Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow Custom Resources to be Deleted from MIM Service

    In the MIM Portal you can currently create Custom Resources. However, once you create an object for this Custom Resource, it can not be deleted.

    The ability to delete legacy custom resources would help to improve support of solutions, by avoiding confusion about legacy resources that are no longer used.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add a way to change the MIM sync DB name to a custom name

    When you install MIM Sync you can not specify a different / custom name for the Sync DB.

    It would be great to change the name of the MIM Sync DB:
    * for new installations and
    * for existing installations.

    In this case you can host more then one MIM Sync DB at the same SQL-Server-Instance

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide a decent tool for MIM servers sizing

    Provide a proper tool for sizing MIM servers in terms of CPU, Memory, and DB requirements

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add possibility to send cumulative Approval Requests in a single notification

    Some customers not want receive emails for every event and prefer have a single email with list of all events.
    I suggest to add a flag to Approval Action to send Approval notifications with a cumulative Emails to every approval user. Add an options in configuration can define a timer for send these emails.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  5. When installing the MIM Language packs on a second server, provide the option to just install the local files and not update the MIM Service

    When installing the language packs on second portal servers, it would be nice to have an option to skip the installer updating all the locals in the Service/Database as this has already been done during the initial install on the primary server, and slows down the time it takes to patch the environments.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  6. In the Portal, on the home page, the Welcome message uses the Display Name Attribute, can this be made a customisable option.

    In the Portal, on the Home Page, the Welcome Message is currently hard coded to Welcome, <DisplayName>.

    Please can this be made a option or customisable so that it can be calculated based on FirstName and LastName or just so a different attribute can be used.

    The issue using Display Name, is that in AD, the display name format is LastName, FirstName and when it is set in the Portal, it means the welcome message is displayed as Welcome, Bassi, Ian which does not make a lot of sense.

    To get around this, you have to create a extra attribute…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add support for initial flows in SR that don't perform provisioning

    If you have something you just want to flow if a value doesn't exists, it would be nice to be able to do this in an common SR, not only in SR that performs provisioning. Like in rules extension when you Always have the possibility to do: if (!csentry[attribute].IsPresent) <set value> else <skip this>

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  8. Update documentation on using Azure MFA for activating PAM roles

    Since Microsoft no longer offer MFA Server for new deployments, could you please update documentation with instructions on how we can utilize cloud-based Azure Multi-Factor Authentication for PAM role activation.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  9. Option to disable character escaping on parameter lockups in e-Mail Templates

    If you want to send html e-mails over MIM Service the content of variables are escaped.
    This prevents to send dynamic html content.
    As an example, this prevents as well the function ParametersTable() from the open source activity MIMWAL to display the parameters as html.

    Feature request suggestion:
    There should be an option to disable this functionality, as a suggestion on the e-Mail Template like "Disable character escaping for variables".

    In detail:
    If you have a variable like [//WorkflowData/Content] with the value "Hello Test User,<br>Welcome on board" this results in "Hello Test User,&lt;br&gt;Welcome on board"

    As an example Use case: …

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  10. Graph Connector Issue: select is not supported for these properties

    An issue are available on the Graph Management Agent Version 1.1.913.0.

    If you select all attributes you run into the delta limitations of Graph (not all attributes are available over the delta link).

