Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  2. Warning on Service Connect Point change

    Azure AD Connect Health should send a warning when the Active Directory Service Connection Point changes.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  3. Global notification option for all services monitored by Azure AD Connect Health

    Why do customers need to define notification for both ADFS, Azure AD Connect, Azure Active Directory Domain Services. It would be great with an option to cover them all from the top blade.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  4. I have a question about doing a cloud-binding to Azure; if that’s the correct term. Today, I can join my ‘work’ network in Azure on Windows

    I have a question about doing a cloud-binding to Azure; if that’s the correct term. Today, I can join my ‘work’ network in Azure on Windows 10. Works great, no sweat, all good.

    What we want to do now is get our Mac users joined to the domain the same way. Is there even the slightest chance there’ll be similar functionality in OSX any time soon?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  5. Azure AD Connect Health UI - Usage Analytics

    Colors in the charts should match the legend in multiple charts.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  6. AAD Connect switch staging mode without global admin permission

    The number of global admins should be kept low.

    In order to allow operation teams to switch services in case of failure, the need to do this with the Global Admin permission should be removed.

    As a service provider we have problems to comply with SLAs because the customer only approves Global Admin authorization temporarily on request. In a 24/7 fault situation, this can not be secured.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure AD Health Connect Agent for ADFS is out of date

    I tried to download the latest version of the "Azure AD Health Connect Agent for ADFS" from https://www.microsoft.com/en-us/download/details.aspx?id=48261 (version 3.1.51.0) but when I checked the file details (attached screenshot) it is showing it is version 3.1.46.0.
    When I install this agent on one of the ADFS servers it is also installed as version 3.1.46.0.

    Please can the download URL for this agent be updated with version 3.1.51.0 of the agent?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add AD DS Login Auditing to Agent

    While the AAD Connect for AD FS Agent can help identity some risks related to logins, that isn't a complete solution right now. Further to other feedback requests asking for IP and Application in those reports, I think we could do with the additional information from the AD DS Agent as well. Additionally, being able to search for specific IPs or Accounts to assist in determining the failed login sources (and dates/times) would be very useful.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  9. AD Connect Health report legacy endpoints not enabled

    AAD Connect Health should not be prompting organisations to re-instate legacy authentication endpoints:
    1. /adfs/services/trust/2005/usernamemixed
    2. /adfs/services/trust/2005/windowstransport
    also the service seems to be unaware that 2016 and later do not default publish certain unnecessary URLS:
    3. /adfs/ls/
    as we cannot customise the alerts checked to ignore this, customers will be prompted to open vulnerabilities through legacy authentication by using AD Connect Health!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  10. A PDC is not reachable through this domain controller when server reboots

    If your PDC emulator is unavailable when rebooting for applying updates, we can get this error from all other domain controllers in the environment.

    Is this actually a problem? My experience says no, but this alert casts doubt on that. We are back to asking ourselves, should the FSMO roles be moved when patching? Historically, the answer to this has been no, this isn't needed. Can we get some more guidance from Microsoft on this?

    Title:
    Domain controller is unable to find a PDC.

    Description:
    A PDC is not reachable through this domain controller. This will lead to impacted user…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  11. As an ADFS admin, I would like to see the least used applications in Connect Health so I can start migration

    As an ADFS admin, I would like to see the least used applications in Connect Health so I can start retiring/migrating unused apps.
    The top 10 least used app report would be helpful

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  12. Password Synchronization heartbeat was skipped in last 120 minutes

    For a few days now I being getting an email message from Microsoft Azure that reads issue: Password Synchronization has not connected with Azure Active Directory in the last 120 minutes. As a result passwords will not be synchronized with Azure Active Directory. I cannot find any related information on what this is or if I should be concerned. It seems my Azure services are working as expected, but this error is just driving me nuts :-)

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  13. ad connect health

    Can we get a Notification on Bad Password Attempts?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure ADConnect Heallth - Allow for by server reporting on failures and application usage

    Allow for the reporting in Azure Ad to include by server reporting for auth failures as well as Application usage. Geo stats by app usage as well.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  15. monitoring tools for PasswordSync

    Is that possible to have email notification when your organization password sync is not working for more than 24 hours? In my case sometime my organization ADsync was working fine but just the password sync stopped for no reason. i need to run a full sync and full password sync only back to normal.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  16. Would like to have an alert notification within Azure AD Connect Health when group membership exceeds 50,000

    Would like to have a DCR (Design Change Request) entered in for an alert creation within Azure Active Directory (AAD) Connect Health that would send an alert when more than the default of 50,000 users is exceeded and the syncing stops occurring. Currently there is the limitation of 50,000 and would like to see an alert within the AD Connect Health Dashboard as right now the alerts are hard to navigate as by a default they are all the way positioned at the bottom of the FIM logs. Thank you.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  17. Revise licensing requirements for initial registered agents

    The current licensing system requires 25 AAD Premium licenses for each additional registered agent beyond the first (i.e. 26 licenses for 2 agents, 51 licenses for 3 agents, etc ...). That's a shame as it makes it impossible for smaller businesses to get even close to full coverage of their relevant infrastructure.

    For example, assume a best practices infrastructure with:
    - 2 x Domain Controllers
    - 2 x AD Federation Servers (installed on DCs)
    - 1 x AAD Connect server
    - 1 x AD FS Web Application Proxy (on AAD Connect server)

    That's 3 Windows servers with two DCs &…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  18. Relaying party utilization report

    AD connect health should provide some kind of a report which can tell who are the users trying to authenticate externally or internally per relying party in ADFS.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  19. Azure AD Connect Health agent data

    Hi, I'm currently looking at implementing Azure AD Connect Health on our AD DS, AD FS, WAP and Azure AD Connect sync servers. We have offices in German and when anything is implemented the German Workers Council have to agree it. We are being asked what actual data is being sent by the on-premises agents to Azure AD Connect Health. I don't see this level of information in the Microsoft Online documentation, but I would have thought that we are not the first to ask this question. Do you have details that can be shared and also I think it…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  20. Issue with Azure AD Connect Health AD DS agent - Ports exhaustion

    We ran into an issue where all the RPC ports on few of our Production DC's got exhausted by this agent and resulted in replication failure. See below netstat output:

    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55151 10.153.6.10:389 CLOSE_WAIT 5860
    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55157 10.155.32.13:389 CLOSE_WAIT 5860
    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55164 10.153.6.10:389 CLOSE_WAIT 5860
    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55167 57.12.150.90:389 CLOSE_WAIT 5860
    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55172 10.155.44.8:389 CLOSE_WAIT 5860
    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55173 10.153.6.10:389 CLOSE_WAIT 5860

    Log Name: System
    Source: Tcpip
    Date: 06/07/2019 05:00:21
    Event ID: 4231
    Task Category: None
    Level: Warning
    Keywords: Classic
    User: N/A
    Computer: DXBEGDC26PV.corp.emirates.com
    Description:
    A request to allocate an ephemeral port number from the global…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base