Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add PowerShell commands to manage "Users flagged for risk" in Azure AD

    I have quite a few users who have been tagged as "Users flagged for risk" in Azure AD. I'd like to be able to "Dismiss all events" for those users that were "Last updated" more than XX days ago. It seems I can only do this via the web GUI one user at a time. This stinks. This particular report had gone unwatched for a bit. PowerShell to the rescue please!

    99 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      27 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →

      Hi – Thanks for the suggestion. We understand this is a problem today and we are planning to bring an option to multi-select users and the “Dismiss risk” on them in the new UX. If your requirement is to dismiss risk on hundreds of users, please reach out to the CSS team and they will guide you to the right contacts.

      Rajat

    • Enhance reporting capabilities for Azure AD Identity Protection

      The portal reporting for Azure AD Identity Protection could be made much more powerful and usable by:
      1. Add ability to sort and filter on column names throughout.
      2. Resolving risk events should remove them from the display, or otherwise mark them as resolved so they can be filtered out of future searches.
      3. 'Users flagged for risk' should additionally be searchable by IP address, date, type of risk event, etc. (Currently only searchable by user.)
      4. Download should provide an option to filter by date, etc.

      14 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Add filter and sort options in "Users flagged for risk"

        The list of all users flagged for risk sorted by name is inconvenient. that page needs search options, filter options, and be able to click on the column to change the sort option.

        12 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          6 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Include Azure AD Identity Protection with Azure AD Free

          I believe Azure AD Identity Protection should be included with Azure AD Free edition.

          It comes with Azure AD Premium P2 edition and i'm checking out the features for our 20000+ users but the cost will be extremely prohibitive.

          In Free edition there are cut down reports which don't provide any real details on detected risk events. Surely it's in everyones interest to make freely available all features which allow detection, investigation and remediation of potential vulnerabilities affecting identities.

          10 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • "Sign-in Risk" Policy Control Addition?

            Add a "Disable account" control to the "Sign-in Risk" policy for the Azure Identity Protection service.

            In addition, since Azure supports password write-back to an on-premises AD, it would be great to also disable user's on-premises AD account as well.

            Currently, one of the admins has to catch an alert email from Azure Identity Protection and then take action to manually disable an account on-premises if an event happens.

            10 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • List users with MFA registration status under Identity Protection

              List users with registration status under Identity Protection.

              Currently we can only see a pie chart, which doesn't help much when performing enrollment in phases before setting the requirement for users.

              9 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                2 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Sort Risky Sign-ins by date, not first name.

                Sort Azure Risky Sign-ins by date, not first name. It isn't efficient to receive an email noting a user at risk has been detected but have to troll manually through dozens of pages to find a date that might match the event. I know I can download items to an Excel sheet and sort that way but why make extra steps?

                8 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  1 comment  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Show location for Azure AD sign-ins from IPv6 addresses

                  Please add location information to sign-ins from IPv6 addresses. Currently there is no location information associated with IPv6 so it is circumventing all the Azure AD Identity Protections you have in place.

                  7 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • The user flagged for risk receives an email from Identity Protection

                    When a new risk event is identified, the user flagged for risk receives an email from Identity Protection.
                    If the user does not recognize this event, the user can change his or her password by following the link provided in the email without going through the administrators.

                    6 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      2 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Azure AD password protection

                      Add the possibility when using the Azure AD Password Protection feature that if you would ban the word "Contoso" as a password that also varations to this word or sentinces with this word are forbidden. For example "Contoso 2018" or "Contoso is great".

                      6 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Azure Identity Protection

                        The emails that are sent when there is a new alert should contain more information than just being notified there is a new alert or risk event. The email can only be sent to global admins so there is no reason to not have detailed info in the email. Also if there is more info in the email a Global Admin can at least call, text, email the user in question as we wont always be able to gain access to the portal so if the event is real. it can be addressed over the phone. Instead of waiting to…

                        5 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          1 comment  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Azure AD Objects LifeCycle Management

                          We have a certain requirements to create Object like User accounts, Groups etc in Azure AD directly but we don't see an life cycle management like the one available for Office 365 Group.

                          We need an option to have life cycle management for the objects created in Azure AD. so that we will ensure the life cycle management option available for the objects created in On-Premise AD and Azure AD.

                          Note: Azure MSI requires a security group for SQL authentication and we don't have a option to use the On-Premise group synced to Azure AD. Only the security group created…

                          3 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • 3 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • I'm not receiving the phone call for verification, eventhough the prompt says we're calling... I have the phone in my hand. There's no call!

                              I'm not receiving the phone call for verification, eventhough the prompt says we're calling... I have the phone in my hand. There's no call! This thing is not working

                              2 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Azure Identity Protection allow alerts to go to any user instead of admins

                                When you create a new alert in Azure Identity Protection you can only choose an admin as a receiver of the alert, this is a problem when you use PIM without permanent roles.

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  1 comment  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • The 14-day grace period is not configurable

                                  Multifactor grace period is currently a non configurable 14 days grace period. make this value configurable

                                  2 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • I would also like to use a different email to verify because my phone has been damaged by water and now I am unable to sign in to my email.

                                    I would also like to use a different email to verify because my phone has been damaged by water and now I am unable to sign in to my email. This is ridiculous.

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • notes

                                      I am suggesting you add another status to the Azure events (WIP?) so InfoSec teams can better manage who is working on an event. Once resolved, it would then be removed from the open items list.

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Initial Access Code for MS authenticator

                                        Hello. SASS PASS offers gated access (three tries) to two factor codes. However the MS APP does not have this feature. This is a big issue as any one who has the phone is able to view the codes. Please add an additional security code before anybody is allowed to access the accounts protected by the authenticator.

                                        2 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • vulnerabilities

                                          Allow alerts regarding vulnerabilities to be turned on or off

                                          2 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3
                                          • Don't see your idea?

                                          Feedback and Knowledge Base