Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make SPN (non-interactive) login events logged and available

    Currently in Azure AD when using SPN (non-interactive) logins via code (.Net, Powershell, etc.) for automated processes (server to server communication/API) that interact with Azure, there is no event in Azure AD logs to show that this login has occurred. Please make this exposed in the logs in the same fashion that an interactive user login is logged. This is not only beneficial for troubleshooting, but more importantly from a security, compliance, and risk audit trail standpoint.

    38 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  2. Feed Operations Manager Suite with Azure Active Directory Security logs

    It would be nice to have the Azure Active Directory Security logs in the Operations Manager Suite. To track events and display them in dashboards or just query them.

    There already is a Azure possibility to see Azure Active Directory Reports. It would be nice to have this data in OMS.

    35 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  3. Log all Service Principal activity, including logging, failed logins, password changes, etc.

    As a PCI compliant application we need to capture logs of when a Service Principal is being used. This would include failed logins, successful logins, password changes, etc. We would then like these logs to go to OMS for reporting and alerting.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  4. Ensure Sign-in log show authentication log event from client_credential authentications

    Today the Sign-In Activity log in AAD contains end-user authentication events, but does not have any log events when an application authenticate with AAD using client_credential grants. This must be logged or we are not able to trace successful or failed logon event for debugging and this is also a security concern as we can not trace and detect successful or failed logon events from unknown sources.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  5. please show "Users with Leaked Credentials" with a zero count even if there are none detected

    in the azure active directory risk events section please show "Users with Leaked Credentials" with a zero count even if there are none detected.
    It would be ideal to set up a mail alert with this alert as well.

    The logic would be:
    if this alert shows up then we know it is working. if it doesnt show up then there is a problem with setup

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add some more fields to the App Registration

    When adding an app to the app registration there should be additional fields to capture metadata about the app like a description and some other fields. Or If you could implement the Tags features around the App Registration that would work as well.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  7. Audit log

    Extend the audit logs to allow for retention for more than 30 days to 90 days.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. To provide a list of the applications the users have consented to access their data.

    We are unable to determine the list of the applications the users have consented to access their data.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  9. Time in downloaded report Sign ins after multiple failures

    The date and time is displayed properly (shows user time) in Sign ins after multiple failures report when displayed on the webpage. However, when the report is downloaded the time is in UTC format ... it would be helpful if downloaded report could display user time as set in settings.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. Reporting of IP addresses blocked by Smart Lockout

    It would be beneficial if an admin could have insight into what IP addresses are being blocked by Smart Lockout. If a user is experiencing connectivity issues it would be nice to be able to query a report for their IP address to validate that Smart Lockout is not denying them access.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  11. Anomalous Activity Reports from old portal not in new?

    The old Azure Portal has a group of Anomalous Activity reports. We have found these very useful in finding compromised accounts.

    In fact, last month we had a user show up with a login from Nigeria in the "Sign ins from multiple geographies" report. We immediately changed their password, and found that the account was being used to send out spam at the same moment we were disabling it.

    Without that report, more spam would have gone out and we wouldn't know until much later.

    That same user never showed up under "Risky sign-ins" or "Users flagged for risk" in…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  12. weely reports

    I would like weekly Sign-In reports sent to my email
    so I can see when OneDrive is broken or if we are getting hit with “KnockKnock” attack

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  13. Resolve Issues with the Script for the Sign-in Activity Report

    Currently when you download and run the PowerShell Script for the Sign-in Activity Report, you get flawed results in the output:

    1) The Success/Failure entries for the 'Status' column are nowhere to be found in the downloaded file.

    2) The downloaded report does have a ‘Status' column but the column is broken and instead has incorrectly formatted data for ‘Error Code, Failure Reason, and Additional Details’.

    3) The Location column is broken as it contains header information, City, State, Country, CountryOrRegion and GeoCoordinates all in one column instead of breaking them out to different columns.

    I confirmed with Microsoft that…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  14. Include actor IP address and Useragent in activity logs for security investigation

    AAD Activity logs currently don't contain basic information like the IP address and Useragent of the actor in activity logs. This information is very critical for security investigations

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  15. Provide more detail in audit logs

    It would be good if some of the AzureAD audit log Activity categories had more detail, eg "Set Company Information" - that's all that is logged for this activity, with no detail into what property was changed.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  16. Audit logs for azure ad policies

    assigning Azure AD policy to service principal and application registration should be consistant from the audit log entry perspective. There are different type of policies and by info from Microsoft at the some point they should be assigned to Service principals i.e. HDR and as they are assigned they create the entry into Audit log (there is different issue as those entries are generic and will not tell you what change was done on service pricinpal). On the other hand for SAML1.1 type of policy, we were notified to assign the policy to App registration, and this activity is not…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  17. Sign-in Logs when users sign out

    I want to get an Azure AD sign-in logs when users sign out.
    At least when users access a sign-out endpoint, it should be recorded/logged in an Azure AD sign-in logs.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provide reporting around Passwordless Phone sign in

    Reporting/management on Passwordless phone sign in including who its available to, who has enabled it, frequency of use, and management options to administratively enroll/unenroll users from it.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  19. Sign-in verification - give customers a warning prior to locking them out of their account.

    May I suggest that your O365 sign-in process gives customers a warning prior to locking them out of their account. I was locked out because I had changed my mobile number.
    This was then a very simple issue made hard by the process Microsoft has adopted. Several days went by before I managed to get my access reset, not good several days and Microsoft locked me out of my email.
    Warning to others - DO NOT USE for your email if you need to use the Microsoft sign-in process.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  20. Display DEPARTMENT in Sign-ins Report and Filtering capability

    We need to be able to filter the Sign-In Activity Reports/Logs by the DEPARTMENT field. We are currently utilizing the DEPARTMENT field in a User's Profile in Azure AD to identify the user's organization and today, there is no way to filter those Activity logs using that field.

    Would be great to have the DEPARTMENT as one of the fields that is displayed in the report. Having a built-in filter for DEPARTMENT in the Portal would be even better.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base