Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. DCR - outlook thick client re-auth on AAD risk

    When an existing access token for Outlook or Office expires, and the refresh token is submitted to the Office 365 service to request a new access token, Azure AD Conditional Access policies are re-evaluated, but Azure Identity Protection Policies are not. For example, if a user is flagged as High risk, and the high risk policy requires the user to perform a Self Service Password Reset, this is not triggered with the desktop clients. If the user is accessing the Office 365 service using a web client like Office Online or OWA, the risk state will be triggered, and the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Need option to ignore or resolve-all in Identity Protection risk types

    In universities/academic sector thousands of students are flagged for "Sign-ins from unfamiliar locations" by Identity Protection.
    Need an option to ignore certain risk type totally, or option to resolve all issues relating to that.
    We cannot resolve thousand issues one-by-one.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Create seperate sign in risk policies for medium and high risk events

    Would like to be able to create a seperate sign-in risk policy for medium and high risk events, medium policy would enforce MFA but let user continue working, high risk policy would block user access and preferably intiate sign out of all existing logins/tokens as this is a confirmed breech/exposure of credentials.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Identity risk Graph

    Allow methods for dismissing identity protection risk events from Graph.
    Currently it seems that you can get them, but that's about it.
    Being able to close them as well allows for meaningful automation.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Is Pod Identity still in development phase

    I can see that azure pod identity is in the development phase. whereas there is one page listing out best practices saying that we should use pod identity. I am a bit confused by these two statements.
    Looking for help if I can use pod identity in the Production environment.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. User Risk

    Make the User Risk condition within Conditional Access Policies more granular. For example it would be great, if I can configure a different Conditional Access Policy for a case of Leaked Credentials then for a user that signs in from multiple unusual locations while travelling.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Identify Anonymising VPN Services in risks/alerts differently

    We are seeing an increase of traffic from Anonymising VPN services from our end user base for publicly accessible applications that is generating a lot of alerts.

    Some of their are IP Addresses are listed, obviously given how they work, some of them won't be. but for the ones that are, this should display or alert differently than just the A-typical location alerts. Or at the least identify that it might be Anonymising VPN traffic in the alert.

    This may not be the easiest of tasks, but given the Anonymising VPN market growth and usage, it should be considered.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. how to find Identity Protection page.

    I have got email and instructions to enable this feature but cannot find Identity Protection page.
    how to find to enable?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. When I call the voice is in Spanish from Spain and askes to hit a key on my cell phone that I do no understand. Is she saying hit the yellow

    I am trying to change my password. When I call the voice is in Spanish from Spain *I live in Colombia( and askes to hit a key on my cell phone that I do no understand. Is she saying hit the yellow key? la teclada amarrilla? If so, which one is that?

    And then it does not give time to even hit keys.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure Identity Protection Alerts progamability

    Enable us to send Azure Identity Protection alerts to an external entity such as our SIEM. At the very least expose these alerts via powershell, bonus points if you allow us to send them through an EventHub similar to AzureAD Logs.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Expand "Vulnerable" users in Azure AD Identity Protection to include users not in a CA policy to enforce MFA

    Would like to understand what users are registered for MFA, but not yet in a Conditional access policy to "enforce" MFA.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Never used Azure yet? Still trying to get HP Laptop to work PROPERLY! After a Month I think I might have to Install and or Update Drivers.

    Never used Azure yet? Still trying to get HP Laptop to work PROPERLY! After a Month I think I might have to Install and or Update Drivers, I think & hope. Spent Hundreds of Hours trying to get this POS to work right!
    Barry

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow a person with security administrator role AND user administrator role to be able to reset password for the user in the identity protec

    Allow a person with security administrator role AND user administrator role to be able to reset password for end users in the identity protection blade (after he has ealuated the risk events).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Unbind info

    Need to proved clear instructions for those
    using macs who are bound to Microsoft without
    their consent or permission.
    We are not employees, we are losing business.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Improving documentation for "Add sign-in with Microsoft to an ASP.NET web app"

    On the page "Add sign-in with Microsoft to an ASP.NET web app
    " which is currently hosted here as of the post date: https://docs.microsoft.com/en-ca/azure/active-directory/develop/tutorial-v2-asp-webapp, the "Option 2: Restrict access to your application to users in a specific list of organizations
    " does not give an example of how to set the ValidateIssuers parameter. For newbies, I think this would be less frustrating.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Clarification needed on Risky Sign in Documentation

    Documentation is incorrect and may lead to erroneous action

    Sign-ins from anonymous IP addresses
    This risk event type identifies users who have successfully signed in from an IP address that has been identified as an anonymous proxy IP address. These proxies are used by people who want to hide their device’s IP address, and may be used for malicious intent.

    These in reality may actually be failed, they are not all successful as the paragraph above might lend you to believe.

    https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risk-events#sign-ins-from-anonymous-ip-addresses

    REG:118100919191881

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Can I get IOS on this phone ne

    What I would like to see in all email address programs is on toolbar a save to gallery or library of family tree folder so you can transfer any photos or documents strait away instead of saving g it to email files and also the server set up password instead of user this would make passwords more secure.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base