Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

We have a new log in experience integrated with Azure AD, and we strongly recommend you log in with your Azure AD (Office 365) account. If your UserVoice account is the same email address as your Azure AD account, your previous activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make https://passwordreset.microsoftonline.com responsive design or app for password reset

    It would be nice, if the passwordreset.microsoftonline.com looked great on a mobile device as well as on a PC. It isn't responsive and looks weird on a phone. You have to pinch to see the text and textboxes on the page.

    Alternative Microsoft should consider integrating "Password Reset" / "Lockout" functionality in a new app or the existing Azure Authenticator app. This will notify the user about account lockout and also provide a way for the user to do a quick password reset a device. Of cause the user will need to answer a couple of questions, enter a pin…

    109 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  2. Authentication Phone

    Make the Authentication Phone and Authentication Email field settable with Powershell.

    100 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

    We are building an API that will allow you to get and set credential information (i.e. Authentication Phone, Authentication Email, etc.) for both multi-factor authentication (MFA) and self-service password reset (SSPR). We will keep you updated when this becomes available.

    We appreciate your feedback and look forward to adding more awesome features to SSPR!

  3. Disable user's ability to change password (via cloud/portals)

    We need to disable a user's ability to change their password. We need to manage password changes in our own application.

    NOTE: I am not referring to password resets (which we can easily disable). Rather I'm talking about preventing users from changing their password via a Microsoft portal when they know their existing password.

    We are looking for an equivalent of the (non Azure) AD powershell command Set-ADUser -CannotChangePassword.

    93 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add reporting to see how many users have or have not registered for Self Service Password Reset.

    Would be helpful so we know who to target to get them registered within our organization

    71 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  5. SSPR - Allow user unlock from the windows 10 logon screen.

    You recently implemented the password reset from the Windows 10 logon screen. However, the possibility of unlocking the user when they remembered the password was lacking.

    I remember that this functionality already exists through the MIM or Azure reset link.

    68 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable SSPR to reset Windows cached credentials

    In reference to - https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-sspr-windows

    Its great that SSPR can now be invoked from the login screen. This however seems like a relatively minor benefit to the average user since most have a mobile device with which they can follow the flow. I don't mean to demean the achievement since its definitely needed. However, what is a major issue (and which generates just as many support issues (and erodes IT credibility) as no SSPR at all) is the lack of SSPR for cached credentials when users are off the network/VPN. This happens to be the most common use case we…

    64 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow multiple groups for SSPR rather than only one group

    you have to make a group for SSPR and assign users or sub groups. If you already have the user groups why cant we just use those?

    34 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

    Great news! We are planning on implementing this as part of a feature that will allow you to configured different SSPR policies for different groups. Looking forward to hearing your feedback!

    Thanks,
    Sadie Henry (sahenry)

  8. AAD Password Reset: Possibility for helpdesk for user verification

    We have users, which are registered for Azure AD Password Reset service. They have filled out the security questions and other options for using the AAD Password Reset self-service.0

    Sometimes the users have Problems to use the self-service in case of different things (forgotten smartphone, answers etc.). In this case, they can call the Helpdesk (ServiceDesk) for further assistant. Now, we are looking for a possibility to make a verification of the user, who is on the other end of the phone.

    Therefor a feature or possibility for members of the Helpdesk/ServiceDesk to verify the calling person with informations are…

    30 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  9. SSPR configurable password policy text window (for tenants using ADFS/write-back)

    We have Azure AD using ADFS, so SSPR is using password write-back.

    We have a 3rd party password filter implemented on-prem because built-in password policies are so poor (complexity enabled with fine-grained password policies still allows passwords like "Password1", "Microsoft1", etc)

    While Azure AD has added some smarts to block "bad" passwords (good job!) - on-prem AD doesn't, which means we can't rely purely on new password filtering functionality in Azure AD.

    The end result is that SSPR is very frustrating to use, because it carries no information about what the on-prem password policy requirements are.

    Please provide a custom…

    25 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback! We would love to hear more about what exactly you would like to see in this feature from both an admin and an end user perspective. Feel free to throw out ideas or specific needs/requirements and we’ll incorporate them into our thinking and planning.

    Sadie Henry (sahenry)

  10. Fine-Grained Self-Service Password Reset policy Groups with priority

    It would be awesome if security administrator could define different SSPR policies and associate them with security groups in Azure Active Directory. The solution should support processing the correct policy based on a specific priority order for the policy, this would be helpful in the case where users belongs to multiple groups.

    23 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback! We are working on giving admins the ability to configure reset policies by group. For priority, we will choose the most secure configuration (if a user has more than one policy applied). We would love to hear more feedback and ideas as we plan this awesome new feature. Thanks in advance for your feedback!

