Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

We have a new log in experience integrated with Azure AD, and we strongly recommend you log in with your Azure AD (Office 365) account. If your UserVoice account is the same email address as your Azure AD account, your previous activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Ability to to remove or customise the default message that we get during SSPR password reset via login screen for Win10 machines.

    Need the ability to remove or customize the default message that we get during SSPR password reset via login screen on Win10 machines. It says '8-16 characters, case sensitive, one number or symbol". This message is conflicting for the end-users as the organizations password policy may not be as stated in the hardcoded message. We need a way to customize it or remove it so that it doesn't confuse end-users.
    Also an important thing to note is that this message is not available when we use SSPR via the online link https://passwordreset.microsoftonline.com/ , its only available when the SSPR reset…

    9 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow Users to Change Password in portal.office.com

    The Microsoft Corp. CSP Office 365 Business Premium license does not allow a user to change their password if they are a hybrid Azure AD Connect synced user with write-back enabled.

    We have a case where we have remote sales people with BYOD devices not joined to our domain and they don't have a way to change their password.

    We can't create them as o365 cloud only users because I need to be able to run export reports from AD for bill-back purposes.

    Please open this up so they can change their passwords. Thank you.

    6 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  3. Self Service Password Reset (SSPR) - Adding exception for users

    We have created many users through Application in Azure AD. And these users are not a part of any Azure AD groups.
    SSPR is not capable of adding exception for those users, who doesn't want to enable this functionality as they are not logging using WEB URL.
    If Azure platform could provide any conditional access just like MFA it would be of added advantage.

    6 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  4. Customizable password reset screen

    Enable the admins to customize the password reset screen that can allow to add the company name and a customized message for password expiry. Also the expiry notification to appear on the users email prior to 14 days.

    6 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  5. Make SSPR from login screen to work togheter with "Interactive logon: Don't display last signed-in" policy

    Even if in this document https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-sspr-windows it mentions that it interferes with SSPR this should be make to work. There are companies that use this policy across thousands of PCs for years to protect identity of logged on user when locked. Also this was Microsoft recommendation https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name

    If no user is displayed, we should ask for username exactly like login prompt does with this policy applied.

    5 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  6. CA for SSPR

    Introduce conditional access for SSPR service so that users can reset their password only from known (Azure AD joined) devices.

    5 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  7. Require PIN verification for office phone resets

    With modern open office floor plans a persons office phone might not be located in a secured area. As of now SSPR will simply call the office phone number and ask the user to press #. This creates a security issue in shared office space. Someone can easily from any computer type in a username, walk over to the desk, answer the phone and complete a password reset. An added layer of security should be setup where a user who sets up an office phone number is required to create a security PIN. Microsoft SSPR calls the number and request…

    4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure SSPR - Provide Message for Users when connecting to 802.1x networks

    For the most part, our users do not connect to 802.1x networks, but when they do SSPR simply fails without any feedback. To improve the user experience, please add an option to provide a custom message when SSPR fails.

    4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow 'Require users to register when signing in ?' to be linked to an AAD Group so we can phase it out

    As above. We don't want to turn this on and hit ALL user at their next logon (too risky due to the numbers involved). We want to phase this out via an AAD group.

    4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  10. Clarify messages for password resets

    When you are forced into a password reset (example: password expired), you get the most shady and generic messages that you have no idea what the problem is.

    In my case it turned out to be a password with more then 16 characters, why is there a max limit on a password for (only) 16 characters?

    Also why are top 100 most used passwords like Welkom01! (dutch version of Welcome01!) accepted!? All my brilliant combinations are rejected because "Microsoft seen them to often", but a top 100 password slides right by.

    Can your error's be more specific so an actual…

    4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  11. Lock fields for SSPR synchronized and populated from on-prem and make them read-only

    We have another portal where our users enter their phone number, alternate phone, mail, etc. to be used for MFA and SSPR.

    We'd like to disable the option for users to be able to edit those fields online in the SSPR portal and instead provide them with a link to the portal where they can change the information. The fields should be visible but read-only.

    4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  12. We need to redirect password reset to our portal from inside mop, users sync from AD but there passwords not sync to cloud

    We need to redirect password reset to our portal from inside mop, users sync from AD but there passwords not sync to cloud

    4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  13. Self-service password reset (SSPR) - Lockout user account with multiple attempts Azure Active Directory Sign-In

    In self-service password reset (SSPR), to prevent users from multiple attempts to reset a password, if user try only five wrong password reset attempts it lock user for 24 hours. I would like to confirm, if there is a way for Admins to reset the counter for the locked user account and/or unblock user to login to the Azure portal?

    Reference article: https://docs.microsoft.com/en-us/azure/active-directory/authentication/active-directory-passwords-faq

    In the scenario, where a bad actor try to lock some user’s then it could easily be done by knowing the username and users will not be able to login for 24 hours. Is there a way…

    3 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow use of custom controls/conditional access with self service password reset

    Allow one of the self service password reset options to be a custom control, such as calling Duo/Okta (currently allowed as a conditional access control). As a company that doesn't use Azure MFA it would be good to be able to use another MFA provider instead of requiring a second mobile application be enrolled, or using less secure methods like SMS.

    3 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  15. Password policies for cloud accounts should provide the same options as AD accounts

    Azure Active Directory Cloud-only accounts don’t adhere to our company's password policies. Notably the following company standards are not easily implemented (if at all possible) for cloud only accounts:

    Password ot derived from User ID
    Password history must be significantly different from the previous 24 passwords.
    No repeated characters (e.g. AAAAAbl$%)
    Exclude keyboard patterns (e.g. QWERTY789)
    Account lockout 6 times in a row during a 30-minute time period

    3 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  16. SSPR Registration - Restrict Registration to the the members of the SSPR Group

    Restrict registration to the members of the SSPR Reset Group , we do not want everyone to be able to register , it gives a false sense of the utility being available to everyone when it is not in our case. Only selected users are allowed to use SSPR reset

    3 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  17. Regarding SSPR, I would like to be able to enforce to users the number of methods to register.

    Regarding SSPR, I would like to be able to enforce to users the number of methods to register.
    So, it will be number of methods available to users.
    Then, Minimum number of methods required to register.
    Then, Minimum number of methods required to reset.

    3 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  18. We need to display password reset guidance( Passsword complexity set in AD) in SSPR pages for end users

    Why azure doesn't have flexibility to include password parameters that are to be used while an end user resets his password through SSPR?

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  19. Need an ability to force enrollment in AAD SSPR if a user logs in using a domain joined or Hybrid AD joined device.

    Need an ability to force enrollment in AAD SSPR if a user logs in using a domain joined or Hybrid AD joined device. Right now SSPR enrollment can be enforced for sign in to Azure AD joined apps only.

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure AD password reset from the login screen password expiration notification

    Azure AD password reset from the login screen has no password expiration notification, when the password is expired. Although, you can click on "Reset password" to reset your password, it doesn't tell you that the password is expired and that you should reset it.
    It would be good if such a password expiration notification on the login screen would be implemented.

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base