Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. FIM Portal override of Add Button on CustomizedObject.aspx

    A Bug is available if we override the Add Button of the CustomizedObject.aspx.

    If we override this, so that an other ObjectType (RCDC) will pop-up on the Add Button like:
    CustomizedObjects.aspx?type=myObjectTypeForNew&display=myObjectTypeForList then the List will not Show up correctly. (Like the sorting on the Header is not correct.)
    The support for this method will bring up more flexiblity with the Design of the NavBars or HomePageRessources.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  2. Advanced Search on Joiner Tool in Sync Engine

    Within the Sync Engine, when using the joiner tool you can only search for objects based on its disconnected status. It would be useful to have an advanced search so you can search for a disconnected object by attributes in the connector space that is selected.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  3. Hybrid Reporting Uses Different Formats for CreatedTime

    Hybrid Reporting saves MIM Service Request objects as JSON. The resulting JSON has different formats for the CreatedTime property.
    Sometimes it looks like:

    CreatedTime: 2020-05-14 17:44:57.270
    

    Other times it looks like:

    CreatedTime: 5/14/2020 5:45:10 PM
    

    The different formats make it difficult to parse and use.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  4. UocFilterBuilder can't be set to a null/empty value

    It seems impossible to have a UocFilterBuilder on a page that defaults to a null value (or can be changed back to a null value) - a default "all objects" filter is always present.

    This can be a problem, for example when creating a custom object with both Explicit Membership, and a Filter for criteria membership
    (see https://blogs.technet.microsoft.com/iamsupport/2017/03/27/microsoft-identity-manager-2016-sp1-portal-4-4-1459-0-or-later-support-for-customobject-explicitmember-membership-management/)

    It may be that only the manually managed membership is required, in which case the Filter should be null, and the value of ComputedMember should be equal to ExplicitMember.

    However, if the RCDC contains a UocFilterBuilder, it will always default to…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  5. Option to disable character escaping on parameter lockups in e-Mail Templates

    If you want to send html e-mails over MIM Service the content of variables are escaped.
    This prevents to send dynamic html content.
    As an example, this prevents as well the function ParametersTable() from the open source activity MIMWAL to display the parameters as html.

    Feature request suggestion:
    There should be an option to disable this functionality, as a suggestion on the e-Mail Template like "Disable character escaping for variables".

    In detail:
    If you have a variable like [//WorkflowData/Content] with the value "Hello Test User,<br>Welcome on board" this results in "Hello Test User,&lt;br&gt;Welcome on board"

    As an example Use case: …

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  6. Graph Connector Issue: select is not supported for these properties

    An issue are available on the Graph Management Agent Version 1.1.913.0.

    If you select all attributes you run into the delta limitations of Graph (not all attributes are available over the delta link).

    Method Name : GraphConnector : GetImportEntries
    --------- Outer Exception Data ---------
    Message: Error during http call. HttpStatusCode: BadRequest;
    url: https://graph.microsoft.com:443/v1.0/users/delta/?$select=consentProvidedForMinor,pastProjects,country,registeredDevices,mySite,onPremisesSecurityIdentifier,schools,userType,preferredName,memberOf,faxNumber,postalCode,state,aboutMe,ageGroup,transitiveMemberOf,legalAgeGroupClassification,createdObjects,onPremisesDistinguishedName,employeeId,birthday,deletedDateTime,otherMails,streetAddress,mailNickname,proxyAddresses,contacts,showInAddressList,officeLocation,displayName,businessPhones,ownedDevices,deviceEnrollmentLimit,preferredLanguage,ownedObjects,interests,responsibilities,hireDate,imAddresses,city,onPremisesSamAccountName,id,jobTitle,companyName,onPremisesDomainName,onPremisesLastSyncDateTime,surname,mobilePhone,onPremisesSyncEnabled,directReports,mail,userPrincipalName,department,givenName,onPremisesUserPrincipalName,accountEnabled,manager,isResourceAccount,skills,usageLocation,onPremisesImmutableId,passwordPolicies;
    Response: {
    "error": {

    &quot;code&quot;: &quot;BadRequest&quot;,
    
    &quot;message&quot;: &quot;Invalid Request: $select is not supported for these properties.&quot;,
    &quot;innerError&quot;: {
    &quot;request-id&quot;: &quot;removed&quot;,
    &quot;date&quot;: &quot;removed&quot;
    }