    Sadie Henry (sahenry)

  11. Update or remove the CAPTCHA verification in the SSPR

    The CAPTCHA verification in the initial SSPR portal page is most of the time really hard to read and it take 4-5 attempts to actually start the password reset or account unlock process and this frustrates our end-users.

    I understand the reason the CAPTCHA is there but maybe replace it by the reCAPTCHA with images instead of those hard to read letters.

    Ps. the current captcha is case-sensitive but there are no info in SSPR to highlight that :(

    21 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add dynamic validation rules to Self Service Password Reset

    When trying to reset your password via Azure SSPR with writeback to onprem AD, you currently don't get much detail as to why a password reset may have failed (not enough characters, not complex enough, etc). Our on-prem password reset tool can validate your new password as you type so that you can make sure the new password meets your company policies and it would be great if Azure SSPR could do this to. Even just more details on why a password reset fails would be of great help to end users.

    18 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback! We will take this into consideration and welcome any specific ideas or feedback you have in the meantime. Would you like to see some sort of custom password strength meter? Or maybe just text that tells the user what the on-prem password policy is? Thank you in advance!

    Sadie Henry (sahenry)

  13. Self-Service Password Reset Customize UserName Hint like Example@company.com

    Add Self-Service Password Reset Customize UserName Hint with url parameter YourExample@Yourcompany.com instead of default value of " user@contoso.onmicrosoft.com or user@contoso.com". This would work like Azure AD Customization with UserName Hint

    17 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  14. Granular options for Self Service Password Reset Factors

    It would be nice to be able to configure self service password reset MFA with as much granularity as application MFA policies.

    1) Restrict what factors you can use based on trusted device, network location, etc.

    2) Specify different policies for different user groups. For example, administrative users who are not AAD administrators.

    3) Restrict by domain and have different rules per domains syncing up to the same tenant.

    16 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  15. Disable SSPR by group (exclude group from SSPR)

    Currently, you can configure SSPR to be enabled for your entire organization or for a specific group. It would be nice to have the ability to disable/exclude a specific group (e.g. enable for the entire organization except for a specific group(s)). The use case would be a scenario where almost the entire company should have SSPR but there are sensitive accounts that should not be enabled for it.

    16 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  16. When the Password Writeback limitations can be removed?

    This document described the current limitations that it is un-supported to trigger password writeback via Powershell v1, v2 and Azure AD Graph API (https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-writeback). Which means currently there's no way to trigger password writeback programmatically.

    There's also a statement in that article that you are working to remove these limitations but no specific timeline can share. Can we know the possible timeline when the limitations can be removed (for example second half of the year or the early of next year)?

    Thanks.

    14 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback! This is a limitation that we would like to address. At this time, I don’t have an estimate of when this update would be released. However, please continue to vote on this feature if it’s important to your organization.

    Thank you,
    Sadie Henry

  17. Allow the "Forgot my password" link to be removed from the Sign-In page (for tiers that do not support it)

    The basic AAD tier does not allow the passwords to be reset through the "forgot my password" function.

    However, the sign-in page still provides a "Forgot my password" link. If users follow that link and go through the process they are shown the following message:

    "You cannot reset your password at this time because your administrator has not configured password reset for your organization"

    However, password reset cannot be configured for the subscribed tier.

    It would be preferable to avoid the user going through the reset process in this case.

    13 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  18. Self service password reset on free

    The free Azure AD offering isn't really very credible without a self-service password reset. Since it's an offering where large numbers are expected and price is an issue, expecting administrators to manage individual passwords is not realistic. We expected to have up to 1000 remote end users, and basic is unrealistically expensive just to get the password reset.

    13 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  19. Administration of Self Service Password Reset

    I suggest adding two controls in Azure AD user configuration relating to self-service password reset.

    1) Disable SSPR.
    Turning this on would temporarily prevent the user from using SSPR without changing their configured account verification information. It would block both password reset attempts and attempts to change the account verification information. This feature would be useful when we need to lock out a user by changing their password and still be able to access their account. We're a school and this situation comes up from time to time in the course of disciplinary activities.

    2) Clear account verification information.
    This…

    12 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback!

    For the first suggestion, how would this functionality differ from simply blocking a user? Do you want to be able to change their password while they’re blocked?

    For the second suggestion, we are working on an API and UX that gives an admin the ability to clear authentication methods (i.e. phone, email, etc.) for a user so that they are re-prompted to register when they next sign in.

    Sadie Henry (sahenry)

  20. SSPR- Want be able to de-register a user from all methods, in this moment only phones and emails can be removed, but not security questions.

    SSPR- I want to be able to de-register a user from all methods, in this moment only phones and emails can be removed, but not security questions.

    11 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback! We are planning to add controls to allow you to clear all registered methods for a user. Keep voting if this is important for you and your organization.

    Thanks!
    Sadie Henry

← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base