Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Drop Risky Sign-In Attempts

    Add an option for Identity Protection Risk events to drop traffic that comes from risky attempts, rather than block/lockout. For example, if someone attempts to log in with an anonymous IP address, drop the traffic but do not lock the account out. This would still prevent the access attempt, but it would also prevent the legitimate user from being locked out of their account just because someone attempted to access the account (and failed).

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Send Azure user risk notifications to the user also.

    Currently, Azure allows alert groups to be created in order to receive alerts/risk user alerts, etc. It would be nice if the user could also receive a notification that their AAD account is at risk due to suspicious activity.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Create the ability to generate email alerts for risky sign-ins by type, rather than severity

    Please, add the ability to generate email alerts for specific sign-in types (e.g. log-ins from anonymous IP addresses) to enable admins to refine their procedures based on what is deemed legitimate user behaviour.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. need to configure which users could receive Identity protection weekly digest report

    currently for identity protection alerts and weekly digest report, the notification email could only be sent to active GA/security admins. however, for customer who is using PIM without permanent roles, the target admins might not get the notification email since the role might be deactivated when the notification email is generated.

    currently for Alerts notification, we have an public review feature to configure additional email addresses, but this feature is not available for weekly digest report.

    our suggestion is to sent the alert/weekly digest report notification email to PIM admins no matter the role is active or inactive. Or adding…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Set a nofication alert when a new Users at Risk is logged

    I would like to be able to receive a notification when a new User at Risk is logged. Currently, the only way to know is to be constantly checking.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. alerts for risky logins to be sent to global admins

    configure bespoke alerts for risky logins. When an instance occurs global admins are notified

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Please extend Azure AD Identity Protection to the B2C tenant

    Please extend Azure AD Identity Protection to the B2C tenant

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. B2B User Identity Protection Status

    B2B (Guest) users should show up in the "Risky Users" report if they are being blocked from your AAD tenant. I had a case where the B2B user failed to enroll in MFA within the grace period, then failed enough of their logins that Identity Protection flagged them as "High Risk", but there is nothing to indicate that in any query or report that the tenant admin has access to view. All we could find was a message that they needed to enroll in MFA, which we reset about 10 times before support checked diagnostics on the backend and found…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Have a way to Block Search Engines from finding ADFS Identity sources (IDP) Signon Page

    Have a way to block ADFS IDP Sign-on /adfs/ls/idpinitiatedsignon.aspx from listing on search engine site, thus anyone can access the IDP site if they search for a Companies SSO Site

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Role for dismissing risk events

    Need the ability to dismiss a AADIP risk events without giving full Security Administrator. Something similar to Security Reader, but also allowed to dismiss risk events. Maybe Security Analyst or Security Operator.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. I'm not receiving the phone call for verification, eventhough the prompt says we're calling... I have the phone in my hand. There's no call!

    I'm not receiving the phone call for verification, eventhough the prompt says we're calling... I have the phone in my hand. There's no call! This thing is not working

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. The 14-day grace period is not configurable

    Multifactor grace period is currently a non configurable 14 days grace period. make this value configurable

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. notes

    I am suggesting you add another status to the Azure events (WIP?) so InfoSec teams can better manage who is working on an event. Once resolved, it would then be removed from the open items list.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. vulnerabilities

    Allow alerts regarding vulnerabilities to be turned on or off

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Enable Azure Active Directory Identity Protection integration with Service Now

    I consult for an Enterprise where Service Now is used to capture all DevOps work (tickets). I would like to see rather than an email alert from an Azure AD IP event the ability to raise a Service Now ticket

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Azure AD Identity protection - Reporting enhancement for multi tenant

    Reporting lacks any granularity for multi tenant in situations where each tenant may require their own individual notifications (e.g. CSPs).

    I would like to see granularity by organisation, e.g. UPN suffix, to be able to notify the relevant people. As with other suggestions, just adding the email/UPN by default would help break down the output.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. I NEED INTO GOOGLE NOW!!!!!!!!!!

    THIS IS THE CRAZIEST VERIFICATION BS EVER

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Keep it simple s...(KISS)!!!

    Why is it so complicated to enable MFA for my Azure portal? I've directed to read this piece of useless documentation that led me to nowhere, when the same feature is only a couple of clicks in Google or AWS?

    Not only the guide documentation is useless, the user interface is so cluttered that make it impossible to find anything, let a lone trying to follow the guide.

    If you don't believe me, take a look at how it's done in AWS.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base