Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

We have a new log in experience integrated with Azure AD, and we strongly recommend you log in with your Azure AD (Office 365) account. If your UserVoice account is the same email address as your Azure AD account, your previous activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Feed Operations Manager Suite with Azure Active Directory Security logs

    It would be nice to have the Azure Active Directory Security logs in the Operations Manager Suite. To track events and display them in dashboards or just query them.

    There already is a Azure possibility to see Azure Active Directory Reports. It would be nice to have this data in OMS.

    33 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      4 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    • Make SPN (non-interactive) login events logged and available

      Currently in Azure AD when using SPN (non-interactive) logins via code (.Net, Powershell, etc.) for automated processes (server to server communication/API) that interact with Azure, there is no event in Azure AD logs to show that this login has occurred. Please make this exposed in the logs in the same fashion that an interactive user login is logged. This is not only beneficial for troubleshooting, but more importantly from a security, compliance, and risk audit trail standpoint.

      29 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        7 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
      • Log all Service Principal activity, including logging, failed logins, password changes, etc.

        As a PCI compliant application we need to capture logs of when a Service Principal is being used. This would include failed logins, successful logins, password changes, etc. We would then like these logs to go to OMS for reporting and alerting.

        16 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          4 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
        • Ensure Sign-in log show authentication log event from client_credential authentications

          Today the Sign-In Activity log in AAD contains end-user authentication events, but does not have any log events when an application authenticate with AAD using client_credential grants. This must be logged or we are not able to trace successful or failed logon event for debugging and this is also a security concern as we can not trace and detect successful or failed logon events from unknown sources.

          10 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
          • please show "Users with Leaked Credentials" with a zero count even if there are none detected

            in the azure active directory risk events section please show "Users with Leaked Credentials" with a zero count even if there are none detected.
            It would be ideal to set up a mail alert with this alert as well.

            The logic would be:
            if this alert shows up then we know it is working. if it doesnt show up then there is a problem with setup

            8 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
            • Audit log

              Extend the audit logs to allow for retention for more than 30 days to 90 days.

              5 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
              • To provide a list of the applications the users have consented to access their data.

                We are unable to determine the list of the applications the users have consented to access their data.

                5 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                • Time in downloaded report Sign ins after multiple failures

                  The date and time is displayed properly (shows user time) in Sign ins after multiple failures report when displayed on the webpage. However, when the report is downloaded the time is in UTC format ... it would be helpful if downloaded report could display user time as set in settings.

                  5 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    3 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                  • Anomalous Activity Reports from old portal not in new?

                    The old Azure Portal has a group of Anomalous Activity reports. We have found these very useful in finding compromised accounts.

                    In fact, last month we had a user show up with a login from Nigeria in the "Sign ins from multiple geographies" report. We immediately changed their password, and found that the account was being used to send out spam at the same moment we were disabling it.

                    Without that report, more spam would have gone out and we wouldn't know until much later.

                    That same user never showed up under "Risky sign-ins" or "Users flagged for risk" in…

                    4 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                    • weely reports

                      I would like weekly Sign-In reports sent to my email
                      so I can see when OneDrive is broken or if we are getting hit with “KnockKnock” attack

                      4 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                      • Add some more fields to the App Registration

                        When adding an app to the app registration there should be additional fields to capture metadata about the app like a description and some other fields. Or If you could implement the Tags features around the App Registration that would work as well.

                        4 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                        • Resolve Issues with the Script for the Sign-in Activity Report

                          Currently when you download and run the PowerShell Script for the Sign-in Activity Report, you get flawed results in the output:

                          1) The Success/Failure entries for the 'Status' column are nowhere to be found in the downloaded file.

                          2) The downloaded report does have a ‘Status' column but the column is broken and instead has incorrectly formatted data for ‘Error Code, Failure Reason, and Additional Details’.

                          3) The Location column is broken as it contains header information, City, State, Country, CountryOrRegion and GeoCoordinates all in one column instead of breaking them out to different columns.

                          I confirmed with Microsoft that…

                          3 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                          • Provide more detail in audit logs

                            It would be good if some of the AzureAD audit log Activity categories had more detail, eg "Set Company Information" - that's all that is logged for this activity, with no detail into what property was changed.

                            3 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                            • Audit logs for azure ad policies

                              assigning Azure AD policy to service principal and application registration should be consistant from the audit log entry perspective. There are different type of policies and by info from Microsoft at the some point they should be assigned to Service principals i.e. HDR and as they are assigned they create the entry into Audit log (there is different issue as those entries are generic and will not tell you what change was done on service pricinpal). On the other hand for SAML1.1 type of policy, we were notified to assign the policy to App registration, and this activity is not…

                              3 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                              • Include actor IP address and Useragent in activity logs for security investigation

                                AAD Activity logs currently don't contain basic information like the IP address and Useragent of the actor in activity logs. This information is very critical for security investigations

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                • Sign-in verification - give customers a warning prior to locking them out of their account.

                                  May I suggest that your O365 sign-in process gives customers a warning prior to locking them out of their account. I was locked out because I had changed my mobile number.
                                  This was then a very simple issue made hard by the process Microsoft has adopted. Several days went by before I managed to get my access reset, not good several days and Microsoft locked me out of my email.
                                  Warning to others - DO NOT USE for your email if you need to use the Microsoft sign-in process.

                                  2 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Display DEPARTMENT in Sign-ins Report and Filtering capability

                                    We need to be able to filter the Sign-In Activity Reports/Logs by the DEPARTMENT field. We are currently utilizing the DEPARTMENT field in a User's Profile in Azure AD to identify the user's organization and today, there is no way to filter those Activity logs using that field.

                                    Would be great to have the DEPARTMENT as one of the fields that is displayed in the report. Having a built-in filter for DEPARTMENT in the Portal would be even better.

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                    • 2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Alerting to non-admin mailboxes

                                        Current alerts of Azure AD can only be send to Tenant administrators. As it is a good security practice not to use your administrative credentials in a production environment it is not wise to use a mailbox either. So the request is to enable other email contacts that are not tenant administrators, or even distribution groups.

                                        This means that employees that are involved in the security process can not really receive emails, without having one tentant administrator having forwarders on a mailbox (= also bad practice to have forwarders)

                                        Why using the workarounds cannot be used (use an admin account…

                                        2 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Quicken Customer Service Number to Need Accounts Help 1-844-748-2888

                                          This security answer has to be supplied whenever you want to recover your password in future. That is why you should never forget it and keep it fresh in your mind. To learn more get in touch with road runner customer service by dialing the Quicken Technical Support Phone Number. You can learn from them how can create a security question and a security answer which is easier to remember and use whenever you require.
                                          More Info :-
                                          http://www.contactsupportservice.com/quicken-technical-support.php

                                          2 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3
                                          • Don't see your idea?

                                          Feedback and Knowledge Base