against.

            8 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              2 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
            • AD Connect Sync stopped-deletion-threshold-exceeded: Allow to get an export list (CSV or Excel file) of all objects marked for deletion

              Allow the possibility to export the list of users that appear in threshold so they can be verified before disabling it.

              As you know, if you want to delete more than 500 objects in local AD, AD Connect won;t allow you to do this. We need a way to export those users just to make sure that they are not removed by mistake.

              https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-feature-prevent-accidental-deletes

              Thank you!

              7 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →

                Thank you for the feedback! Azure AD Connect Health team is planning to provide a solution of this report. We will update in this thread further once it is ready for preview

              • Include an AAD Connect Health Gateway for DCs without internet connectivity

                An easy to configure gateway install similar to the OMS gateway to act as a proxy for servers without internet connectivity would be a useful addition.

                6 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
                • AD Connect Health ADDS Agent should not require WOW64

                  We have been removing WOW64 Support from all Server Core installs. Not happy about adding it back on DCs for an agent.

                  6 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    2 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
                  • Show AADConnect version when upgrading

                    Show the AADConnect Version you are upgrading to when starting the Wizard and once complete, show the version again.

                    5 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
                    • Test Authentication Request (Synthetic Transaction) failed to obtain a token.

                      Hi Team,

                      I am receiving ADFS alerts as mentioned in the subject, but while I test the ADFS Server health, the test is getting passed. But I offen get this alert, can some one help me in fixing this.

                      thanks in advance.

                      Regards,
                      Naveen Ramakrishnan

                      5 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        4 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
                      • Support other notification types for Azure AD Connect Health

                        Add other options for notifications other than e-mail. Webhook would be especially useful, or ITSM connector. If it reported to Log Analytics, these would be available.

                        4 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
                        • Microsoft Azure AD Sync Windows service is not running or could not start

                          Microsoft Azure AD Sync Windows service is not running or could not start. As a result, objects will not synchronize with Azure Active Directory.

                          Start Microsoft Azure Active Directory Sync Services
                          1. Click Start, click Run, type Services.msc, and then click OK.
                          2. Locate the Microsoft Azure AD Sync service, and then check whether the service is started. If the service isn't started, right-click it, and then click Start.

                          event viewer ..
                          Windows Azure Active Directory has sent a redirection. Redirection url: https://adminwebservice-s1-co2.microsoftonline.com/ProvisioningService.svc. Code: 87. Description: Azure Active Directory has sent a service redirection to 'https://adminwebservice-s1-co2.microsoftonline.com/ProvisioningService.svc'. Server…

                          4 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
                          • Alert on 80% and 90% usage for SQL Server 2012 Express LocalDB with 10GB size limit

                            Please add some monitoring for the database size for Azure AD Connect with a SQL Server 2012 Express LocalDB (10GB size limit).

                            Customers needs to be made aware before they hit the limit. Send alerts when customer hit 8-9GB usage on the DB.   

                            https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-prerequisites

                            4 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
                            • Duplicate accounts are impossible to fix

                              We have just gone live with ADFS and SSO. Most of our accounts are fine, but a few ended up with duplicate entries - in Azure and O365 they each have a user@domain.com and a user@domain.onmicrosoft.com.

                              Fixing this seems to be impossible, all of the tools involve changing the UPN of the user which doesn't work because it already belongs to the other one - e.g. if I try to change the onmicrosoft UPN to the domain.com UPN, it fails because the O365 user already has that UPN.

                              The only solution appears to be to delete either the email…

                              4 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                3 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
                              • Azure AD exposing user info in new portal

                                Azure AD in the new portal exposes the Users and groups listed in the AD. This was data that was not accessible to users in the AD while still on the old portal. Now normal users can view all details in the AD. Is this meant to be so in the new portal? If Yes, is there a way to disable this for normal users via the portal or from the backend by submitting a request?

                                4 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  2 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
                                • Provide the ability to configure notification alerts within the Health App

                                  Configure e-mail alerts on messages from the “Azure Active Directory Connect (Sync) Alerts”. Currently only errors are alerted and unable to configure to warning messages.

                                  4 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Azure AD Sync engine is being throttled

                                    Does anyone worked to fix this below problem ..?
                                    ISSUE While processing data Azure AD detected a service busy error. This could be because the service encountered an error while processing (reading and writing) data in your Azure Active Directory. One possible reason could be the sync engine is being throttled due to high number of write operations.

                                    3 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
                                    • 3 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Integrate Azure AD Connect Health ADFS Failed Logins and Lockout Events with Microsoft Cloud App Security

                                        The ADFS auditing events for logon failures or account lockout collected by the Azure AD Connect Health agent for ADFS on all the on-premise ADFS servers are not shared with the central Azure Security solutions such as:
                                        1. Azure AD Identity Protection
                                        2. Office365 Cloud App Security (OCAS)
                                        3. Microsoft Cloud App Security (MCAS).

                                        There is no available method to integrate or correlate these events with the rest of the Azure security solutions. The result is that this limit heavily the brute force attacks detection on the ADFS infrastructure. The only available option is to collect the logs locally through…

                                        3 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
                                        • AADC Health - Notification when AADC Scheduler is disabled

                                          Send a notification when AADC Scheduler is disabled or when sync didn't happen for x number of hours/days.

                                          3 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3
                                          • Don't see your idea?

                                          Feedback and Knowledge Base