Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow setting the number of authentication methods a user is required to add during interrupted registration

    Currently the wizard only guides the user to setup up a max of 2 authentication methods. Please make that configurable so you can guide the user to setup all methods instead of having them manually go back into the portal and setup a 3rd or 4th.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enable SSPR on a Windows 10 device that is not Azure AD joined or Hybrid Azure AD joined.

    Due to technical limitations, we’re unable to Azure AD join or implement a Hybrid Azure AD join on our Windows 10 devices. It would be great if Windows 10 had the ability to launch a secure Web browser session to a backend portal (https://aka.ms/sspr) from the Windows 10 login screen “Reset Password” or “Forgot Password” link without the Azure AD joined or Hybrid Azure AD joined requirement.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  3. Unlock account from SSPR without resetting password

    Allow users to unlock their account without them having to reset their password.

    In our organisation, accounts get locked out due to various other reasons and not just because of forgotten password. Option to unlock account should be provided to users who remember their password by asking them for their password, if they choose to just unlock their account.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  4. Spelling error in dutch error message Azure AD Password Reset

    There is a spelling error in a dutch error messege for Azure AD password reset. It concerns the error messege the user will get when the user wants tot reset the password while he is not registered for Azure AD Password Reset

    'U **** uw eigen wachtwoord niet opnieuw instellen omdat u zich niet het geregistreerd voor wachtwoordherstel'

    The word 'het' should be replaced by 'heeft'

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  5. Increase SSPR audit logs from 30-days to 90-days

    Currently we can only view a max of 30-days previous SSPR activity. Can the logging levels be increased to at least 90-days. Microsoft support said it was currently not available and to raise the feature request here.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  6. SSPR Hyperlink

    SSPR works great. All you need to remember is https://aka.ms/sspr
    Unfortunately, most users do not remember this URL, nor do they store a bookmark in the browser of their mobile device/tablet.
    So if they forget their password, they still call operations.

    Would it be possible to add a link to this URL for example in the microsoft authenticator app ?

    Most users have this on their mobile device anyhow (to be able to reset their password), so having the URL towards SSPR available their would make it easier for them.

    Alternative could also be to develop an 'SSPR app'. But…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow configuration of VIP group only with 2 auth methods for SSPR

    Instead of globally configuring the number of authentication methods for end-user SSPR, we should be able to designate a group that requires additional methods (similar to what AAD already imposes for administrators, but it needs to be for a configurable group.)

    For most end users, one method would be required, but high-value accounts like executives would have to provide two methods. The reasoning is that high-value accounts are more likely be targeted with SIM-porting attacks, etc. Today, risk-averse organizations need to either impose 2-method auth on all SSPR users, or exclude high-value accounts from the SSPR group entirely.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  8. see who has registered for sspr

    Add simple report for number of users who have successfully registered for SSPR and number that have started registration.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  9. Customize Password Protection Verbage to End User (SSPR)

    Allow for the customization of the text presented to a user when they attempt a weak password. For reference, the verbiage is “Unfortunately, your password contains a word, phrase, or pattern that makes your password easily guessable. Please try again with a different password.”

    Many organizations wish to customize this text to provide additional guidance to the end users or even provide links to guidelines for strong passwords as part of the information the user sees.

    This type of customization currently exists in point products and will help with end user adoption and reduction in help desk calls.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  10. password reset

    Make it possible to Exclude/deny groups for password reset. Today them only option is to allow specific groups or all uses. I want to allow all users and deny a group.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  11. by the time i go retrieve my text code for 2FA and get back to my desk the code is expired I can never log into my account

    by the time i go retrieve my text code for 2FA and get back to my desk the code is expired I can never log into my account

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  12. Check is Caps lock is on when someone attempts to reset their password using SSPR

    Would it be possible to warn the user attempting to reset their password using SSPR to that their caps lock key is active?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  13. customize email 'from' address on notification emails

    The send-from and text of the email notice that is sent to users when they reset their password using SSPR needs to be able to be customized using values specified by us for our tenant.

    Currently, the message is sent from 'Microsoft on behalf of Duracell <msonlineservicesteam@microsoftonline.com>' which is often spoofed and is caught by impersonation rules. The message is a security communication and as such it should comply with security best practice. So we should be able to customize the FROM address to reflect our domain and also the message text so that users are clear that…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  14. allow to add more than one group when configuring Azure AD SSPR

    It would be great if there is an option to exclude a group in SSPR configuration page. Or at least option to add more than one group in SSPR.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow domain admins to customize the "Password" link for SSPR

    In Google Apps, once a user is logged in and if tries to change password. Clicking on Password link will take the user to the our own Password Manager solution. This is customized by Admin.

    It will be very nice if Azure provides the same feature in Azure AD

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  16. Azure AD SSPR Contact Information

    We will migrate our users from our AD FS to AAD and would like to use SSPR. We are able at this moment to define every users additional contact information which is mandatory for SSPR but we want to be able to avoid the interactive verification of all the users on their first login since they are existing trusted users and we want to make the migration process seamless to them.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow mandatory Self-Service Password reset options when requiring more than a single recovery option

    Allow the administrator to specify a mandatory recovery option when enabling Self-Service Password resets. That way you can require an option like "Questions and Answers" but still allow the end user to choose an alternative recovery option.

    For example if you enabled Cell Phone, External Email, and Questions and answers. And then flagged Questions as a mandatory choice, then it would allow just the option to choose from email, or cell as the 2nd recovery option. Instead of being able to just choose email, and cell which for most users is a single recovery point on their cellphone.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  18. AAD SSPR admin notifications issue with AAD PIM

    AAD PIM is a bypass for AAD SSPR admin password reset notifications

    Give us the option to specify who should get notified when a admin or eligible admin resets their password.

    I confirmed the notification is not sent to eligible admins (not good)
    I assume its also not sending the notification to current admins if a eligible admins resets his password.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback! To clarify, you want all eligible admins to receive a notification when an admin resets their password?

    At this time, you can ensure that other admins are notified when an admin resets their password. Check out this setting under the Notifications tab in the Password reset section of the Azure AD portal.

    Thanks,
    Sadie Henry (sahenry)

  19. Azure Password Management reporting RBAC

    Extend the new administrative roles added to Azure AD that enable finer-grained administration ( https://blogs.technet.microsoft.com/enterprisemobility/2016/06/28/azuread-updated-with-new-admin-roles/ ) to also encompass Password Management, including MIM hybrid reporting of Self Service Password Reset.

    We are in the midst of deploying MIM Hybrid Reporting for Self Service Password Reset and would like to be able to provide business administrators access to the reporting, without granting administrative access.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  20. Make app notification and app code count towards methods required

    App notification or App code should not result in the message:
    You must enable another method to use mobile app or hardware token code

    These options should be seen as equal to other methods. Otherwise in an environment where other methods are disabled (as they are clearly less secure - such as phone call, SMS, personal email etc) one or more of these less secure methods has to be enabled as well.

    The implication of this is you cannot for example force 2 methods to be required and then select App Code and Security Questions, as you also have to…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base