Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make https://passwordreset.microsoftonline.com responsive design or app for password reset

    It would be nice, if the passwordreset.microsoftonline.com looked great on a mobile device as well as on a PC. It isn't responsive and looks weird on a phone. You have to pinch to see the text and textboxes on the page.

    Alternative Microsoft should consider integrating "Password Reset" / "Lockout" functionality in a new app or the existing Azure Authenticator app. This will notify the user about account lockout and also provide a way for the user to do a quick password reset a device. Of cause the user will need to answer a couple of questions, enter a pin…

    93 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      9 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
    • Disable user's ability to change password (via cloud/portals)

      We need to disable a user's ability to change their password. We need to manage password changes in our own application.

      NOTE: I am not referring to password resets (which we can easily disable). Rather I'm talking about preventing users from changing their password via a Microsoft portal when they know their existing password.

      We are looking for an equivalent of the (non Azure) AD powershell command Set-ADUser -CannotChangePassword.

      77 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        11 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
      • Authentication Phone

        Make the Authentication Phone and Authentication Email field settable with Powershell.

        76 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          10 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

          We are building an API that will allow you to get and set credential information (i.e. Authentication Phone, Authentication Email, etc.) for both multi-factor authentication (MFA) and self-service password reset (SSPR). We will keep you updated when this becomes available.

          We appreciate your feedback and look forward to adding more awesome features to SSPR!

        • SSPR - Allow user unlock from the windows 10 logon screen.

          You recently implemented the password reset from the Windows 10 logon screen. However, the possibility of unlocking the user when they remembered the password was lacking.

          I remember that this functionality already exists through the MIM or Azure reset link.

          51 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            3 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
          • Enable SSPR to reset Windows cached credentials

            In reference to - https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-sspr-windows

            Its great that SSPR can now be invoked from the login screen. This however seems like a relatively minor benefit to the average user since most have a mobile device with which they can follow the flow. I don't mean to demean the achievement since its definitely needed. However, what is a major issue (and which generates just as many support issues (and erodes IT credibility) as no SSPR at all) is the lack of SSPR for cached credentials when users are off the network/VPN. This happens to be the most common use case we…

            32 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              4 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
            • Add reporting to see how many users have or have not registered for Self Service Password Reset.

              Would be helpful so we know who to target to get them registered within our organization

              29 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                5 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
              • Allow multiple groups for SSPR rather than only one group

                you have to make a group for SSPR and assign users or sub groups. If you already have the user groups why cant we just use those?

                21 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

                  Great news! We are planning on implementing this as part of a feature that will allow you to configured different SSPR policies for different groups. Looking forward to hearing your feedback!

                  Thanks,
                  Sadie Henry (sahenry)

                • MFA as second authentication factor for SSPR

                  With SSPR we can active several authentication methods (office phone, mobile, alternate email, security questions). This is great, but it would be perfect if we there would be an extra validation on MFA if the user is enrolled.

                  21 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    5 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

                    Thank you for your feedback! We would love to hear more about what exactly you would like to see in this feature from both an admin and an end user perspective. Are you wanting more authentication methods for MFA? Are you wanting parity between MFA and SSPR authentication methods? Feel free to throw out ideas or specific needs/requirements and we’ll incorporate them into our thinking and planning.

                    Sadie Henry (sahenry)

                  • SSPR configurable password policy text window (for tenants using ADFS/write-back)

                    We have Azure AD using ADFS, so SSPR is using password write-back.

                    We have a 3rd party password filter implemented on-prem because built-in password policies are so poor (complexity enabled with fine-grained password policies still allows passwords like "Password1", "Microsoft1", etc)

                    While Azure AD has added some smarts to block "bad" passwords (good job!) - on-prem AD doesn't, which means we can't rely purely on new password filtering functionality in Azure AD.

                    The end result is that SSPR is very frustrating to use, because it carries no information about what the on-prem password policy requirements are.

                    Please provide a custom…

                    21 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

                      Thank you for your feedback! We would love to hear more about what exactly you would like to see in this feature from both an admin and an end user perspective. Feel free to throw out ideas or specific needs/requirements and we’ll incorporate them into our thinking and planning.

                      Sadie Henry (sahenry)

                    • Update or remove the CAPTCHA verification in the SSPR

                      The CAPTCHA verification in the initial SSPR portal page is most of the time really hard to read and it take 4-5 attempts to actually start the password reset or account unlock process and this frustrates our end-users.

                      I understand the reason the CAPTCHA is there but maybe replace it by the reCAPTCHA with images instead of those hard to read letters.

                      Ps. the current captcha is case-sensitive but there are no info in SSPR to highlight that :(

                      16 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        3 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
                      • Fine-Grained Self-Service Password Reset policy Groups with priority

                        It would be awesome if security administrator could define different SSPR policies and associate them with security groups in Azure Active Directory. The solution should support processing the correct policy based on a specific priority order for the policy, this would be helpful in the case where users belongs to multiple groups.

