Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
-
Add PowerShell commands to manage "Users flagged for risk" in Azure AD
I have quite a few users who have been tagged as "Users flagged for risk" in Azure AD. I'd like to be able to "Dismiss all events" for those users that were "Last updated" more than XX days ago. It seems I can only do this via the web GUI one user at a time. This stinks. This particular report had gone unwatched for a bit. PowerShell to the rescue please!
107 votesHi – Thanks for the suggestion. We understand this is a problem today and we are planning to bring an option to multi-select users and the “Dismiss risk” on them in the new UX. If your requirement is to dismiss risk on hundreds of users, please reach out to the CSS team and they will guide you to the right contacts.
Rajat
-
Enhance reporting capabilities for Azure AD Identity Protection
The portal reporting for Azure AD Identity Protection could be made much more powerful and usable by:
1. Add ability to sort and filter on column names throughout.
2. Resolving risk events should remove them from the display, or otherwise mark them as resolved so they can be filtered out of future searches.
3. 'Users flagged for risk' should additionally be searchable by IP address, date, type of risk event, etc. (Currently only searchable by user.)
4. Download should provide an option to filter by date, etc.15 votesWe’re working on updates to the Identity Protection UX that have many of these features included. Stay tuned!
-
Add filter and sort options in "Users flagged for risk"
The list of all users flagged for risk sorted by name is inconvenient. that page needs search options, filter options, and be able to click on the column to change the sort option.
14 votes -
Show location for Azure AD sign-ins from IPv6 addresses
Please add location information to sign-ins from IPv6 addresses. Currently there is no location information associated with IPv6 so it is circumventing all the Azure AD Identity Protections you have in place.
12 votes -
List users with MFA registration status under Identity Protection
List users with registration status under Identity Protection.
Currently we can only see a pie chart, which doesn't help much when performing enrollment in phases before setting the requirement for users.
11 votes -
Include Azure AD Identity Protection with Azure AD Free
I believe Azure AD Identity Protection should be included with Azure AD Free edition.
It comes with Azure AD Premium P2 edition and i'm checking out the features for our 20000+ users but the cost will be extremely prohibitive.
In Free edition there are cut down reports which don't provide any real details on detected risk events. Surely it's in everyones interest to make freely available all features which allow detection, investigation and remediation of potential vulnerabilities affecting identities.
10 votes -
"Sign-in Risk" Policy Control Addition?
Add a "Disable account" control to the "Sign-in Risk" policy for the Azure Identity Protection service.
In addition, since Azure supports password write-back to an on-premises AD, it would be great to also disable user's on-premises AD account as well.
Currently, one of the admins has to catch an alert email from Azure Identity Protection and then take action to manually disable an account on-premises if an event happens.
10 votes -
Sort Risky Sign-ins by date, not first name.
Sort Azure Risky Sign-ins by date, not first name. It isn't efficient to receive an email noting a user at risk has been detected but have to troll manually through dozens of pages to find a date that might match the event. I know I can download items to an Excel sheet and sort that way but why make extra steps?
8 votes -
The user flagged for risk receives an email from Identity Protection
When a new risk event is identified, the user flagged for risk receives an email from Identity Protection.
If the user does not recognize this event, the user can change his or her password by following the link provided in the email without going through the administrators.7 votes -
Azure AD password protection
Add the possibility when using the Azure AD Password Protection feature that if you would ban the word "Contoso" as a password that also varations to this word or sentinces with this word are forbidden. For example "Contoso 2018" or "Contoso is great".
6 votes -
Azure Identity Protection
The emails that are sent when there is a new alert should contain more information than just being notified there is a new alert or risk event. The email can only be sent to global admins so there is no reason to not have detailed info in the email. Also if there is more info in the email a Global Admin can at least call, text, email the user in question as we wont always be able to gain access to the portal so if the event is real. it can be addressed over the phone. Instead of waiting to…
6 votes -
4 votes
-
Marking a risky sign in as "Confirmed Safe" in the ID protection blade should factor in to the algorithm for future sign ins
In the risky sign ins report or risky users report in AD Identity Protection you can mark a risky sign in as "confirmed safe." However this does not allow future sign ins from this IP. If an administrator confirms that the sign in is not risky, future sign ins for this user from this location should not be considered risky.
3 votes -
I would also like to use a different email to verify because my phone has been damaged by water and now I am unable to sign in to my email.
I would also like to use a different email to verify because my phone has been damaged by water and now I am unable to sign in to my email. This is ridiculous.
3 votes -
Azure AD Objects LifeCycle Management
We have a certain requirements to create Object like User accounts, Groups etc in Azure AD directly but we don't see an life cycle management like the one available for Office 365 Group.
We need an option to have life cycle management for the objects created in Azure AD. so that we will ensure the life cycle management option available for the objects created in On-Premise AD and Azure AD.
Note: Azure MSI requires a security group for SQL authentication and we don't have a option to use the On-Premise group synced to Azure AD. Only the security group created…
3 votes -
B2B User Identity Protection Status
B2B (Guest) users should show up in the "Risky Users" report if they are being blocked from your AAD tenant. I had a case where the B2B user failed to enroll in MFA within the grace period, then failed enough of their logins that Identity Protection flagged them as "High Risk", but there is nothing to indicate that in any query or report that the tenant admin has access to view. All we could find was a message that they needed to enroll in MFA, which we reset about 10 times before support checked diagnostics on the backend and found…
2 votes -
Role for dismissing risk events
Need the ability to dismiss a AADIP risk events without giving full Security Administrator. Something similar to Security Reader, but also allowed to dismiss risk events. Maybe Security Analyst or Security Operator.
2 votes -
I'm not receiving the phone call for verification, eventhough the prompt says we're calling... I have the phone in my hand. There's no call!
I'm not receiving the phone call for verification, eventhough the prompt says we're calling... I have the phone in my hand. There's no call! This thing is not working
2 votes -
Azure Identity Protection allow alerts to go to any user instead of admins
When you create a new alert in Azure Identity Protection you can only choose an admin as a receiver of the alert, this is a problem when you use PIM without permanent roles.
2 votes -
The 14-day grace period is not configurable
Multifactor grace period is currently a non configurable 14 days grace period. make this value configurable
2 votes
- Don't see your idea?