Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Provide the ability to configure notification alerts within the Health App

    Configure e-mail alerts on messages from the “Azure Active Directory Connect (Sync) Alerts”. Currently only errors are alerted and unable to configure to warning messages.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  2. Microsoft.adhybridhealthservice/services/read

    Assign permissions to grant lower-level roles to drill into and resolve sync conflicts. Appears to be the permission below, but the custom role UI doesn't find it available to add.

    Microsoft.adhybridhealthservice/services/read

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  3. Azure AD exposing user info in new portal

    Azure AD in the new portal exposes the Users and groups listed in the AD. This was data that was not accessible to users in the AD while still on the old portal. Now normal users can view all details in the AD. Is this meant to be so in the new portal? If Yes, is there a way to disable this for normal users via the portal or from the backend by submitting a request?

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  4. A PDC is not reachable through this domain controller when server reboots

    If your PDC emulator is unavailable when rebooting for applying updates, we can get this error from all other domain controllers in the environment.

    Is this actually a problem? My experience says no, but this alert casts doubt on that. We are back to asking ourselves, should the FSMO roles be moved when patching? Historically, the answer to this has been no, this isn't needed. Can we get some more guidance from Microsoft on this?

    Title:

    Domain controller is unable to find a PDC.
    

    Description:
    A PDC is not reachable through this domain controller. This will lead to impacted user…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  5. Clean up old sync errors

    (Note: I was directed here by the Azure Support Twitter profile)
    The Sync Errors page shows errors for objects which no longer exist, neither in our on-premise AD nor the Azure AD (these were accounts I created on a new AD created purely for testing; even the AD no long exists).

    The sync error however remains and now I get an email every Monday telling me just that. I don't see a way to mark this error as "handled" or otherwise delete it, as it is a false-positive.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  6. 3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  7. Warning on Service Connect Point change

    Azure AD Connect Health should send a warning when the Active Directory Service Connection Point changes.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  8. Global notification option for all services monitored by Azure AD Connect Health

    Why do customers need to define notification for both ADFS, Azure AD Connect, Azure Active Directory Domain Services. It would be great with an option to cover them all from the top blade.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  9. I have a question about doing a cloud-binding to Azure; if that’s the correct term. Today, I can join my ‘work’ network in Azure on Windows

    I have a question about doing a cloud-binding to Azure; if that’s the correct term. Today, I can join my ‘work’ network in Azure on Windows 10. Works great, no sweat, all good.

    What we want to do now is get our Mac users joined to the domain the same way. Is there even the slightest chance there’ll be similar functionality in OSX any time soon?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure AD Connect Health UI - Usage Analytics

    Colors in the charts should match the legend in multiple charts.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow a full breakdown of usage analytics for application visits

    Currently in Azure Active Directory Connect Health - AD FS services, usage analytics for application visits only show the first 20 applications, and the rest are categorized under "Other". There should be a way to view usage analytics for ALL applications - presumably they're being captured, but currently there's just now way to view them.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  12. AAD Connect switch staging mode without global admin permission

    The number of global admins should be kept low.

    In order to allow operation teams to switch services in case of failure, the need to do this with the Global Admin permission should be removed.

    As a service provider we have problems to comply with SLAs because the customer only approves Global Admin authorization temporarily on request. In a 24/7 fault situation, this can not be secured.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  13. Relaying party utilization report

    AD connect health should provide some kind of a report which can tell who are the users trying to authenticate externally or internally per relying party in ADFS.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure AD Health Connect Agent for ADFS is out of date

    I tried to download the latest version of the "Azure AD Health Connect Agent for ADFS" from https://www.microsoft.com/en-us/download/details.aspx?id=48261 (version 3.1.51.0) but when I checked the file details (attached screenshot) it is showing it is version 3.1.46.0.
    When I install this agent on one of the ADFS servers it is also installed as version 3.1.46.0.

    Please can the download URL for this agent be updated with version 3.1.51.0 of the agent?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add AD DS Login Auditing to Agent

    While the AAD Connect for AD FS Agent can help identity some risks related to logins, that isn't a complete solution right now. Further to other feedback requests asking for IP and Application in those reports, I think we could do with the additional information from the AD DS Agent as well. Additionally, being able to search for specific IPs or Accounts to assist in determining the failed login sources (and dates/times) would be very useful.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  16. AD Connect Health report legacy endpoints not enabled

    AAD Connect Health should not be prompting organisations to re-instate legacy authentication endpoints:
    1. /adfs/services/trust/2005/usernamemixed
    2. /adfs/services/trust/2005/windowstransport
    also the service seems to be unaware that 2016 and later do not default publish certain unnecessary URLS:
    3. /adfs/ls/
    as we cannot customise the alerts checked to ignore this, customers will be prompted to open vulnerabilities through legacy authentication by using AD Connect Health!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  17. AADC Connect Health Agency Sync Errors should refresh even without Azure AD Premium

    We have a tenant that only has Azure AD Basic. The Azure AD Connect Health reported one set of Sync errors that were corrected, but the 21 Duplicate Attribute sync errors never got , or get refreshed even when there no longer are any errors. Documentation says that the reports don't require Azure AD Premium, but the pricing says the overall feature requires Azure AD Premium.

    Something is wrong, and something needs to be changed.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  18. As an ADFS admin, I would like to see the least used applications in Connect Health so I can start migration

    As an ADFS admin, I would like to see the least used applications in Connect Health so I can start retiring/migrating unused apps.
    The top 10 least used app report would be helpful

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  19. Password Synchronization heartbeat was skipped in last 120 minutes

    For a few days now I being getting an email message from Microsoft Azure that reads issue: Password Synchronization has not connected with Azure Active Directory in the last 120 minutes. As a result passwords will not be synchronized with Azure Active Directory. I cannot find any related information on what this is or if I should be concerned. It seems my Azure services are working as expected, but this error is just driving me nuts :-)

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  20. ad connect health

    Can we get a Notification on Bad Password Attempts?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base