Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Dynamic Azure AD group based on device ownership

    Idea is to have user group which will be automatically generated based on device attributes. Like ot have group of all users who have iOS device.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  2. Improve Exchange online administration via Graph API

    The following 8 fields of on-premise users cannot be read or updated by using the Microsoft Graph API.
    1. altRecipient
    2. mDBUseDefaults
    3. msExchRBACPolicyLink
    4. msExchPoliciesExcluded
    5. protocolSettings
    6. homeMDB
    7. ntSecurityDescriptor (DACLs)
    8. msExchDelegateListLink
    The following fields cannot be updated by using the Microsoft Graph API.
    1. proxyaddresses
    2. mdbStorageQuota
    3. mdbOverQuotaLimit
    4. mdbOverHardQuotaLimit
    5. msExchHideFromAddressLists
    6. msExchELCMailboxFlags
    7. msExchExternalOOFOptions
    8. msExchOmaAdminWirelessEnable

    Two possible solutions :
    • All listed fields will be included in the AAD-sync tool so that these fields are synchronized
    • All listed fields will be included in the Microsoft Graph API and can be administrated…

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  3. Regular expression as banned password

    I want to restrict to use specific characters as password, not only banned keywords.
    Because some language's keyboard have difficulty on inputting special characters like single quotation or '|' and so on. So I want to use regex as banned password on Azure AD Password Protection for Windows Server Active Directory to prevent using such characters on password.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  4. Enable custom fields in Device Properties

    Can the product team please look into the ability to add custom fields to Azure AD joined devices? So in Azure Active Directory -> Devices -> All Devices -> [device name] -> in the setting that come up with the "Name", "ID", "Enabled" etc... allow us to have the ability to enter a custom attributes.

    One thing I can think of that would come to mind is an asset tag field. Or a "Custom 1" field where we can put an Asset Tag.

    However multiple custom fields could serve other purposes, like date of purchase, warranty expiry etc.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  5. Unlink directories from Microsoft Account

    For the last few years a lot of people added me as co-administrators for their accounts. Now that I don't need to have access to their accounts anymore, I wish there were a way to unlink directories without having to go ask them to remove me from the directory.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  6. Zoom Enterprise App - Add funtionality to provision AAD Photo attribute to Zoom during user provisioning

    We need to be able to access the AAD photo attribute during user provisioning for the Zoom Enterprise App instead of manually updating each user.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  7. tags for service principal

    Provide support for Tags on a Service Principal.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  8. Self Service Password Write Back to on premise ad for all O365 users for free or a lower lower price than aad premium.

    Self Service Password Write Back to on premise ad for all O365 users for free or a lower lower price than aad premium.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  9. Support Dynamic Relay State in Azure.

    Please enable support for Dynamic Relay State in Azure

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow changing text "Sign in with your work or school account"

    We have enterprise applications using Azure AD and this text looks very unprofessional. Could you please implement a feature so we can customize it?

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  11. O365 Granular Password Policy

    Raised a ticket with the MS support to see if we could set our password policy to be more complex, e.g. not use the same password as the last 4, certain number of characters, etc. We were told it's not possible unless we have an on-premise AD with Directory Sync setup. We don't plan on setting an on-premise AD. It would be great if O365 had similar password policy settings though.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  12. Cloud App Discovery Agent for Mac's

    How about creating a Cloud App Discovery agent for Mac's? We believe they are one of our biggest users of cloud apps and we would love to be able to get some data to move them to supported apps.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  13. Implement additional Security Header for login.microsoftonline.com

    Some of the new HTTP headers can be very useful protection against certain type of attacks. Although their use is not necessarily widely spread in some cases, we want to try to be more proactive especially as we are moving websites from on-prem to Azure + AAD. For both On-Prem & Azure cloud, there was a change in our internal security policy and we are now working with our development teams across all products to implement security headers to help tighten our websites’ security.

    From what I can tell and as of now, below are the ones currently being implemented. …

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  14. Emit Azure Event Grid Events

    When user or group objects are created/updated/deleted it would be beneficial to have near real-time events have actions happen. Example would be, a user is added to a group, an Azure Function App is subscribed to events from Azure AD and then reaches out to another system to perform some action, e.g. deprovision them or change their access.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow ICMP/Ping through NSG

    The lack of the most BASIC functionality such as PING has forced my CTO to prevent the renewal of a $140,000 Enterprise Agreement. Our clients use external monitoring software. Amazon Web Services and Google Cloud Engine allow this, yet Microsoft's "Excuse" is that it is a security risk (It isn't, and anyone saying it is, is lying.)

    Without Ping, I cannot approve the renewal of the contract. Please add Ping before I must also revoke our subsidiaries contracts with Azure!

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  16. Purge inactive registered devices on Azure

    It would be useful if old devices that haven't been seen for a period of time could be automatically purged from the list of a user's registered devices. It looks like when devices are reset or different insider builds installed Azure/Intune doesn't do a good job of identifying it as a previously seen device. I found I had lots of duplicates for the same device with different build numbers and was hitting the maximum device limit (set to 20) which prevented further devices being registered. If this can't be done automatically, it would be useful to be able to run…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  17. More affordable tier of AAD with Enterprise State Roaming?

    We're a small business, and are trying out Azure AAD with our Office 365 subscription.

    We would like to use Enterprise State Roaming to sync user preferences between computers -- but it's outrageously expensive for that one feature ($6/user/month).

    We don't want any other Azure AD Premium features (no need for writeback, conditional access, etc.) -- we just want the Enterprise State Roaming ESR feature.

    Would it be possible to only add on that feature -- or have some Small Business tier between the Office 365 / Basic options and the very expensive ESR / Premium options?

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  18. Restrict Access to Attributes in AAD

    Just as we can with on premise AD, it would be great to be able to restrict certain attributes in AAD so that only certain users could view them.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  19. Feature to check if the account is organizational or not

    Without the user's login, we can't distinguish whether the account belongs to an organization or Microsoft account.
    I think this specification is due to the possible case of the same account name between organizational and Microsoft accounts.

    Some IT Pro members in an organization get confused because they can't judge if accounts of their domain are already registered as a Microsoft account or not.
    They must search a specific account into all of their own Azure AD.

    Also, some command-line tools cannot be used as a Microsoft account user.
    (For example, Add-AzureAccount command with a credential string cannot be used…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  20. Make Azure AD available A La Carte like every other Azure Service

    Below was a Request for Azure AD to be available without an EA. So the "solution" was to make it available via CSPs and the Open program. https://www.microsoft.com/en-us/licensing/licensing-programs/open-license.aspx

    This still MISSES THE MARK. If I build an Azure solution that integrates an Azure AD instance into it for authentication and GraphAPI ACL purposes, I need to be able to do the kinds of things I do that a BASIC license provides

    but
    I do not NEED an EA
    I do not NEED a CSP
    I do not NEED an "Open License"

    I just need an instance of Azure AD that…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base