Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure AD Identity protection - Reporting enhancement for multi tenant

    Reporting lacks any granularity for multi tenant in situations where each tenant may require their own individual notifications (e.g. CSPs).

    I would like to see granularity by organisation, e.g. UPN suffix, to be able to notify the relevant people. As with other suggestions, just adding the email/UPN by default would help break down the output.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Mark all events as "False positive"

    The report "Users flagged for risk". Today its only possible to Dismiss all events, effectively mark them as ignored. We need the ability to mark all events as “False positive” As a company in the travel industry a lot of our staff travel and sign in from a lot of new locations.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Por favor eliminar este requerimiento de verificación. Me está quitando tiempo cada vez que deseo hacer algo con mi computador.

    Por favor eliminar esta condición de verificación. Llevo trabajando años con el computador de manera tranquile, pero a partir de hoy me está pidiendo verificación para cada acción a realizar.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Failed Risky Sign-ins that are not our users

    Where a Risky Sign-in is a failed attempt by a third party to compromise one of our users, admins should have more options to indicate this to Microsoft. The user is not compromised, but those login attempts are not "safe." Another has suggested we be permitted to drop traffic from those IP addresses; other options might be to flag the IP as a potential attack vector, blacklist the IP from connecting to our tenant, or to force any connection from that IP to use MFA.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Risky exclude

    Risky sign-ins are good, when they aren't false positives caused by end users on holidays using VPN. No way of disabling risky sign-ins monitoring on them.

    This should however be possible. How awesome would it be if you could disable risky sign-ins monitoring for a time period?

    "Oh, risky sign in."
    "He's on holiday until sunday, and uses VPN"
    "Ok then, I'll disable monitoring that event type in particular for that specific user for 5 days."

    Solved.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure AD Identity Protection alerts should only send to users that are chosen.

    Currently email alerts are sent to all global admins, security admins and security readers. There is no way to remove those users from receiving alerts. Only users that are selected to be included should receive the email alerts.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow Azure AD Identity Protection alerts to be disabled.

    Currently all global administrators are alerted when user risk level is at high, but there is no way to turn off the alerts.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. In Conditional Access Policy or Azure AD Identity protection, block is based on risk level not based on risk detection. For example, I wante

    In Conditional Access Policy or Azure AD Identity protection, block is based on risk level not based on risk detection. For example, I wanted to block “Sign-ins from anonymous ip address” but wanted to allow “Sign-in from unfamiliar location”. Since most of my users travel to different places so we wanted to allow “Sign-in from unfamiliar location”. How can I achieve that using Conditional Access Policy or Azure AD Identity protection or any other method?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Respect exclusions for MFA registration vulnerability assessment

    Azure AD Identity Protection may show a medium risk vulnerability, "Users without multi-factor authentication registration", even though all in scope users are registered for MFA. The issue here is that excluded users appear to be factored into this vulnerability assessment.

    In our case, the only users not enabled for MFA are service accounts which shouldn't have MFA enabled (e.g. Azure AD Connect), and are thus explicitly excluded from our MFA registration policy in Azure AD Identity Protection.

    Apart from the warning on the Azure AD Identity Protection dashboard, this also results in getting a warning every week in our security…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Reduce False positives on risky sign-ins

    Reduce False positives on risky sign-ins like impossible to travel with office access and cell towers and unknown location that is a little then 15 mil (in same state)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. DCR - AAD legacy auth flow can’t handle the risk, handle the risk on modern flow for the legacy auth flow.

    User with Aadip politics all applies and user with risks will be automatically remediate via modern flow, with basic legacy auth flow no automatically remediation. The DCR is if a user gets a risk on basic legacy auth flow, remediate via next modern flow. Detect the risk and automatically remediate with next modern flow.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. DCR - outlook thick client re-auth on AAD risk

    When an existing access token for Outlook or Office expires, and the refresh token is submitted to the Office 365 service to request a new access token, Azure AD Conditional Access policies are re-evaluated, but Azure Identity Protection Policies are not. For example, if a user is flagged as High risk, and the high risk policy requires the user to perform a Self Service Password Reset, this is not triggered with the desktop clients. If the user is accessing the Office 365 service using a web client like Office Online or OWA, the risk state will be triggered, and the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Expand "Vulnerable" users in Azure AD Identity Protection to include users not in a CA policy to enforce MFA

    Would like to understand what users are registered for MFA, but not yet in a Conditional access policy to "enforce" MFA.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Risky user email notifications should have the option to be disabled.

    Risky user email notifications should have the option to be disabled on a user by user basis. Not all members of the Security Reader role require visibility to these notifications.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Risky user email notifications should have the option to be disabled.

    Risky user email notifications should have the option to be disabled on a user by user basis. Not all members of the Security Reader role require visibility to these notifications.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow a person with security administrator role AND user administrator role to be able to reset password for the user in the identity protec

    Allow a person with security administrator role AND user administrator role to be able to reset password for end users in the identity protection blade (after he has ealuated the risk events).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Clarification needed on Risky Sign in Documentation

    Documentation is incorrect and may lead to erroneous action

    Sign-ins from anonymous IP addresses
    This risk event type identifies users who have successfully signed in from an IP address that has been identified as an anonymous proxy IP address. These proxies are used by people who want to hide their device’s IP address, and may be used for malicious intent.

    These in reality may actually be failed, they are not all successful as the paragraph above might lend you to believe.

    https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risk-events#sign-ins-from-anonymous-ip-addresses

    REG:118100919191881

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Extend workflow capabilities for Azure AD Identity Protection

    It would be great it the "Users flagged for risk" reports/events would support extended workflow capabilities (e.g. like the action workflows in Windows Defender Security Center):


    • Ability to assign an event so that other AD admins can see if/who is taking care

    • Ability to comment on an event (e.g. during resolution or as a final closure comment)

    • History of all actions on an event including timestamps and user information of who did what

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Immediate Notification, Enforce Policies based on Risk Events and Disabling of Local AD Accounts

    1)The mitigation policies such as user risk policy, signed-in risk policy are tied to risk level instead of risk events. If the policies are enforced based on risk level, this will result in many false positive incident. It would be good to enforce policies(actions like MFA, change of password, block access) based on risk events instead.

    2)It seems that only weekly notification is available. Immediate notification not received by administrator when incidents take place. Prefer to be notified immediately when incidents detected take place.

    3)The feature to disable on-premise local AD accounts is helpful if the account is compromised. This…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add WebHooks to Azure IDP Alerts or Integration with OMS

    I would like the opportunity to integrate with Azure AD Identity Protection alerts through WebHooks called directly by AAD IDP when an alert is triggered and meets the threshold defined at /MicrosoftAADProtectionCenter/IdentitySecurityDashboardMenuBlade/Alerts/ or by integrating Operations Management Suite (OMS) with AAD IDP, perhaps as future functionality in an existing OMS Solution like Security and Audit. This functionality would allow an administrator to, for example, have alerts posted to a Slack channel via the WebHook URL of a Slack Custom Integration configuration.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base