Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Password policies for cloud accounts should provide the same options as AD accounts

    Azure Active Directory Cloud-only accounts don’t adhere to our company's password policies. Notably the following company standards are not easily implemented (if at all possible) for cloud only accounts:

    Password ot derived from User ID
    Password history must be significantly different from the previous 24 passwords.
    No repeated characters (e.g. AAAAAbl$%)
    Exclude keyboard patterns (e.g. QWERTY789)
    Account lockout 6 times in a row during a 30-minute time period

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  2. to allow Company based customizations in Password Reset portal for SSPR functionality

    Administrators should be able to customize the SSPR portal for their company based logins

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  3. Make "Require users to register when signing in" possible to apply to a group instead of only on/off.

    When enabling SSPR, it is currently only possible to set if registration is required or not required. It would be useful in my tenant to be able to require registration for certain groups of people.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  4. Multiple self-service password reset (SSPR) policies

    A customer wants to enable the SSPR for shops. The users in the shop should be able to reset their password with one authentication method (office phone). They also want to enable the password reset for administration personnel in there HQ. They should be able to reset there password with the other options (Mobile phone, mobile app code, notification) but NOT the office phone.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  5. SSPR Registration - Restrict Registration to the the members of the SSPR Group

    Restrict registration to the members of the SSPR Reset Group , we do not want everyone to be able to register , it gives a false sense of the utility being available to everyone when it is not in our case. Only selected users are allowed to use SSPR reset

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  6. Clarify messages for password resets

    When you are forced into a password reset (example: password expired), you get the most shady and generic messages that you have no idea what the problem is.

    In my case it turned out to be a password with more then 16 characters, why is there a max limit on a password for (only) 16 characters?

    Also why are top 100 most used passwords like Welkom01! (dutch version of Welcome01!) accepted!? All my brilliant combinations are rejected because "Microsoft seen them to often", but a top 100 password slides right by.

    Can your error's be more specific so an actual…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  7. Lock fields for SSPR synchronized and populated from on-prem and make them read-only

    We have another portal where our users enter their phone number, alternate phone, mail, etc. to be used for MFA and SSPR.

    We'd like to disable the option for users to be able to edit those fields online in the SSPR portal and instead provide them with a link to the portal where they can change the information. The fields should be visible but read-only.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  8. We need to redirect password reset to our portal from inside mop, users sync from AD but there passwords not sync to cloud

    We need to redirect password reset to our portal from inside mop, users sync from AD but there passwords not sync to cloud

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  9. SSPR should prevent the use of previous historic passwords used on the account for “X” times (as is standard for on-premise systems)

    Office 365 tenant is a managed domain with all cloud based accounts. Users within the tenant tend to register on private company websites (fitness trackers, consumer purchases, etc.) using their enterprise email address from the tenant. Some of the public company sites get compromised and expose their passwords in clear text, which are then sold on the black market. When those Office 365 accounts are identified as “compromised”, meaning an attacker logs in using the login ID and password from the exposed site the tenant administrator resets those affected passwords to random passwords. The users do not know the password…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  10. Need [exclude] option on Password reset properties.

    That'll be nice if administrators could exclude specific user or group for password reset.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  11. password reset office phone

    Allow a comma , and x for telephone extension attribute when using Office Phone as a method to reset a password through Microsoft Azure Self-Service Reset portal

    example: 555-555-1234 x789 or 555-555-1234,789

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  12. SSPR - Allow successful SSPR to unlock a "Smart Lockout"

    One of the key pains in rolling out Azure AD MFA and SSPR is that without 'Smart Lockout' enabled, you are potentially allowing anyone to DoS your domain user accounts and lock them out. However, the problem is just as bad WITH 'Smart Lockout' enabled if you use AAD for many services. In fact, it's worse because you have no way to unlock a users account... no admin method, and SSPR doesn't unlock it either.

    If you could enable SSPR to unlock the account, that resolves the issue in a pinch. As it stands today, we cannot provide support to…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  13. Self-service password reset (SSPR) - Lockout user account with multiple attempts Azure Active Directory Sign-In

    In self-service password reset (SSPR), to prevent users from multiple attempts to reset a password, if user try only five wrong password reset attempts it lock user for 24 hours. I would like to confirm, if there is a way for Admins to reset the counter for the locked user account and/or unblock user to login to the Azure portal?

    Reference article: https://docs.microsoft.com/en-us/azure/active-directory/authentication/active-directory-passwords-faq

    In the scenario, where a bad actor try to lock some user’s then it could easily be done by knowing the username and users will not be able to login for 24 hours. Is there a way…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  14. Need an ability to force enrollment in AAD SSPR if a user logs in using a domain joined or Hybrid AD joined device.

    Need an ability to force enrollment in AAD SSPR if a user logs in using a domain joined or Hybrid AD joined device. Right now SSPR enrollment can be enforced for sign in to Azure AD joined apps only.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add a 3rd option 'I know my password and would like to change it'

    After you provide your username and satisfy the captcha you are presented with two options:

    'I forgot my password'
    'I know my password, but still can't sign in'

    My suggestion would be to add a 3rd option, 'I know my password and would like to change it'. This 3rd option would link to the Azure option to change their password here: https://account.activedirectory.windowsazure.com/ChangePassword.aspx

    I realize that this 3rd option is not related to a password reset, but we are trying to drive adoption of SSPR in our organization as a one-stop shop for all their password needs. We've had users call…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow configuration of SSPR policy guidelines and "strength meter" for On-premises-to-Azure synchronized accounts

    It would be incredibly useful for our users to have some password guidance when utilizing the Self-service Password Reset portal. Currently, when resetting a password, no policy guidelines or "strength meter" is indicated for our synchronized on-prem accounts. Users are also not informed as to the specific conditions causing their new password to be rejected.
    Just a "password guidelines" interface in Azure >Password Reset that allows administrators to outline conditions (even if these are not enforced by Azure). These would then be displayed and compared against as a user selects a password.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow password strength message to be displayed to the user upon password reset

    E.g. Please enter a password that is between 8-16 characters long etc to give users guidance on what the criteria is for the new password

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provide different security options for staff & students for Education clients

    As an educational institution, we would like to have staff & students use this feature. We feel we would want to provide different security questions to those groups. Currently, the security options are only available for the entire entity and we cannot have different options for groups of users. For this reason, we will only use this for staff at this time.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enhance Self-Service Password Reset (SSPR) security

    Recently rolled out SSPR at a client, who after which stated: when I lose my phone out of sight (e.g. gets stolen), then it's relatively easy to reset a password.

    A person with malicious intent could go to the SSPR portal, track down e-mail address and phone number (isn't that hard) and then reset the password without unlocking the stolen phone (because phone call/reading code sent by text message doesn't require unlocking).

    Additional authentication methods, like security questions and personal email addresses, are undesired, due to the fact that the first isn't a good authentication method and in case of…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  20. Password strength meter

    Need a password strength meter or some kind of feedback at the create a new password form (non B2C)
    I asked about this at Ignite also. I understand we don't want to put the complexity policy out there and that password protection is going to make that 'fuzzy' anyway but we need a strength (or quality?) meter. It could check policy as well as the password protection mechanism and let the user know when they have a password that is strong enough (red yellow green) without letting them know the actual policy. Any feedback at that form is better than…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base