Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow the "Forgot my password" link to be removed from the Sign-In page (for tiers that do not support it)

    The basic AAD tier does not allow the passwords to be reset through the "forgot my password" function.

    However, the sign-in page still provides a "Forgot my password" link. If users follow that link and go through the process they are shown the following message:

    "You cannot reset your password at this time because your administrator has not configured password reset for your organization"

    However, password reset cannot be configured for the subscribed tier.

    It would be preferable to avoid the user going through the reset process in this case.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  2. Self service password reset on free

    The free Azure AD offering isn't really very credible without a self-service password reset. Since it's an offering where large numbers are expected and price is an issue, expecting administrators to manage individual passwords is not realistic. We expected to have up to 1000 remote end users, and basic is unrealistically expensive just to get the password reset.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  3. Ability to to remove or customise the default message that we get during SSPR password reset via login screen for Win10 machines.

    Need the ability to remove or customize the default message that we get during SSPR password reset via login screen on Win10 machines. It says '8-16 characters, case sensitive, one number or symbol". This message is conflicting for the end-users as the organizations password policy may not be as stated in the hardcoded message. We need a way to customize it or remove it so that it doesn't confuse end-users.
    Also an important thing to note is that this message is not available when we use SSPR via the online link https://passwordreset.microsoftonline.com/ , its only available when the SSPR reset…

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  4. Ability to customize Password Reset page

    We use DirSync with AD Azure and ADFS to allow Work or School account logins for our users. We do not synchronize passwords, so the setting "Users enabled for password reset" is set to no.

    When click on the "Can't access your account?" link at https://login.microsoftonline.com/ and specify their email address with us, they are taken to a page that is customized with our Logo, that tells the user their account cannot be reset and provides them with a link to "contact your administrator" -- this link generates an email to our staff.

    We would like to customize this link,…

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow Users to Change Password in portal.office.com

    The Microsoft Corp. CSP Office 365 Business Premium license does not allow a user to change their password if they are a hybrid Azure AD Connect synced user with write-back enabled.

    We have a case where we have remote sales people with BYOD devices not joined to our domain and they don't have a way to change their password.

    We can't create them as o365 cloud only users because I need to be able to run export reports from AD for bill-back purposes.

    Please open this up so they can change their passwords. Thank you.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  6. Self Service Password Reset (SSPR) - Adding exception for users

    We have created many users through Application in Azure AD. And these users are not a part of any Azure AD groups.
    SSPR is not capable of adding exception for those users, who doesn't want to enable this functionality as they are not logging using WEB URL.
    If Azure platform could provide any conditional access just like MFA it would be of added advantage.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  7. CA for SSPR

    Introduce conditional access for SSPR service so that users can reset their password only from known (Azure AD joined) devices.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  8. Make SSPR from login screen to work togheter with "Interactive logon: Don't display last signed-in" policy

    Even if in this document https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-sspr-windows it mentions that it interferes with SSPR this should be make to work. There are companies that use this policy across thousands of PCs for years to protect identity of logged on user when locked. Also this was Microsoft recommendation https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name

    If no user is displayed, we should ask for username exactly like login prompt does with this policy applied.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow 'Require users to register when signing in ?' to be linked to an AAD Group so we can phase it out

    As above. We don't want to turn this on and hit ALL user at their next logon (too risky due to the numbers involved). We want to phase this out via an AAD group.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  10. Customizable password reset screen

    Enable the admins to customize the password reset screen that can allow to add the company name and a customized message for password expiry. Also the expiry notification to appear on the users email prior to 14 days.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  11. Regarding SSPR, I would like to be able to enforce to users the number of methods to register.

    Regarding SSPR, I would like to be able to enforce to users the number of methods to register.
    So, it will be number of methods available to users.
    Then, Minimum number of methods required to register.
    Then, Minimum number of methods required to reset.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  12. Require PIN verification for office phone resets

    With modern open office floor plans a persons office phone might not be located in a secured area. As of now SSPR will simply call the office phone number and ask the user to press #. This creates a security issue in shared office space. Someone can easily from any computer type in a username, walk over to the desk, answer the phone and complete a password reset. An added layer of security should be setup where a user who sets up an office phone number is required to create a security PIN. Microsoft SSPR calls the number and request…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  13. Azure AD password reset from the login screen password expiration notification

    Azure AD password reset from the login screen has no password expiration notification, when the password is expired. Although, you can click on "Reset password" to reset your password, it doesn't tell you that the password is expired and that you should reset it.
    It would be good if such a password expiration notification on the login screen would be implemented.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  14. Password policies for cloud accounts should provide the same options as AD accounts

    Azure Active Directory Cloud-only accounts don’t adhere to our company's password policies. Notably the following company standards are not easily implemented (if at all possible) for cloud only accounts:

    Password ot derived from User ID
    Password history must be significantly different from the previous 24 passwords.
    No repeated characters (e.g. AAAAAbl$%)
    Exclude keyboard patterns (e.g. QWERTY789)
    Account lockout 6 times in a row during a 30-minute time period

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  15. Multiple self-service password reset (SSPR) policies

    A customer wants to enable the SSPR for shops. The users in the shop should be able to reset their password with one authentication method (office phone). They also want to enable the password reset for administration personnel in there HQ. They should be able to reset there password with the other options (Mobile phone, mobile app code, notification) but NOT the office phone.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  16. Azure SSPR - Provide Message for Users when connecting to 802.1x networks

    For the most part, our users do not connect to 802.1x networks, but when they do SSPR simply fails without any feedback. To improve the user experience, please add an option to provide a custom message when SSPR fails.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  17. SSPR Registration - Restrict Registration to the the members of the SSPR Group

    Restrict registration to the members of the SSPR Reset Group , we do not want everyone to be able to register , it gives a false sense of the utility being available to everyone when it is not in our case. Only selected users are allowed to use SSPR reset

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  18. Clarify messages for password resets

    When you are forced into a password reset (example: password expired), you get the most shady and generic messages that you have no idea what the problem is.

    In my case it turned out to be a password with more then 16 characters, why is there a max limit on a password for (only) 16 characters?

    Also why are top 100 most used passwords like Welkom01! (dutch version of Welcome01!) accepted!? All my brilliant combinations are rejected because "Microsoft seen them to often", but a top 100 password slides right by.

    Can your error's be more specific so an actual…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  19. Lock fields for SSPR synchronized and populated from on-prem and make them read-only

    We have another portal where our users enter their phone number, alternate phone, mail, etc. to be used for MFA and SSPR.

    We'd like to disable the option for users to be able to edit those fields online in the SSPR portal and instead provide them with a link to the portal where they can change the information. The fields should be visible but read-only.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  20. We need to redirect password reset to our portal from inside mop, users sync from AD but there passwords not sync to cloud

    We need to redirect password reset to our portal from inside mop, users sync from AD but there passwords not sync to cloud

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base