Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Self-service password reset (SSPR) - Lockout user account with multiple attempts Azure Active Directory Sign-In

    In self-service password reset (SSPR), to prevent users from multiple attempts to reset a password, if user try only five wrong password reset attempts it lock user for 24 hours. I would like to confirm, if there is a way for Admins to reset the counter for the locked user account and/or unblock user to login to the Azure portal?

    Reference article: https://docs.microsoft.com/en-us/azure/active-directory/authentication/active-directory-passwords-faq

    In the scenario, where a bad actor try to lock some user’s then it could easily be done by knowing the username and users will not be able to login for 24 hours. Is there a way…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  2. We need to display password reset guidance( Passsword complexity set in AD) in SSPR pages for end users

    Why azure doesn't have flexibility to include password parameters that are to be used while an end user resets his password through SSPR?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  3. Need an ability to force enrollment in AAD SSPR if a user logs in using a domain joined or Hybrid AD joined device.

    Need an ability to force enrollment in AAD SSPR if a user logs in using a domain joined or Hybrid AD joined device. Right now SSPR enrollment can be enforced for sign in to Azure AD joined apps only.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add a 3rd option 'I know my password and would like to change it'

    After you provide your username and satisfy the captcha you are presented with two options:

    'I forgot my password'
    'I know my password, but still can't sign in'

    My suggestion would be to add a 3rd option, 'I know my password and would like to change it'. This 3rd option would link to the Azure option to change their password here: https://account.activedirectory.windowsazure.com/ChangePassword.aspx

    I realize that this 3rd option is not related to a password reset, but we are trying to drive adoption of SSPR in our organization as a one-stop shop for all their password needs. We've had users call…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow password strength message to be displayed to the user upon password reset

    E.g. Please enter a password that is between 8-16 characters long etc to give users guidance on what the criteria is for the new password

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  6. Need [exclude] option on Password reset properties.

    That'll be nice if administrators could exclude specific user or group for password reset.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  7. Spelling error in dutch error message Azure AD Password Reset

    There is a spelling error in a dutch error messege for Azure AD password reset. It concerns the error messege the user will get when the user wants tot reset the password while he is not registered for Azure AD Password Reset

    'U **** uw eigen wachtwoord niet opnieuw instellen omdat u zich niet het geregistreerd voor wachtwoordherstel'

    The word 'het' should be replaced by 'heeft'

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  8. SSPR - Allow password reset from Windows 10 login screen when connected to wifi

    This suggestion is related to the SSPR functionality at the Windows login screen. The process is described here:
    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-windows

    The password reset screen loads fine and a user is able to reset his AD password when connected to LAN (computer authentication)

    However, when connected to wifi (computer and user authentication / user re-authentication occurs) the password reset screen says that there's no internet connection.

    SSPR needs to be allowed on wifi networks using 802.1x authentication thar have the option “Perform immediately before user logon” disabled.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  9. password reset office phone

    Allow a comma , and x for telephone extension attribute when using Office Phone as a method to reset a password through Microsoft Azure Self-Service Reset portal

    example: 555-555-1234 x789 or 555-555-1234,789

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  10. Increase SSPR audit logs from 30-days to 90-days

    Currently we can only view a max of 30-days previous SSPR activity. Can the logging levels be increased to at least 90-days. Microsoft support said it was currently not available and to raise the feature request here.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  11. SSPR - Allow successful SSPR to unlock a "Smart Lockout"

    One of the key pains in rolling out Azure AD MFA and SSPR is that without 'Smart Lockout' enabled, you are potentially allowing anyone to DoS your domain user accounts and lock them out. However, the problem is just as bad WITH 'Smart Lockout' enabled if you use AAD for many services. In fact, it's worse because you have no way to unlock a users account... no admin method, and SSPR doesn't unlock it either.

    If you could enable SSPR to unlock the account, that resolves the issue in a pinch. As it stands today, we cannot provide support to…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow configuration of VIP group only with 2 auth methods for SSPR

    Instead of globally configuring the number of authentication methods for end-user SSPR, we should be able to designate a group that requires additional methods (similar to what AAD already imposes for administrators, but it needs to be for a configurable group.)

    For most end users, one method would be required, but high-value accounts like executives would have to provide two methods. The reasoning is that high-value accounts are more likely be targeted with SIM-porting attacks, etc. Today, risk-averse organizations need to either impose 2-method auth on all SSPR users, or exclude high-value accounts from the SSPR group entirely.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  13. password reset

    Make it possible to Exclude/deny groups for password reset. Today them only option is to allow specific groups or all uses. I want to allow all users and deny a group.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add the ability to reset/clear SSPR registration information.

    We have the ability to clear/reset MFA registration information. It would be great if we had the ability to do the same for SSPR information. Our service desk has asked us a few times if we could do this but we tell them no. It would also be great for us when we try and test new registration steps.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  15. Check is Caps lock is on when someone attempts to reset their password using SSPR

    Would it be possible to warn the user attempting to reset their password using SSPR to that their caps lock key is active?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow configuration of SSPR policy guidelines and "strength meter" for On-premises-to-Azure synchronized accounts

    It would be incredibly useful for our users to have some password guidance when utilizing the Self-service Password Reset portal. Currently, when resetting a password, no policy guidelines or "strength meter" is indicated for our synchronized on-prem accounts. Users are also not informed as to the specific conditions causing their new password to be rejected.
    Just a "password guidelines" interface in Azure >Password Reset that allows administrators to outline conditions (even if these are not enforced by Azure). These would then be displayed and compared against as a user selects a password.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  17. customize email 'from' address on notification emails

    The send-from and text of the email notice that is sent to users when they reset their password using SSPR needs to be able to be customized using values specified by us for our tenant.

    Currently, the message is sent from 'Microsoft on behalf of Duracell <msonlineservicesteam@microsoftonline.com>' which is often spoofed and is caught by impersonation rules. The message is a security communication and as such it should comply with security best practice. So we should be able to customize the FROM address to reflect our domain and also the message text so that users are clear that…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  18. allow to add more than one group when configuring Azure AD SSPR

    It would be great if there is an option to exclude a group in SSPR configuration page. Or at least option to add more than one group in SSPR.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow domain admins to customize the "Password" link for SSPR

    In Google Apps, once a user is logged in and if tries to change password. Clicking on Password link will take the user to the our own Password Manager solution. This is customized by Admin.

    It will be very nice if Azure provides the same feature in Azure AD

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure AD SSPR Contact Information

    We will migrate our users from our AD FS to AAD and would like to use SSPR. We are able at this moment to define every users additional contact information which is mandatory for SSPR but we want to be able to avoid the interactive verification of all the users on their first login since they are existing trusted users and we want to make the migration process seamless to them.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base