    Method Name : GraphConnector : GetImportEntries
    --------- Outer Exception Data ---------
    Message: Error during http call. HttpStatusCode: BadRequest;
    url: https://graph.microsoft.com:443/v1.0/users/delta/?$select=consentProvidedForMinor,pastProjects,country,registeredDevices,mySite,onPremisesSecurityIdentifier,schools,userType,preferredName,memberOf,faxNumber,postalCode,state,aboutMe,ageGroup,transitiveMemberOf,legalAgeGroupClassification,createdObjects,onPremisesDistinguishedName,employeeId,birthday,deletedDateTime,otherMails,streetAddress,mailNickname,proxyAddresses,contacts,showInAddressList,officeLocation,displayName,businessPhones,ownedDevices,deviceEnrollmentLimit,preferredLanguage,ownedObjects,interests,responsibilities,hireDate,imAddresses,city,onPremisesSamAccountName,id,jobTitle,companyName,onPremisesDomainName,onPremisesLastSyncDateTime,surname,mobilePhone,onPremisesSyncEnabled,directReports,mail,userPrincipalName,department,givenName,onPremisesUserPrincipalName,accountEnabled,manager,isResourceAccount,skills,usageLocation,onPremisesImmutableId,passwordPolicies;
    Response: {
    "error": {
    "code": "BadRequest",
    "message": "Invalid Request: $select is not supported for these properties.",
    "innerError": {
    "request-id": "removed",
    "date": "removed"
    }
    }
    }
    Exception root Exception type: Microsoft.IdentityManagement.Connector.Graph.GraphAPIException
    Source: Microsoft.IdentityManagement.Connector.Graph
    Stack Trace: at Microsoft.IdentityManagement.Connector.Graph.GraphHttpClient.<GetAsync>d__4.MoveNext()
    --- End of stack trace from previous location where exception…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  11. Microsoft Identity Manager: create supported scenario for bidirectional password sync with PCNS

    With many ADs on prem, we have a major need to sync passwords bi-directional between global AD and local ADs.

    MIM 2016 with PCNS does support password sync, but is not supporting a scenario with bi-directional sync. Can this be supported ?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  12. Document the settings required for MultiSubnetFailover=True for MIM Sync, Mim Portal and MIM Service for SQL Always On Availability Groups

    Hi

    The MultiSubnetFailover=True keyword is now supported for MIM deployments tp connect to SQL in two datacentres using SQL Always On Availability Groups.

    But the exsiting documentation is awful and confusing.

    A clear document is required to show how the MultiSubnetFailover=True is used in the connection string for MIM and SharePoint.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. MIM/PAM Bastion+Admin forest model

    Current documentation shows only a bastion forsest on https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/environment-overview

    However the ESAE model includes a third Admin Forest. Please update documentation to identify how the trust between the PRIV Forest and the ADMIN Forest Works.
    https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  14. Web Service Connector Test Connection Bug

    Dear all,
    some little bug is present in the Web Service Connector Version 1.1.551.0.
    When you use the Test Connection function of the Management Agent, then the Management Agent does not use the Connectivity information defined in the Management Agent. The static value in the generated.config file will be used.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow customization of PAM workflow process

    Allow disabling of implicit approval (not allow "self" approval) in PAM workflows.
    Allow configuration of email notification chains (who gets the emails at each point in the process.
    Allow multiple tier approvals in PAM, much like can be configured in a regular MIM workflow.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  16. In the Sync Engine UI, update the Management Agent Tab so that additional attributes that are saved in can be displayed on the screen.

    Currently in the Sync Engine UI, on the Management Agent Tab, the following attributes are displayed. Name, Type, Description and State.

    It would be useful if the attributes displayed could be configurable, and additional attributes stored in the database such as ma_id, creation_date, modification_date and is_password_sync_allowed.

    The benefit of this is you can easily see how recently a Connector (MA) was updated, and if Password Sync is enabled for the Connector

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  17. MIM 2016 SP1 language pack for Romania

    My customer is a multinational company and requires several local language translations in the MIM Portal. All of the ones we need (so far) are present EXCEPT Romanian.

    Is this on the roadmap?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  18. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  19. Es interesante

    Estuvo bien

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  20. MIM Version 4.5.412.0 - roup objects fails to render when 'displayedOwner' attribute value is not populated

    MIM Version 4.5.412.0 - roup objects fails to render when 'displayedOwner' attribute value is not populated.

    Why would you post an update with this? How are users supposed to correct this when it prevents them from loading the page? When will a fix be posted for this?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base