Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Authenticating wireless access points \ RADIUS through Azure AD

    I would like to see Authenticating wireless access points \ RADIUS servers through Azure AD , not having to store user accounts in local active directory

    1,022 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    90 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback, we’re currently reviewing this capability to see how we can support RADIUS auth on NPS specifically, for AAD Joined Windows 10 devices to authenticate to WiFi access points

    If there are scenarios beyond the above, please provide the details in the comments


    Ravi

  2. Add Shibboleth to the set of authentication protocols

    At present Azure AD can authenticate to SaaS using SAML, OAuth etc. Many academic institutions use Shibboleth which is based on SAML. Currently this means that they have to maintain a separate Shibboleth service in addition to AD FS (if using that for authentication). If a Shibboleth service could be added to Azure AD this would reduce the hardware/software complexity on-site and allow more Universities to take advantage of the Cloud Identity provided by Azure. Shibboleth is generally used to access shared education services, journals and other shared services.

    48 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  15 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. HAve the ability to use all Azure AD user attributes for Customize claims available for Azure AD SAML token.

    Allow the use of all Azure AD User attributes in a claim, currently we have a requirement to add Azure AD synced attributes to be sent as a claim for SAML authentication. for example, attributes such as 'Manager' or 'immutable ID' are not supported. Can we have the option to use all available attributes as part of the claim.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure Active Directory Seamless Single Sign-On - Multi-tenants in a single forest hosting environment.

    We have multi-tenants in a single forest hosting environment synchronizing different customers (each in a different OU) to their own O365/Azure AD tenant account. At the current moment, Seamless Single Sign-On only supports one O365/Azure AD tenant for sign on in the current setup we have. This is due to a computer created called AZUREADSSOACC in Windows AD. We want to adopt the Seamless Single Sign-On but as it only supports one O365/Azure AD tenant for sign on we cannot use it.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  5 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. NIST 800-63B Digital Identity Guidelines

    Please update the password requirements to match both those of NIST 800-63B Digital Identity Guidelines and those suggested by Microsoft https://www.microsoft.com/en-us/research/publication/password-guidance/.

    Also the ability to build a password blacklist.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    We’re well aware of the NIST 800-63B guidelines (and it’s my team that wrote that password whitepaper!). We’re currently making some foundational changes that should subsequently let us implement many or most of the password composition guidelines.

    As for a password blacklist, today we have a banned password list in place that prevents users from using known-bad words, phrases, and passwords. We also have a custom list feature that lets you define your own words and patterns. That’s in private preview today and we’re working to get it to public preview over the next few months.

  6. Pass Through Auth in ADconnect for Azure Government

    Support of PTA in Azure Gov meeting HSPD-12 mandates.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Document a full list of the opaque AAD error codes for OAuth dance failure

    The simple OAuth codes are documented here:
    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-v2-protocols-oauth-code#error-codes-for-authorization-endpoint-errors

    ...however, there is no single resource which lists all the possible error codes given in the error description such as AADSTS65005 & AADSTS65004

    Such a resource would allow developers to handle OAuth dance failures in an elegant manner and give end users a better UX.

    Some background on this question:
    https://twitter.com/dvdsmpsn/status/811537895542624256
    https://social.msdn.microsoft.com/Forums/en-US/6e4e16f1-7f37-431d-ac10-a94ca9a04ae4/document-a-full-list-of-the-opaque-aad-error-codes-for-oauth-dance-failure?forum=WindowsAzureAD

    I've started a list of error codes here:
    https://gist.github.com/dvdsmpsn/1d6569bcd9197a08707ae6d443f554e2

    Feel free to add to these in the comments :)

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Bug: Malformed OAuth 2.0 access token response

    Steps to reproduce

    Request an access token by following the instructions at Request an access token.

    Expected

    expires_in is a number, as in the example and RFC 6749:

    "expires_in": 3599,
    

    Actual

    expires_in is a string:

    "expires_in": "3599",
    

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable application roles for user assigned managed identity

    We use application claims declared in an AAD application registration to enable specific applications access to specific roles in a microservice application model.

    User assigned managed service identity provides a great way to securely assign identity to an application, however currently this is an 'all or nothing' model.

    Enabling use of a custom identity manifest in the same way as enabled for a standard application registration would allow far greater flexibility in defining what access an application would have to another application while maintaining the additional security and ease of use benefits achievable though use of managed service identity.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support certificate authentication in MyApps for iOS

    I would like to be able to log into MyApps using ADFS and Certificate authentication. I can log into Safari using Certificates, but I can not use the native MyApps application on iOS.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base