Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make SPN (non-interactive) login events logged and available

    Currently in Azure AD when using SPN (non-interactive) logins via code (.Net, Powershell, etc.) for automated processes (server to server communication/API) that interact with Azure, there is no event in Azure AD logs to show that this login has occurred. Please make this exposed in the logs in the same fashion that an interactive user login is logged. This is not only beneficial for troubleshooting, but more importantly from a security, compliance, and risk audit trail standpoint.

    159 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    21 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  Azure AD Team responded

    We are working on this but we don’t have a public ETA to share at this time. We will keep you updated as we get closer.

  2. please show "Users with Leaked Credentials" with a zero count even if there are none detected

    in the azure active directory risk events section please show "Users with Leaked Credentials" with a zero count even if there are none detected.
    It would be ideal to set up a mail alert with this alert as well.

    The logic would be:
    if this alert shows up then we know it is working. if it doesnt show up then there is a problem with setup

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  3. Fix signin resulttype 50053

    In your documentation you say that signing error ID 50053 is "Account is locked because the user tried to sign in too many times with an incorrect user ID or password." however, when i search for this error using loganalytics i also get the description "Sign-in was blocked because it came from an IP address with malicious activity."

    Can this be fixed?

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  4. Provide more detail in audit logs

    It would be good if some of the AzureAD audit log Activity categories had more detail, eg "Set Company Information" - that's all that is logged for this activity, with no detail into what property was changed.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add the ability to filter with an "Equals" or "Does Not Equal" operator in the Sign-in activity reports in the Azure Active Directory portal

    Currently, the filters for the Azure Active Directory "Sign-Ins" log only allows for filtering with values that equal the input. It would be beneficial to have the option to have the "does not equal" operator for this filtering so that the user could also filter out values that commonly occur in the log. Example: filter would be "Client app" DOES NOT EQUAL "Browser" ... or "Operating System" DOES NOT EQUAL "Windows 10" ... or "Location" DOES NOT EQUAL "US".

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  6. Adhere to ISO27001 compliance obligations for Office365

    Per https://servicetrust.microsoft.com , Microsoft's cloud services including Exchange Online adhere to ISO27001 and have been audited against ISO27001.
    However, I have been informed that there is no log generated when an end-user or customer signs-out of their account: 'Customer is asking for a new feature, sign-out logs, that today is not supported.'

    Specifically, ISO27001 states in section 12:

    ISO 27001 – A.12.4 – Logging and Monitoring

    Objective: To record events and generate evidence.

    Control 12.4.1 A.12.4.1 Event logging – Event logs recording user activities, exceptions, faults, and information security events shall be produced, kept and regularly reviewed.

    I contend that…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  7. Audit log

    Extend the audit logs to allow for retention for more than 30 days to 90 days.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. Reporting of IP addresses blocked by Smart Lockout

    It would be beneficial if an admin could have insight into what IP addresses are being blocked by Smart Lockout. If a user is experiencing connectivity issues it would be nice to be able to query a report for their IP address to validate that Smart Lockout is not denying them access.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  9. Provide reporting around Passwordless Phone sign in

    Reporting/management on Passwordless phone sign in including who its available to, who has enabled it, frequency of use, and management options to administratively enroll/unenroll users from it.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. Audit logs for azure ad policies

    assigning Azure AD policy to service principal and application registration should be consistant from the audit log entry perspective. There are different type of policies and by info from Microsoft at the some point they should be assigned to Service principals i.e. HDR and as they are assigned they create the entry into Audit log (there is different issue as those entries are generic and will not tell you what change was done on service pricinpal). On the other hand for SAML1.1 type of policy, we were notified to assign the policy to App registration, and this activity is not…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  11. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add ability to filter out more than just startswith in Password Reset - Usage & Insights

    We have service account and accounts sourced from other sources that show up in Azure AD. We'd like to be able to see what accounts tied to just our permanent people have not registered for SSPR. Currently, you can only filter Name in the reporting with a StartsWith search. Please add the ability to filter by wildcards or EndsWith or even regular expressions.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  13. Display DEPARTMENT in Sign-ins Report and Filtering capability

    We need to be able to filter the Sign-In Activity Reports/Logs by the DEPARTMENT field. We are currently utilizing the DEPARTMENT field in a User's Profile in Azure AD to identify the user's organization and today, there is no way to filter those Activity logs using that field.

    Would be great to have the DEPARTMENT as one of the fields that is displayed in the report. Having a built-in filter for DEPARTMENT in the Portal would be even better.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  14. Alerting to non-admin mailboxes

    Current alerts of Azure AD can only be send to Tenant administrators. As it is a good security practice not to use your administrative credentials in a production environment it is not wise to use a mailbox either. So the request is to enable other email contacts that are not tenant administrators, or even distribution groups.

    This means that employees that are involved in the security process can not really receive emails, without having one tentant administrator having forwarders on a mailbox (= also bad practice to have forwarders)

    Why using the workarounds cannot be used (use an admin account…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  15. Bring back "Sign-ins after multiple failures" report OR createa new policy to alert users/admins of when an account has been compromised.

    I have too many users whom accounts are getting targeted from foreign IP address. For example, no part of our business operates in China thus I know all attempts to access a users account from this region are malicious attacks. I can see when attempts are being made on an account, but I cannot see when a successful attack has been made.

    It would be fantastic to create a policy that will send out an email after x failed attempts within y minutes and 1 successful login.

    I believe you could previously view "Sign-ins after multiple failures" in Classic Azure,…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  16. Insights - Authentication methods registration details should Show Default Method

    The preview report 'Insights - Authentication methods registration details
    ' is great but would be very useful if it showed the default MFA method registered also.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  17. Sign Out report

    Azure Active Directory admin centre > Users > Sign-ins report is useful
    But having the same for Sign-outs would be great
    Having a 3rd that tallys the hours signed in per day would be better

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  18. Reports for Risky Detections - Would like to see the selected Columns keep your settings or items selected each time.

    Reports for Risky Detections - Would like to see the selected Columns keep your settings or items selected each time. Every time I go back to the reports, I have to re-select each column item I want to see.

    For Example: Risk Level default is set to None. I have to pick High, Medium or Low each time I look at the report.

    Detection Type default is set to None Selected. I would like it to keep what I have set each time.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  19. Sign-In Logs - Record Client's Private IP if X-Forwarded-For header is present

    Due to security reason, we need to capture the private IP information when intranet user is accessing cloud resource.

    Our device can support X-Forwarded-For header so private IP information can be sent out via this header.

    Please consider to add the private IP information in Sign-in reports.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  20. Warn when exceeding max export size of sign-in log

    When downloading the results of the Azure AD sign-in log to CSV, if the number of entries exceeds the maximum 5000 entries that can be exported in at any one time, the export is silenty truncated to 5000 entries with no warning to the user.

    Bearing in mind sign-in logs may be exported for security-related analysis or auditing, it's important that the user is made aware that the generated export is incomplete.

    I'm reporting this for the sign-in activity log as this is where I noticed the issue, but it may well apply to other exports within the Azure Portal.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base