Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. banned password message azure ad password protection

    Add GPO or client to Windows Client for Azure AD Password protection to display the corporate password policy on login when the user's change password and it's banned. Give users on prem what they can and cannot use as feedback if they put a bad one in.

    47 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Show location for Azure AD sign-ins from IPv6 addresses

    Please add location information to sign-ins from IPv6 addresses. Currently there is no location information associated with IPv6 so it is circumventing all the Azure AD Identity Protections you have in place.

    35 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for your feedback, folks. We have been working towards resolving the locations for IPv6 logins. Currently, a subset of such logins are getting resolved for location and the % will gradually go up. Are you seeing some of your IPv6 logins with resolved location?

  3. Enhance reporting capabilities for Azure AD Identity Protection

    The portal reporting for Azure AD Identity Protection could be made much more powerful and usable by:
    1. Add ability to sort and filter on column names throughout.
    2. Resolving risk events should remove them from the display, or otherwise mark them as resolved so they can be filtered out of future searches.
    3. 'Users flagged for risk' should additionally be searchable by IP address, date, type of risk event, etc. (Currently only searchable by user.)
    4. Download should provide an option to filter by date, etc.

    20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. "Sign-in Risk" Policy Control Addition?

    Add a "Disable account" control to the "Sign-in Risk" policy for the Azure Identity Protection service.

    In addition, since Azure supports password write-back to an on-premises AD, it would be great to also disable user's on-premises AD account as well.

    Currently, one of the admins has to catch an alert email from Azure Identity Protection and then take action to manually disable an account on-premises if an event happens.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. List users with MFA registration status under Identity Protection

    List users with registration status under Identity Protection.

    Currently we can only see a pie chart, which doesn't help much when performing enrollment in phases before setting the requirement for users.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Marking a risky sign in as "Confirmed Safe" in the ID protection blade should factor in to the algorithm for future sign ins

    In the risky sign ins report or risky users report in AD Identity Protection you can mark a risky sign in as "confirmed safe." However this does not allow future sign ins from this IP. If an administrator confirms that the sign in is not risky, future sign ins for this user from this location should not be considered risky.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback. We are reviewing options for integrating feedback provided by confirm safe/compromised. In the interim, if you want to mark specific IPs as safe for Identity Protection in your tenant, you can do so my marking them as trusted locations. More information is available here (make sure to check the “mark as trusted location” checkbox): https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/quickstart-configure-named-locations

  7. B2B User Identity Protection Status

    B2B (Guest) users should show up in the "Risky Users" report if they are being blocked from your AAD tenant. I had a case where the B2B user failed to enroll in MFA within the grace period, then failed enough of their logins that Identity Protection flagged them as "High Risk", but there is nothing to indicate that in any query or report that the tenant admin has access to view. All we could find was a message that they needed to enroll in MFA, which we reset about 10 times before support checked diagnostics on the backend and found…

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Enhanced Reporting for Azure AD Password Protection

    We are running Azure AD Password Protection on-premise mode. The PowerShell summary report is ok, but only works for admins. It would be better to have a report available in the Azure Portal for management to review easily. The report could allow us to see the same summary stats that exist in the PowerShell report.

    Also, Individual event data is only available in the Windows Event Viewer where the user attempted to change their password. We have no way to centrally search for an event by user without checking all our DCs. In addition, the helpdesk have no privileges to…

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. The user flagged for risk receives an email from Identity Protection

    When a new risk event is identified, the user flagged for risk receives an email from Identity Protection.
    If the user does not recognize this event, the user can change his or her password by following the link provided in the email without going through the administrators.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure Identity Protection allow alerts to go to any user instead of admins

    When you create a new alert in Azure Identity Protection you can only choose an admin as a receiver of the alert, this is a problem when you use PIM without permanent roles.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure AD password protection

    Add the possibility when using the Azure AD Password Protection feature that if you would ban the word "Contoso" as a password that also varations to this word or sentinces with this word are forbidden. For example "Contoso 2018" or "Contoso is great".

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Azure Identity Protection

    The emails that are sent when there is a new alert should contain more information than just being notified there is a new alert or risk event. The email can only be sent to global admins so there is no reason to not have detailed info in the email. Also if there is more info in the email a Global Admin can at least call, text, email the user in question as we wont always be able to gain access to the portal so if the event is real. it can be addressed over the phone. Instead of waiting to…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow risk reevalueation for guest users

    Currently resource tenants with an User Risk Policy in place, will face the problem that guest users with a risk, that doesn't meet the risk policy will get blocked from accessing the resource tenant. As the risk for guest user can neither be seen nor changed, the only way to allow access to resources is to exclude them from the policy. It would be beneficial for admins of resource tenants to be able reevaluate the risk for guest users on their tenant, instead of letting them bypass and ignoring all future risk events for the user.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure AD password protection - Show suggestions

    Along with leveraging fuzzy match and machine learning to stop users from keeping easy-to-guess passwords, it will be great to show some password suggestions when a banned password is entered.

    This will improve user experience and help make organisation more secure.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Drop Risky Sign-In Attempts

    Add an option for Identity Protection Risk events to drop traffic that comes from risky attempts, rather than block/lockout. For example, if someone attempts to log in with an anonymous IP address, drop the traffic but do not lock the account out. This would still prevent the access attempt, but it would also prevent the legitimate user from being locked out of their account just because someone attempted to access the account (and failed).

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Risky user email notification is confusing

    Risky user email notification is confusing.
    When a user click the link on an email, he/she goes to "Risky users (Preview)" page. However this page is confusing. Especially, sometimes it says "No risky sign-ins found" on "Resent risky sign-ins" tab. The link should navigate users to "Azure AD Identity Protection" page, which is intuitive and easier to understand.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Notify end-users when an risky sign-in (e.g. sign-in from an anonymous IP address) event is created

    Can a feature be added to notify end-users by email when Azure AD detects a risky sign-in event (e.g. sign-in from an anonymous IP address) on their account, so they're able to take immediate action if their account is compromised?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Ability to export Risky Sign in policies programmatically

    We need a way to export/consult Risky sign in policies.

    In general, a feature should be released with its associated API to allow Microsoft customers to perform automation.

    Support case 119070422001895 confirmed this was not possible.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add check box option to exclude guest users from enrolling for MFA in Azure AD Identity Protection

    We want the option to exclude guest users from MFA.
    There is a check box option in Conditional Access to exclude Guest users from a policy, but not in MFA registration within Azure AD Identity Protection. Therefore guest users are still prompted to enroll for MFA (but excluded from MFA actions). As a workaround we have to create a group (i.e. 'All users'), add all AD users in to that group, and choose to include that group only for MFA registration.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. I would also like to use a different email to verify because my phone has been damaged by water and now I am unable to sign in to my email.

    I would also like to use a different email to verify because my phone has been damaged by water and now I am unable to sign in to my email. This is ridiculous.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base