Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Introspection endpoint for Azure Active Directory
Hi,
Times, there will be cases when the user logs out but the token associated with the user on the client doesn't expire and so when the Resource Servers/APIs invoked with these tokens gets serviced/honored. It would be great to have an introspection endpoint with AAD to check the validatity of the token (as mentioned in RFC 7662 https://tools.ietf.org/html/rfc7662) so that all APIs/Resources can leverage it and accept or reject the token instead of creating a custom repository at our end to blacklist these tokens.110 votesThanks for the feedback! We will look into this and share an update when we have more information.
-
CSP subscription transfer between tenants
Eneblemnt of Azure CSP subscription tranfer between AAD tenants.
77 votes -
Invalidate JWT Token
Need a way to invalidate JWTTokens that have been issued to a user to prevent the user from accessing the AAD with the token after issuing the OAuth logout request:
(https://login.windows.net/{{tenant}}/oauth2/logout?postlogoutredirect_uri={{RedirectUri}})75 votesThanks for the feedback! We will look into this and share an update when we have more information.
-
Backup Azure Active Directory
I would like the ability to backup my Azure Active Directory. This could be a feature provided by Microsoft, or allowing a configuration file to be exported locally.
If my users maliciously deleted application registrations among other things, there is no easy way to restore this currently.
49 votes -
Azure databricks to support Exec Stored Procedure on SQL sources
We use advanced SQL and T-SQL queries that includes stored procedures to carry out ETL activities on SQL.
We cannot any support or documentation on how to run Exec Sproc activities on Databricks. This is a push-down mechanism as shown below but it fails to run Exec Sp Sql commands.
https://docs.databricks.com/spark/latest/data-sources/sql-databases.htmlval pushdownquery = "(select * from employees where empno < 10008) empalias"
val df = spark.read.jdbc(url=jdbcUrl, table=pushdownquery, properties=connectionProperties)
display(df)39 votes -
Disable new features, which impact all AzureAD users, per default
We always appreciate new Features in AzureAD, but if a new feature impacts all our users, we would like to be completely in control of enabling the feature once our organization is ready.
I specifically refer to the "LinkedIn Integration in AzureAD" which will be enabled by default.
When deploying future releases, please keep in mind that there are organizations out there, which have strict processes for enabling new features for their employees. Enabling a new feature, which impacts all AzureAD users by default is really disruptive!39 votesAppreciate your feedback. We will keep it in mind.
Chen
-
Release AADLoginForLinux source
I would like to see the source code for Microsoft.Azure.ActiveDirectory.LinuxSSH.AADLoginForLinux released. It would fit nicely into the https://github.com/Azure/azure-linux-extensions repository
32 votes -
Improve Device Listing Page - Export, sort, filter
The All Device listing in Azure Active Directory has good information but you can not export it, sort it or filter efficiently.
Would really appreciate the typical 'Export' option.
27 votesThis capability is under review. Thanks for the input.
/Shantaram – Program Manager
-
Allow custom link for "can't access your account"
We use Azure AD connect to sync our local Active Directory with Azure AD/Office 365. As such, we don't want users trying to change their password using the "Can't access your account" link on the login.microsoftonline.com page, but would like to direct them to our on-premise password management system instead. It would be great if we could enter a custom URL for "Can't access your account" as part of the branding options. We've tried putting some text in the "Sign in text" area to let users know where to change their password, but the text is so tiny that users…
25 votes -
Add Redis Cache Support for Managed Service Identity
Allow managed service identity to be used for connections to redis cache via the redis session state provider
23 votesPlease share more details on how you would like to use this integration.
-
Add Intune management capability for the Authenticator mobile app
Just like other Microsoft mobile apps that can be managed by Intune, it would be good if we could use Intune to manage the Azure Authenticator mobile app.
For example, only allow Authenticator to be used on "healthy" devices - or only allow certain features (OTP) if the device has a passcode or in encrypted.20 votes -
Allow different login branding customizations per-app
As developers look more and more to Azure App Services to host custom developed SaaS/multi-tenant apps with Azure AD auth, it would be great to enable login page customizations on a per-app basis.... just like MS do :D
An excellent explanation of this can be found here: http://stackoverflow.com/questions/43105050/custom-branding-for-login-on-a-azure-ad-multi-tenant-app
17 votes -
Make CSP Foreign Principal AD groups/users visible in Azure AD
For one of our customers we are setup as a Foreign Principal on their Azure tenancy that was setup by another CSP - each using own subscription. There was very little information available detailing that each of our employees would have permissions to all resources under the subscription, nor is this displayed in the Azure AD panel in Azure Portal that our employees have these permissions.
The customer's Azure AD gives no indication that every employee of the Foreign Principal with admin rights on the partner portal, will in fact have permission to everything under the subscription - neither the…
16 votes -
Win32 app support for roaming
Azure AD Enterprise State Roaming for Windows 10 does not support syncing of Win32 apps settings/data. Current version only supports UWP modern app and OS settings. Most of organization have vast deployment win32 apps
For Win32 app support, current approach is to deploy User experience virtualization (UEV). Add support for Win 32 app setting - provide one integrated cloud based tool - Enterprise state roaming.
16 votes -
Azure AD with automatic join during deployment
I want to join my devices to azure ad during the Installation with SCCM or MDT
15 votes -
Support SAML 2.0 NameIDFormat urn:oasis:names:tc:SAML:2.0:nameid-format:transient
http://technet.microsoft.com/en-us/library/dn641269.aspx
Says: "Azure AD currently supports the following NameID Format URI for SAML 2.0:urn:oasis:names:tc:SAML:2.0:nameid-format:persistent."
I would like to have NameIDFormat urn:oasis:names:tc:SAML:2.0:nameid-format:transient supported.
15 votes -
"Users at risk detected" messages need more detail
Provide an option to include more detail in the "Users at risk detected" messages. Receiving these alerts is nice, but it doesn't include enough detail, like the user, risk factors that tripped the alert. etc.
I know from an "output sanitization" perspective less is better, but we'd at least like the >option< of having more details forthcoming in the initial message. Thanks!
14 votes -
Allow ESR admin to reset user synced data
Admin control to reset user synced data through the Azure AD portal. Useful for debugging, troubleshooting, and starting clean.
14 votes -
Improve Exchange online administration via Graph API
The following 8 fields of on-premise users cannot be read or updated by using the Microsoft Graph API.
1. altRecipient
2. mDBUseDefaults
3. msExchRBACPolicyLink
4. msExchPoliciesExcluded
5. protocolSettings
6. homeMDB
7. ntSecurityDescriptor (DACLs)
8. msExchDelegateListLink
The following fields cannot be updated by using the Microsoft Graph API.
1. proxyaddresses
2. mdbStorageQuota
3. mdbOverQuotaLimit
4. mdbOverHardQuotaLimit
5. msExchHideFromAddressLists
6. msExchELCMailboxFlags
7. msExchExternalOOFOptions
8. msExchOmaAdminWirelessEnableTwo possible solutions :
• All listed fields will be included in the AAD-sync tool so that these fields are synchronized
• All listed fields will be included in the Microsoft Graph API and can be administrated…12 votes -
Unlink directories from Microsoft Account
For the last few years a lot of people added me as co-administrators for their accounts. Now that I don't need to have access to their accounts anymore, I wish there were a way to unlink directories without having to go ask them to remove me from the directory.
11 votes
- Don't see your idea?