Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Introspection endpoint for Azure Active Directory
Hi,
Times, there will be cases when the user logs out but the token associated with the user on the client doesn't expire and so when the Resource Servers/APIs invoked with these tokens gets serviced/honored. It would be great to have an introspection endpoint with AAD to check the validatity of the token (as mentioned in RFC 7662 https://tools.ietf.org/html/rfc7662) so that all APIs/Resources can leverage it and accept or reject the token instead of creating a custom repository at our end to blacklist these tokens.156 votesThanks for the feedback! We will look into this and share an update when we have more information.
-
Backup Azure Active Directory
I would like the ability to backup my Azure Active Directory. This could be a feature provided by Microsoft, or allowing a configuration file to be exported locally.
If my users maliciously deleted application registrations among other things, there is no easy way to restore this currently.
109 votes -
CSP subscription transfer between tenants
Eneblemnt of Azure CSP subscription tranfer between AAD tenants.
94 votes -
Invalidate JWT Token
Need a way to invalidate JWTTokens that have been issued to a user to prevent the user from accessing the AAD with the token after issuing the OAuth logout request:
(https://login.windows.net/{{tenant}}/oauth2/logout?postlogoutredirect_uri={{RedirectUri}})83 votesThanks for the feedback! We will look into this and share an update when we have more information.
-
Azure databricks to support Exec Stored Procedure on SQL sources
We use advanced SQL and T-SQL queries that includes stored procedures to carry out ETL activities on SQL.
We cannot any support or documentation on how to run Exec Sproc activities on Databricks. This is a push-down mechanism as shown below but it fails to run Exec Sp Sql commands.
https://docs.databricks.com/spark/latest/data-sources/sql-databases.htmlval pushdownquery = "(select * from employees where empno < 10008) empalias"
val df = spark.read.jdbc(url=jdbcUrl, table=pushdownquery, properties=connectionProperties)
display(df)48 votes -
Release AADLoginForLinux source
I would like to see the source code for Microsoft.Azure.ActiveDirectory.LinuxSSH.AADLoginForLinux released. It would fit nicely into the https://github.com/Azure/azure-linux-extensions repository
41 votes -
Disable new features, which impact all AzureAD users, per default
We always appreciate new Features in AzureAD, but if a new feature impacts all our users, we would like to be completely in control of enabling the feature once our organization is ready.
I specifically refer to the "LinkedIn Integration in AzureAD" which will be enabled by default.
When deploying future releases, please keep in mind that there are organizations out there, which have strict processes for enabling new features for their employees. Enabling a new feature, which impacts all AzureAD users by default is really disruptive!40 votesAppreciate your feedback. We will keep it in mind.
Chen
-
Add Redis Cache Support for Managed Service Identity
Allow managed service identity to be used for connections to redis cache via the redis session state provider
39 votesPlease share more details on how you would like to use this integration.
-
Improve Device Listing Page - Export, sort, filter
The All Device listing in Azure Active Directory has good information but you can not export it, sort it or filter efficiently.
Would really appreciate the typical 'Export' option.
28 votesThis capability is under review. Thanks for the input.
/Shantaram – Program Manager
-
Make CSP Foreign Principal AD groups/users visible in Azure AD
For one of our customers we are setup as a Foreign Principal on their Azure tenancy that was setup by another CSP - each using own subscription. There was very little information available detailing that each of our employees would have permissions to all resources under the subscription, nor is this displayed in the Azure AD panel in Azure Portal that our employees have these permissions.
The customer's Azure AD gives no indication that every employee of the Foreign Principal with admin rights on the partner portal, will in fact have permission to everything under the subscription - neither the…
27 votes -
Allow custom link for "can't access your account"
We use Azure AD connect to sync our local Active Directory with Azure AD/Office 365. As such, we don't want users trying to change their password using the "Can't access your account" link on the login.microsoftonline.com page, but would like to direct them to our on-premise password management system instead. It would be great if we could enter a custom URL for "Can't access your account" as part of the branding options. We've tried putting some text in the "Sign in text" area to let users know where to change their password, but the text is so tiny that users…
27 votes -
Add Intune management capability for the Authenticator mobile app
Just like other Microsoft mobile apps that can be managed by Intune, it would be good if we could use Intune to manage the Azure Authenticator mobile app.
For example, only allow Authenticator to be used on "healthy" devices - or only allow certain features (OTP) if the device has a passcode or in encrypted.21 votes -
Scoping of AppRoleAssignment.ReadWrite.All
Currently as far as I can tell it is only possible to grant AppRoleAssignment.ReadWrite.All in the scope of the whole tenant. The tooltip for this permission says: "Allows the app to manage permission grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, without a signed-in user."
This allows the service principal to grant the permission for anybody to do anything, including themselves. I want to be able to constrain a service principal to only be able to create appRoleAssignments to particular applications, so that I can enforce the principle of least-privilege and avoid…
18 votes -
Allow different login branding customizations per-app
As developers look more and more to Azure App Services to host custom developed SaaS/multi-tenant apps with Azure AD auth, it would be great to enable login page customizations on a per-app basis.... just like MS do :D
An excellent explanation of this can be found here: http://stackoverflow.com/questions/43105050/custom-branding-for-login-on-a-azure-ad-multi-tenant-app
18 votes -
dynamic groups: Numeric Values (greater or less than operators)
Would like to see -gt and -lt added as valid operators for Dynamic Group queries.
Use Case 1: Numeric values in Extension Attributes.
If an attribute has a numeric value (Career Level, in our case), it's much simpler to build a query based on -gt 30 rather than using the -notin operator and listing out 0-30 individually.17 votes -
Win32 app support for roaming
Azure AD Enterprise State Roaming for Windows 10 does not support syncing of Win32 apps settings/data. Current version only supports UWP modern app and OS settings. Most of organization have vast deployment win32 apps
For Win32 app support, current approach is to deploy User experience virtualization (UEV). Add support for Win 32 app setting - provide one integrated cloud based tool - Enterprise state roaming.
16 votes -
Azure AD with automatic join during deployment
I want to join my devices to azure ad during the Installation with SCCM or MDT
15 votes -
Allow ESR admin to reset user synced data
Admin control to reset user synced data through the Azure AD portal. Useful for debugging, troubleshooting, and starting clean.
15 votes -
Support SAML 2.0 NameIDFormat urn:oasis:names:tc:SAML:2.0:nameid-format:transient
http://technet.microsoft.com/en-us/library/dn641269.aspx
Says: "Azure AD currently supports the following NameID Format URI for SAML 2.0:urn:oasis:names:tc:SAML:2.0:nameid-format:persistent."
I would like to have NameIDFormat urn:oasis:names:tc:SAML:2.0:nameid-format:transient supported.
15 votes -
Administrative Unit
Expand Azure Active Directory Administrative Unit feature to other role/services (e.g. Exchange/SharePoint Online Administrator, MFA settings in O365).
Only User Management / Helpdesk(Password Manangement) role is not enough.14 votes
- Don't see your idea?