Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Conditional Access blocking Office Activation and signin.

    When the Conditional Access Policy is configured with All cloud Apps option, Office activation is also blocked, although there isn´t any cloud app dedicated for Office activation exclusion. Please create one dedicated cloud app for Office activation.

    168 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  9 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Option to enforce authentication every time you access a SSO app (e.g. SaaS app)

    Add a option to enforce authentication every time you access a SSO app (e.g. SaaS):
    - Option could be possible per app
    - Option could be 1) re-enter password (ignore SSO) 2) guaranteed MFA prompt (ignore MFA token)

    Use case:
    Shared PCs, Personal Logins, SaaS App has sensitive payroll data, Concern: People don't log off -> anyone can walk to the PC and get into SaaS app via SSO. As of now even MFA doesn't help due to MFA token or Windows Hello strong auth. You could only play with token life-time.

    160 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    23 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Conditional Access for B2B Guest users

    For Conditional Access Policy applicable for B2B Guest Users, in Azure AD > CA Policy we do not have option for selective selection of B2B Guest users under 'Users and Group' section in CA Policy. But for Cloud Member users we have option for selective selection of users. Why we don't have same capability and functionality kept for B2B Guest for which we have for Cloud Member users in CA Policy? Also why we are saying it as Preview Mode?

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →

    We’re reviewing this item. Currently you can apply policy to specific B2B guests using the option to select users and groups. Are there users missing from that list, or is the suggestion to have a filtered list of only B2B users under the guest checkbox?

  4. Create Custom Controls for Azure AD conditional policies without offline process

    First of all thank you very much for the Custom Controls functionality for Azure AD.
    I just found through an Azure Support channel that today, you need to contact Microsoft to become a "valid" provider for custom controls.
    It would be great if you could make the registration process online and automated as I see a lot of potential for customers to want to implement their own validation logic during the authentication pipeline.

    Having to offline register with Microsoft in order to have a compatible service will make it much harder to push this feature forward.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. 8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Effective Conditional Access Policies for users and groups

    Consider adding an option within Azure Active Directory Conditional Access that allow security administrators to with whether the companies conditional access rules are applied effectively for all users and groups.


    • The solution should list all users and groups that is targeted a specific conditional access policy and also does who are not hit by the policy

    • The solution should also be able to be used for troubleshooting which policies that a user is getting applied.

    This request is also listed on the Intune Feedback uservoice: https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/19152421-effective-conditional-access-policies-for-users-an

    Related request: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/17623162-display-summary-of-conditional-access-assignments

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks.
    Some of this is now possible using the conditional access whatIf tool. It can be used to troubleshoot which policies apply to a specific user.
    The second part of the request; listing impact of a policy on all users is something we’ll consider. We’re continuing to invest in tools that help with understanding impact policies and will make sure it is easy to assess policy coverage.

  7. Conditional Access alert for blocked countires

    Generate an email alert to ADMINS if any sign-in is FAILED\SUCCESS due to Conditional Access policy.

    We do have a conditional access policy to block sign-in from specific set of countries, in case if some one tries to access from the blocked countries, we would like to get an email alert for both FAILURE and SUCCESS (As CA policy cannot be linked with Active sync, we need to Successful login from blocked countries too )

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →

    I recommend taking a look at Log Analytics and how to use them with the Azure AD sign in reports :

    https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-Active-Directory-Activity-logs-in-Azure-Log-Analytics-now/ba-p/274843

    You can use Log Analytics to send notification on detail in the sign in report, like blocked policies.

    We’ll also keep this in mind as we look at further reporting and notification improvements.

    Thanks

  8. Addition of In-Blade "New Location" for Named Locations when creating CA Policy

    When creating Conditional Access Policies, users are forced to exit the creation process and define Named Locations, the addition of the New Location button while in blade would decrease the number of steps required for those already in the creation process

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Discover Available Applications

    When creating Conditional Access rules and choosing "Cloud apps", it only displays a limited number of applications. You can search for other applications but you need to already know their name. There is no other way to get a larger list of applications or more pages.

    We need a way to discover what applications are available for us to secure.

    Having applications that we could better secure without being able to know what these applications are sounds like a big security risk.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add Microsoft Azure Signup Portal as an app

    Please add the possibility to block the app:

    Microsoft Azure Signup Portal
    8e0e8db5-b713-4e91-98e6-470fed0aa4c2

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Conditional Access 'What If' tool should not require Country

    When testing a policy that blocks sign-in by country, we want to know if the IP address we are connecting from will be blocked.

    We want to know which country Conditional Access thinks the IP address is in.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base