    }
    }
    Exception root Exception type: Microsoft.IdentityManagement.Connector.Graph.GraphAPIException
    Source: Microsoft.IdentityManagement.Connector.Graph
    Stack Trace: at Microsoft.IdentityManagement.Connector.Graph.GraphHttpClient.<GetAsync>d__4.MoveNext()
    --- End of stack trace from previous location where exception…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add possibility to send cumulative Approval Requests in a single notification

    Some customers not want receive emails for every event and prefer have a single email with list of all events.
    I suggest to add a flag to Approval Action to send Approval notifications with a cumulative Emails to every approval user. Add an options in configuration can define a timer for send these emails.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  8. When installing the MIM Language packs on a second server, provide the option to just install the local files and not update the MIM Service

    When installing the language packs on second portal servers, it would be nice to have an option to skip the installer updating all the locals in the Service/Database as this has already been done during the initial install on the primary server, and slows down the time it takes to patch the environments.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  9. In the Portal, on the home page, the Welcome message uses the Display Name Attribute, can this be made a customisable option.

    In the Portal, on the Home Page, the Welcome Message is currently hard coded to Welcome, <DisplayName>.

    Please can this be made a option or customisable so that it can be calculated based on FirstName and LastName or just so a different attribute can be used.

    The issue using Display Name, is that in AD, the display name format is LastName, FirstName and when it is set in the Portal, it means the welcome message is displayed as Welcome, Bassi, Ian which does not make a lot of sense.

    To get around this, you have to create a extra attribute…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add support for initial flows in SR that don't perform provisioning

    If you have something you just want to flow if a value doesn't exists, it would be nice to be able to do this in an common SR, not only in SR that performs provisioning. Like in rules extension when you Always have the possibility to do: if (!csentry[attribute].IsPresent) <set value> else <skip this>

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add rename support for SQL Databases and Jobs

    Renaming the "FIMSynchronizationService" database is currently not supported. Please add this support to allow multiple sync services to share a single SQL instance.

    SQL Agent Jobs are also hard coded. Please allow custom tagging for these jobs to be applied during installation.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  12. Microsoft Identity Manager: create supported scenario for bidirectional password sync with PCNS

    With many ADs on prem, we have a major need to sync passwords bi-directional between global AD and local ADs.

    MIM 2016 with PCNS does support password sync, but is not supporting a scenario with bi-directional sync. Can this be supported ?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. Document the settings required for MultiSubnetFailover=True for MIM Sync, Mim Portal and MIM Service for SQL Always On Availability Groups

    Hi

    The MultiSubnetFailover=True keyword is now supported for MIM deployments tp connect to SQL in two datacentres using SQL Always On Availability Groups.

    But the exsiting documentation is awful and confusing.

    A clear document is required to show how the MultiSubnetFailover=True is used in the connection string for MIM and SharePoint.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  14. MIM/PAM Bastion+Admin forest model

    Current documentation shows only a bastion forsest on https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/environment-overview

    However the ESAE model includes a third Admin Forest. Please update documentation to identify how the trust between the PRIV Forest and the ADMIN Forest Works.
    https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  15. Web Service Connector Test Connection Bug

    Dear all,
    some little bug is present in the Web Service Connector Version 1.1.551.0.
    When you use the Test Connection function of the Management Agent, then the Management Agent does not use the Connectivity information defined in the Management Agent. The static value in the generated.config file will be used.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow customization of PAM workflow process

    Allow disabling of implicit approval (not allow "self" approval) in PAM workflows.
    Allow configuration of email notification chains (who gets the emails at each point in the process.
    Allow multiple tier approvals in PAM, much like can be configured in a regular MIM workflow.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  17. In the Sync Engine UI, update the Management Agent Tab so that additional attributes that are saved in can be displayed on the screen.

    Currently in the Sync Engine UI, on the Management Agent Tab, the following attributes are displayed. Name, Type, Description and State.

    It would be useful if the attributes displayed could be configurable, and additional attributes stored in the database such as maid, creationdate, modificationdate and ispasswordsyncallowed.

    The benefit of this is you can easily see how recently a Connector (MA) was updated, and if Password Sync is enabled for the Connector

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  18. MIM 2016 SP1 language pack for Romania

    My customer is a multinational company and requires several local language translations in the MIM Portal. All of the ones we need (so far) are present EXCEPT Romanian.

    Is this on the roadmap?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  19. MIM graph connector missing key information

    MIM graph connector missing key information like Licenses,mailbox created time,Provisioned plans, Extended attributes, etc..

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  20. Audit changes to MIM Certificate Management Profile Templates in the Windows event log

    Audit changes to MIM Certificate Management Profile Templates in the Windows event log

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base