Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Self service password reset on free

    The free Azure AD offering isn't really very credible without a self-service password reset. Since it's an offering where large numbers are expected and price is an issue, expecting administrators to manage individual passwords is not realistic. We expected to have up to 1000 remote end users, and basic is unrealistically expensive just to get the password reset.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  2. CA for SSPR

    Introduce conditional access for SSPR service so that users can reset their password only from known (Azure AD joined) devices.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  3. Ability to to remove or customise the default message that we get during SSPR password reset via login screen for Win10 machines.

    Need the ability to remove or customize the default message that we get during SSPR password reset via login screen on Win10 machines. It says '8-16 characters, case sensitive, one number or symbol". This message is conflicting for the end-users as the organizations password policy may not be as stated in the hardcoded message. We need a way to customize it or remove it so that it doesn't confuse end-users.
    Also an important thing to note is that this message is not available when we use SSPR via the online link https://passwordreset.microsoftonline.com/ , its only available when the SSPR reset…

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  4. Password Validation in Azure SSPR

    As of now, when user is trying to change his password via Azure SSPR user gets a generic statement stating that "the password does not meet the complexity etc...".

    Instead of the above statement/message we want some message to be displayed in azure SSPR on the fly (while user is typing the new password) below are few suggestions.


    1. The password should be at least 9 characters long

    2. Do not use repeat password.

    3. Employee cannot use user name as password

    4. Password should meet below criteria
      4.1. Password must contain lower case letters
      4.2. Password must contain upper case letters
      4.3. Password…
    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  5. Ability to customize Password Reset page

    We use DirSync with AD Azure and ADFS to allow Work or School account logins for our users. We do not synchronize passwords, so the setting "Users enabled for password reset" is set to no.

    When click on the "Can't access your account?" link at https://login.microsoftonline.com/ and specify their email address with us, they are taken to a page that is customized with our Logo, that tells the user their account cannot be reset and provides them with a link to "contact your administrator" -- this link generates an email to our staff.

    We would like to customize this link,…

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add the ability to reset/clear SSPR registration information.

    We have the ability to clear/reset MFA registration information. It would be great if we had the ability to do the same for SSPR information. Our service desk has asked us a few times if we could do this but we tell them no. It would also be great for us when we try and test new registration steps.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  7. Self Service Password Reset (SSPR) - Adding exception for users

    We have created many users through Application in Azure AD. And these users are not a part of any Azure AD groups.
    SSPR is not capable of adding exception for those users, who doesn't want to enable this functionality as they are not logging using WEB URL.
    If Azure platform could provide any conditional access just like MFA it would be of added advantage.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow Users to Change Password in portal.office.com

    The Microsoft Corp. CSP Office 365 Business Premium license does not allow a user to change their password if they are a hybrid Azure AD Connect synced user with write-back enabled.

    We have a case where we have remote sales people with BYOD devices not joined to our domain and they don't have a way to change their password.

    We can't create them as o365 cloud only users because I need to be able to run export reports from AD for bill-back purposes.

    Please open this up so they can change their passwords. Thank you.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow 'Require users to register when signing in ?' to be linked to an AAD Group so we can phase it out

    As above. We don't want to turn this on and hit ALL user at their next logon (too risky due to the numbers involved). We want to phase this out via an AAD group.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  10. Select Authenticator in Password Self service without selecting one more option

    Thanks for adding Authenticator as option to Password Self service.
    It was much awaited option as our security team doesn't want to use SMS text.

    Issue now is that we can not enable that option without selecting one other option so we are in same situation now & can not roll out this to our 40000 users as we can not just lock it down to authenticator.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure AD password reset from the login screen password expiration notification

    Azure AD password reset from the login screen has no password expiration notification, when the password is expired. Although, you can click on "Reset password" to reset your password, it doesn't tell you that the password is expired and that you should reset it.
    It would be good if such a password expiration notification on the login screen would be implemented.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  12. Make SSPR from login screen to work togheter with "Interactive logon: Don't display last signed-in" policy

    Even if in this document https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-sspr-windows it mentions that it interferes with SSPR this should be make to work. There are companies that use this policy across thousands of PCs for years to protect identity of logged on user when locked. Also this was Microsoft recommendation https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name

    If no user is displayed, we should ask for username exactly like login prompt does with this policy applied.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  13. Regarding SSPR, I would like to be able to enforce to users the number of methods to register.

    Regarding SSPR, I would like to be able to enforce to users the number of methods to register.
    So, it will be number of methods available to users.
    Then, Minimum number of methods required to register.
    Then, Minimum number of methods required to reset.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  14. SSPR - Allow password reset from Windows 10 login screen when connected to wifi

    This suggestion is related to the SSPR functionality at the Windows login screen. The process is described here:
    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-windows

    The password reset screen loads fine and a user is able to reset his AD password when connected to LAN (computer authentication)

    However, when connected to wifi (computer and user authentication / user re-authentication occurs) the password reset screen says that there's no internet connection.

    SSPR needs to be allowed on wifi networks using 802.1x authentication thar have the option “Perform immediately before user logon” disabled.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  15. Display Company Password Policy on Azure tenant "Change Password" Page

    As of now, when user is trying to change a password via Azure Password Reset https://account.activedirectory.windowsazure.com/ChangePassword.aspx

    The user gets a very generic message stating "This password does not meet the length, complexity, age, or history requirements of your corporate password policy.".

    We would like to be able to display our current password policy in the error message, like literally every other website/login page.

    Here is an example

    The password should be at least 9 characters long

    Password should meet below criteria
    1. Password must contain lower case letters
    2. Password must contain upper case letters
    3. Password must contain numerical

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  16. Unlock account from SSPR without resetting password

    Allow users to unlock their account without them having to reset their password.

    In our organisation, accounts get locked out due to various other reasons and not just because of forgotten password. Option to unlock account should be provided to users who remember their password by asking them for their password, if they choose to just unlock their account.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  17. Customizable password reset screen

    Enable the admins to customize the password reset screen that can allow to add the company name and a customized message for password expiry. Also the expiry notification to appear on the users email prior to 14 days.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  18. Please add clarity to Self Service Password Rest (SSPR) error messages, or allow for customization

    End users are not given clear reasons as to why their password reset failed. For example, the error message for using an invalid password and 'trying to reset the password too frequently' are the same.

    In large organizations with non-technical end users this is generating help desk ticket volume. Having more clarity in these message would help end users and reduce ticket volume.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  19. Require PIN verification for office phone resets

    With modern open office floor plans a persons office phone might not be located in a secured area. As of now SSPR will simply call the office phone number and ask the user to press #. This creates a security issue in shared office space. Someone can easily from any computer type in a username, walk over to the desk, answer the phone and complete a password reset. An added layer of security should be setup where a user who sets up an office phone number is required to create a security PIN. Microsoft SSPR calls the number and request…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  20. We need to display password reset guidance( Passsword complexity set in AD) in SSPR pages for end users

    Why azure doesn't have flexibility to include password parameters that are to be used while an end user resets his password through SSPR?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base