Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

We have a new log in experience integrated with Azure AD, and we strongly recommend you log in with your Azure AD (Office 365) account. If your UserVoice account is the same email address as your Azure AD account, your previous activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support exporting and importing conditional access policies using PowerShell

    Support exporting and importing conditional access policies using PowerShell. This would be handy for backup purposes, but also for re-use of the same policy rules between test and production tenants.

    The Microsoft Graph API currently do not have any REST APIs for accessing and creating conditional access policies: https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/intune_graph_overview

    276 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      14 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
    • Allow for customized error messages in Azure AD Conditional Access policies

      Allow for an administrator to create customized error messages to replace the generic AAD conditional access "you do not meet the criteria." For example, if I have a conditional access policy that blocks access for Windows devices based on a specific criteria, I could display a custom error message that would offer links to support sites, or IT support #. In addition, allow for multiple custom error messages to be defined, and linked to specific policies that block access. For example, we could display a different error message on PC, iOS, or Android devices that are blocked via a conditional…

      178 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        16 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →

        Hi,

        I wanted to give a quick update on this. We agree this makes a lot of sense and is useful in many different cases, so have added it to our backlog. I don’t have a date to share yet, but will post updates here. Thanks for the interest.

        -Caleb Baker

      • Device Authentication Conditional Access for Azure AD

        Today, it's possible to setup Conditional Access logon rules in ADFS3 and ADFS4 based on Device Authentication. We've found this to be widely applauded by end-users in MFA scenarios.

        it would be great if Azure AD authentication without federation could also support Device Authentication for Conditional Access.

        We would like to be able to create a rule that says that Azure AD Registered Devices don't need to MFA.

        110 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          23 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
        • Add IPv6 addresses/ranges in named locations

          Hi,

          we set up Named Locations in Azure ID to "avoid" risky Azure AD logins.

          I added all our IPv4 public IPs/ranges but could not enter the IPv6 IPs/ranges. I got in touch with the Azure support and they said it is not possible yet.

          As we also use IPv6 surf IPs, could you enable the feature to add IPv6 IPs/ranges as well?

          Kind regards
          André

          53 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            11 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
          • Ability to update Named Locations using PowerShell

            We have around 200 locations that use dynamic IP addresses that change frequently. We have the ability to pull the public IP addresses via REST API/PowerShell, but there is currently no way to update the Named Locations list programmatically. Without PowerShell, we are forced to manually dump the list to a CSV and upload the new file.

            We would like to have the ability to add, remove, update Named Locations and entries in the IP Ranges of a Named Location.

            49 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              5 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
            • Conditional Access blocking Office Activation and signin.

              When the Conditional Access Policy is configured with All cloud Apps option, Office activation is also blocked, although there isn´t any cloud app dedicated for Office activation exclusion. Please create one dedicated cloud app for Office activation.

              40 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                under review  ·  0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
              • Allow blocking "Sign-ins from anonymous IP addresses"

                I would like to be able to block ALL sign-ins from anonymous IP addresses.

                36 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  4 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                • to introduces priorities for Azure AD Conditional Access policies

                  Hello all,

                  can you please introduce the possibility to set priorities for Conditional Access policies.

                  In complex environments (with different CA policies for different use cases) it's very hard to create CA polices without any open doors. Therefore it would be fantastic if you can create a catch all CA policy and allow selective one service after another (like on a firewall).

                  Many Thanks

                  34 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                  • Support for 3rd party EMM solutions when requiring device compliance

                    We use Airwatch for managing mobile devices. We want to use conditional access policies to ensure the device has been marked as compliant by Airwatch before allowing access to certain applications.

                    Currently Azure AD Conditional Access Policies only supports InTune for checking device compliance as described @ https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-policy-connected-applications#trusted-devices. This should be extended to support 3rd party EMM solutions.

                    31 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      6 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                    • Set an expiration time for AAD conditional access terms of service

                      Allow for an administrator to set an expiration on the new 'terms of use' in AAD conditional access. For example, a company could set a policy that requires an end-user to accept the terms of use every 12 months. The system should automatically prompt the user when the specified time frame has passed, or block access if they do not agree again after the expiration..

                      30 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                      • Provide "Conditional Access" on a SharePoint Online Site Collection Level

                        It would be great, if any future "Conditional Access" provided for SharePoint Online could be done on a per. Site Collection Level.

                        Talk to the SharePoint Online team regarding this

                        29 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          4 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                        • Support conditional access for MyApps.microsoft.com

                          We need myapps.microsoft.com (Access Panel) to support conditional access. Currently it is a quit bad user experience when accepting an Azure B2B invite in a tenant that have implemented Azure Conditional Access that does not have the option to exclude "myapps.microsoft.com (Access Panel)"

                          @Adam Steenwyk

                          25 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            under review  ·  7 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                          • Add Microsoft Authenticator to Approved Client App

                            Currently the "Require approved client app" list of apps does not include the Microsoft Authenticator app, thus preventing adoption of cool features such as 'passwordless sign-in' which is apparently signing in as the user and therefore getting blocked.

                            21 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                            • Change tracking for Conditional Access Policies

                              Support some kind of change tracking or auditing in regards to changes made for Conditional Access Policies?

                              20 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                planned  ·  2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                              • Delete old Classic Policies that have been Disabled

                                After replacing and disabling Classic Policies migrated from Intune, you cannot remove them. The old policies are stuck there forever and cause warnings in other areas that Classic Policies exist. We should be able to remove them somehow.

                                19 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  planned  ·  2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                                • 18 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    planned  ·  3 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Ability to apply Azure Conditional Access policies to specific Windows OS versions (7, 8.1,10) for Hybrid Azure AD Joined Devices, or to spe

                                    Ability to apply Azure Conditional Access policies to specific Windows OS versions (7, 8.1,10) for Hybrid Azure AD Joined Devices, or to specific devices in a device Group. 

                                    While Azure Conditional Access policies can be currently applied to Windows for Hybrid Azure AD Joined Devices this includes all Windows operating systems.  There is no ability to apply them to specific Windows OS versions, or to target specific devices.  Having this functionality would allow for example to block Windows 7 and 8.1 devices through CA policies, or block specific devices without an approved reason to not upgrade to Win10.

                                    17 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Support comments/description for Conditional Access policies

                                      Support comments/description for Conditional Access policies

                                      16 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        under review  ·  0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Conditional Access support for ADFS CBA

                                        When federated identities are authenticated using CBA (Certificate Based Authentication) against ADFS, it would be nice to be able to have Azure AD recognize this in Azure AD Conditional Access rules and allow or deny access access to apps based on this.

                                        16 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          4 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Add the option to block only one drive and not the hole sharepoint

                                          Many large organizations that move to Office 365 have the need to block One Drive for certain users, but leave them the ability to use Sharepoint Online. After opening a support case, the responce was that it is currently not supported and the only option is to block both One Drive and Sharepoint Online.

                                          15 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            3 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 6 7
                                          • Don't see your idea?

                                          Feedback and Knowledge Base