                        16 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

                          Thank you for your feedback! We are working on giving admins the ability to configure reset policies by group. For priority, we will choose the most secure configuration (if a user has more than one policy applied). We would love to hear more feedback and ideas as we plan this awesome new feature. Thanks in advance for your feedback!

                          Sadie Henry (sahenry)

                        • List of users who have and have not registered for SSPR

                          I would have thought this should be a default feature! We are trying to encourage uptake of SSPR but I have zero visibility of how many people and who has actually successfully registered for SSPR.

                          Armed with that info, I could target those who havnt.

                          It seems any info on SSPR is solely limited to the last 30 days of logs.

                          15 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
                          • When the Password Writeback limitations can be removed?

                            This document described the current limitations that it is un-supported to trigger password writeback via Powershell v1, v2 and Azure AD Graph API (https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-writeback). Which means currently there's no way to trigger password writeback programmatically.

                            There's also a statement in that article that you are working to remove these limitations but no specific timeline can share. Can we know the possible timeline when the limitations can be removed (for example second half of the year or the early of next year)?

                            Thanks.

                            14 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

                              Thank you for your feedback! This is a limitation that we would like to address. At this time, I don’t have an estimate of when this update would be released. However, please continue to vote on this feature if it’s important to your organization.

                              Thank you,
                              Sadie Henry

                            • Add dynamic validation rules to Self Service Password Reset

                              When trying to reset your password via Azure SSPR with writeback to onprem AD, you currently don't get much detail as to why a password reset may have failed (not enough characters, not complex enough, etc). Our on-prem password reset tool can validate your new password as you type so that you can make sure the new password meets your company policies and it would be great if Azure SSPR could do this to. Even just more details on why a password reset fails would be of great help to end users.

                              12 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

                                Thank you for your feedback! We will take this into consideration and welcome any specific ideas or feedback you have in the meantime. Would you like to see some sort of custom password strength meter? Or maybe just text that tells the user what the on-prem password policy is? Thank you in advance!

                                Sadie Henry (sahenry)

                              • Self-Service Password Reset Customize UserName Hint like Example@company.com

                                Add Self-Service Password Reset Customize UserName Hint with url parameter YourExample@Yourcompany.com instead of default value of " user@contoso.onmicrosoft.com or user@contoso.com". This would work like Azure AD Customization with UserName Hint

                                11 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
                                • SSPR- Want be able to de-register a user from all methods, in this moment only phones and emails can be removed, but not security questions.

                                  SSPR- I want to be able to de-register a user from all methods, in this moment only phones and emails can be removed, but not security questions.

                                  10 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

                                    Thank you for your feedback! We are planning to add controls to allow you to clear all registered methods for a user. Keep voting if this is important for you and your organization.

                                    Thanks!
                                    Sadie Henry

                                  • Administration of Self Service Password Reset

                                    I suggest adding two controls in Azure AD user configuration relating to self-service password reset.

                                    1) Disable SSPR.
                                    Turning this on would temporarily prevent the user from using SSPR without changing their configured account verification information. It would block both password reset attempts and attempts to change the account verification information. This feature would be useful when we need to lock out a user by changing their password and still be able to access their account. We're a school and this situation comes up from time to time in the course of disciplinary activities.

                                    2) Clear account verification information.
                                    This…

                                    10 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

                                      Thank you for your feedback!

                                      For the first suggestion, how would this functionality differ from simply blocking a user? Do you want to be able to change their password while they’re blocked?

                                      For the second suggestion, we are working on an API and UX that gives an admin the ability to clear authentication methods (i.e. phone, email, etc.) for a user so that they are re-prompted to register when they next sign in.

                                      Sadie Henry (sahenry)

                                    • Self service password reset on free

                                      The free Azure AD offering isn't really very credible without a self-service password reset. Since it's an offering where large numbers are expected and price is an issue, expecting administrators to manage individual passwords is not realistic. We expected to have up to 1000 remote end users, and basic is unrealistically expensive just to get the password reset.

                                      10 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        4 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Allow the "Forgot my password" link to be removed from the Sign-In page (for tiers that do not support it)

                                        The basic AAD tier does not allow the passwords to be reset through the "forgot my password" function.

                                        However, the sign-in page still provides a "Forgot my password" link. If users follow that link and go through the process they are shown the following message:

                                        "You cannot reset your password at this time because your administrator has not configured password reset for your organization"

                                        However, password reset cannot be configured for the subscribed tier.

                                        It would be preferable to avoid the user going through the reset process in this case.

                                        9 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Language switcher for Self Service Password Reset

                                          Currently (November 2017) The language of the Self Service Password Reset pages are based on your browser language. The only way to change the language the pages are presented in is to change your browser language. This is not always possible or desired. If a user doesn't have access to their own computer because they're locked out or have forgotten your password, and they go to a coworkers machine or a kiosk machine they may not have access to change the browser language (or know how).

                                          Please provide a site-based language switcher to override the browser language for presenting the…

                                          9 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3
                                          • Don't see your idea?

                                          Feedback and Knowledge Base