Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Dynamic Groups: Member of group

    Would be good to have the possibility to use membership in other groups as a condition in a dynamic group membership rule.

    Example:
    (user.objectId -memberOf group.objectId)
    (user.objectId -notMemberOf group.ObjectId)

    Use case 1 - Group Based Licensing.
    If the user is member of a group that gives them a E5 license, don't let them be member of a group that gives them E3.

    Use case 2 - Exceptions
    All users should have a MDM policy applied, accept those of a specific group.

    166 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      9 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for your feedback! The feature team is aware of this suggestion and will keep it under consideration. There are technical challenges to overcome in order to make this happen. Please keep the votes coming if this feature matters to you.

      Chen

    • group naming policy using extension attributes

      Please implement additional functionality to allow the use of Extension Attributes as part of a Group Naming Policy. This is required as the Department name is too large and many organisations have a shortened department code which they apply via an Extension Attribute. Using a long department name in a Group Naming POlicy creates names that are too long to be useful, but using a shortened department code plus group name means that the group can be easily identified and attributed to a department without cluttering the name space.

      e.g. Information and Communication Technology has a short code of ICT…

      85 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        7 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →

        Thank you for your feedback! We have heard you and are considering future implementation options. There is no timeline yet for implementation. If this feature matters to you, keep voting as it will help us prioritize.

      • Enable support for dynamic mail-enabled security groups

        Dynamic security groups are great, mail-enabled groups are great too wouldn't it be great to have both. We have a requirement to create security groups (or distribution groups) based on employee attributes (i.e. Active Full-time, Active Parttime, etc...). These attributes live in Azure AD but aren't accessible in Exchange Online so I cannot create a dynamic distribution group. I am able to create a mail-enabled security group but the membership cannot be dynamic. And any dynamic group I create can't be mail-enabled unless it's a unified group but for the purposes we need the groups for Unified groups aren't appropriate.…

        49 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          10 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →

          Thank you for your feedback! We have heard you and are considering future implementation options. There is no timeline yet for implementation. If this feature matters to you, keep voting as it will help us prioritize.

        • Disable new features, which impact all AzureAD users, per default

          We always appreciate new Features in AzureAD, but if a new feature impacts all our users, we would like to be completely in control of enabling the feature once our organization is ready.
          I specifically refer to the "LinkedIn Integration in AzureAD" which will be enabled by default.
          When deploying future releases, please keep in mind that there are organizations out there, which have strict processes for enabling new features for their employees. Enabling a new feature, which impacts all AzureAD users by default is really disruptive!

          33 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
          • Introspection endpoint for Azure Active Directory

            Hi,
            Times, there will be cases when the user logs out but the token associated with the user on the client doesn't expire and so when the Resource Servers/APIs invoked with these tokens gets serviced/honored. It would be great to have an introspection endpoint with AAD to check the validatity of the token (as mentioned in RFC 7662 https://tools.ietf.org/html/rfc7662) so that all APIs/Resources can leverage it and accept or reject the token instead of creating a custom repository at our end to blacklist these tokens.

            30 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              8 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
            • Add support for nested group assignment to applications

              It would be really useful if enterprise applications supported nested group assignment. Following some role based access control models it would be required to nest 1/2 layers.

              I understand that nested groups can cause things to become messy if organisations assign nested groups inside nested groups down it can go on and on until your 15 layers deep inside a group... So even if it was depth limited to 1/2 nested groups this would still be useful.

              20 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
              • accountExpires

                For contractor hire scenarios, on-premise AD has an attribute accountExpires that can be set to contractor's last day in office.

                As far as I know, there is no corresponding attribute in Azure AD for this.

                Please can someone confirm this?

                Also if anyone knows of this attribute being made available in future?

                In absence of this, account needs to be disabled at the end of contract tenure where as accountExpires shuts the gate immediately on the day without needing anything else.

                Will the expires account get disabled in Azure AD automatically or do we need a process to disable the…

                20 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  4 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
                • Support roaming/sync of start menu layout

                  There is a desire for Enterprise State Roaming to support the roaming of the start screen/start menu as was done in Windows 8.x with MSA.

                  16 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
                  • Win32 app support for roaming

                    Azure AD Enterprise State Roaming for Windows 10 does not support syncing of Win32 apps settings/data. Current version only supports UWP modern app and OS settings. Most of organization have vast deployment win32 apps

                    For Win32 app support, current approach is to deploy User experience virtualization (UEV). Add support for Win 32 app setting - provide one integrated cloud based tool - Enterprise state roaming.

                    16 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
                    • Allow custom link for "can't access your account"

                      We use Azure AD connect to sync our local Active Directory with Azure AD/Office 365. As such, we don't want users trying to change their password using the "Can't access your account" link on the login.microsoftonline.com page, but would like to direct them to our on-premise password management system instead. It would be great if we could enter a custom URL for "Can't access your account" as part of the branding options. We've tried putting some text in the "Sign in text" area to let users know where to change their password, but the text is so tiny that users…

                      15 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
                      • Allow ESR admin to reset user synced data

                        Admin control to reset user synced data through the Azure AD portal. Useful for debugging, troubleshooting, and starting clean.

                        15 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
                        • Allow Azure AD to Azure AD Trust

                          Add the ability to trust another 365 tenant like exists with on prem active directory. The scenario is a company that has an establish 365 acquires another company that has a 365 environment. In a on prem scenario a domain trust would be put in place, however federation and external user access is the only options. This capability needs to be in place for Azure AD to trust another Azure AD.

                          13 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
                          • Azure AD with automatic join during deployment

                            I want to join my devices to azure ad during the Installation with SCCM or MDT

                            13 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
                            • Add Intune management capability for the Authenticator mobile app

                              Just like other Microsoft mobile apps that can be managed by Intune, it would be good if we could use Intune to manage the Azure Authenticator mobile app.
                              For example, only allow Authenticator to be used on "healthy" devices - or only allow certain features (OTP) if the device has a passcode or in encrypted.

                              13 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
                              • Office 365 Stream Group Channels: Assign Access with Azure AD Groups

                                Currently you can configure access to an Office 365 Stream Channel as companywide or group. When using the 'Group Channel' option you cannot specify an existing Azure AD Group.

                                Assigning access to 500 out of 1000 people would require creating a Stream Group and manually adding the required 500 users. This would then have to be manually maintained when new users come along.

                                It would be much better to be able to use an existing Azure AD group synced from on premises AD via AD connect.

                                Please make it possible to assign access to Stream Channels using Azure AD Groups

                                12 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
                                • Invalidate JWT Token

                                  Need a way to invalidate JWTTokens that have been issued to a user to prevent the user from accessing the AAD with the token after issuing the OAuth logout request:
                                  (https://login.windows.net/{{tenant}}/oauth2/logout?post_logout_redirect_uri={{RedirectUri}})

                                  12 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Release AADLoginForLinux source

                                    I would like to see the source code for Microsoft.Azure.ActiveDirectory.LinuxSSH.AADLoginForLinux released. It would fit nicely into the https://github.com/Azure/azure-linux-extensions repository

                                    11 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      6 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
                                    • merge personal and work/school accounts (fix identity management)

                                      The distinction between work and personal identities (with potentially the same e-mail address) is terribly confusing. If possible they should be merged, or not be allowed to create separate identities with the same email address.

                                      I've spent hours with MS support why in some cases personal accounts can't be added to an Azure AD tenant (he also had no idea what was going on) on why 'Viral Tenants' are created instead of personal accounts, why work/school tenants can't be added as users to visualstudio.com and why the 'new' Azure portal doesn't give the option to add a personal account.

                                      Stop…

                                      11 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Improve Device Listing Page - Export, sort, filter

                                        The All Device listing in Azure Active Directory has good information but you can not export it, sort it or filter efficiently.

                                        Would really appreciate the typical 'Export' option.

                                        10 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Unlink directories from Microsoft Account

                                          For the last few years a lot of people added me as co-administrators for their accounts. Now that I don't need to have access to their accounts anymore, I wish there were a way to unlink directories without having to go ask them to remove me from the directory.

                                          10 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 13 14
                                          • Don't see your idea?

                                          Feedback and Knowledge Base