Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Unlink directories from Microsoft Account

    For the last few years a lot of people added me as co-administrators for their accounts. Now that I don't need to have access to their accounts anymore, I wish there were a way to unlink directories without having to go ask them to remove me from the directory.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  2. Regular expression as banned password

    I want to restrict to use specific characters as password, not only banned keywords.
    Because some language's keyboard have difficulty on inputting special characters like single quotation or '|' and so on. So I want to use regex as banned password on Azure AD Password Protection for Windows Server Active Directory to prevent using such characters on password.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  3. Self Service Password Write Back to on premise ad for all O365 users for free or a lower lower price than aad premium.

    Self Service Password Write Back to on premise ad for all O365 users for free or a lower lower price than aad premium.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  4. Administrative Unit

    Expand Azure Active Directory Administrative Unit feature to other role/services (e.g. Exchange/SharePoint Online Administrator, MFA settings in O365).
    Only User Management / Helpdesk(Password Manangement) role is not enough.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  5. Dynamic Azure AD group based on device ownership

    Idea is to have user group which will be automatically generated based on device attributes. Like ot have group of all users who have iOS device.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable custom fields in Device Properties

    Can the product team please look into the ability to add custom fields to Azure AD joined devices? So in Azure Active Directory -> Devices -> All Devices -> [device name] -> in the setting that come up with the "Name", "ID", "Enabled" etc... allow us to have the ability to enter a custom attributes.

    One thing I can think of that would come to mind is an asset tag field. Or a "Custom 1" field where we can put an Asset Tag.

    However multiple custom fields could serve other purposes, like date of purchase, warranty expiry etc.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow changing text "Sign in with your work or school account"

    We have enterprise applications using Azure AD and this text looks very unprofessional. Could you please implement a feature so we can customize it?

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  8. O365 Granular Password Policy

    Raised a ticket with the MS support to see if we could set our password policy to be more complex, e.g. not use the same password as the last 4, certain number of characters, etc. We were told it's not possible unless we have an on-premise AD with Directory Sync setup. We don't plan on setting an on-premise AD. It would be great if O365 had similar password policy settings though.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  9. Cloud App Discovery Agent for Mac's

    How about creating a Cloud App Discovery agent for Mac's? We believe they are one of our biggest users of cloud apps and we would love to be able to get some data to move them to supported apps.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  10. Emit Azure Event Grid Events

    When user or group objects are created/updated/deleted it would be beneficial to have near real-time events have actions happen. Example would be, a user is added to a group, an Azure Function App is subscribed to events from Azure AD and then reaches out to another system to perform some action, e.g. deprovision them or change their access.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow ICMP/Ping through NSG

    The lack of the most BASIC functionality such as PING has forced my CTO to prevent the renewal of a $140,000 Enterprise Agreement. Our clients use external monitoring software. Amazon Web Services and Google Cloud Engine allow this, yet Microsoft's "Excuse" is that it is a security risk (It isn't, and anyone saying it is, is lying.)

    Without Ping, I cannot approve the renewal of the contract. Please add Ping before I must also revoke our subsidiaries contracts with Azure!

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  12. Feature to check if the account is organizational or not

    Without the user's login, we can't distinguish whether the account belongs to an organization or Microsoft account.
    I think this specification is due to the possible case of the same account name between organizational and Microsoft accounts.

    Some IT Pro members in an organization get confused because they can't judge if accounts of their domain are already registered as a Microsoft account or not.
    They must search a specific account into all of their own Azure AD.

    Also, some command-line tools cannot be used as a Microsoft account user.
    (For example, Add-AzureAccount command with a credential string cannot be used…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  13. Make Azure AD available A La Carte like every other Azure Service

    Below was a Request for Azure AD to be available without an EA. So the "solution" was to make it available via CSPs and the Open program. https://www.microsoft.com/en-us/licensing/licensing-programs/open-license.aspx

    This still MISSES THE MARK. If I build an Azure solution that integrates an Azure AD instance into it for authentication and GraphAPI ACL purposes, I need to be able to do the kinds of things I do that a BASIC license provides

    but
    I do not NEED an EA
    I do not NEED a CSP
    I do not NEED an "Open License"

    I just need an instance of Azure AD that…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  14. Make the AD Raw logs (event/logs) avaiable for SIEM monitoring

    Been subscribed to Azure AD as an organization, it's hard to monitor scurity events realtime using SIEM solution without having access to Raw event logs. Although Audit log report offers what to extract out as a report but realtime monitoring to events for organizational domain is unavailable. This is quite crutial. oraganization doesn't have access to its own domain security events.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback! Have you had a look at the Azure AD Reporting API? This will allow you to feed the reporting data from the Azure AD reports directly into your SIEM. See the following article: https://azure.microsoft.com/en-us/documentation/articles/active-directory-reporting-api-getting-started/

    (I’m marking this as “started” and not “completed” because the API is still in Preview—feedback is welcome!)

    Philippe Signoret
    Program Manager, Azure Active Directory

  15. Control who can view the BitLocker keys from the profile section of the Access Panel

    We have the need to restrict the BitLocker keys for certain devices. We are currently escrowing the BitLocker recovery passwords to AAD and these passwords are visible to the user who Azure joined the device. Since these are corporate owned devices, the administrators should be able to control who can and cannot view their BitLocker recovery keys.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow the use of Organizational Units for users and devices, whether synced or using Azure ADDS in Dynamic membership rules

    OU's are the cornerstone of a well designed and implemented Active Directory Domain. OU's help ensure that when selecting users for a dynamic group, that we are not relying on information that may be inaccurate in a user's profile, such as Exchange Attributes, Departments or others. Any data that can be "typed" in, can be "fat fingered", and as OU's are normally static and not modified very often, they are a more trustworthy selection for determining group membership.

    OU's should be a fully configurable and useable in Azure, in all situations, whether you rely on Azure AD Connect, or Azure…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  17. roadmap

    Since recently an AAD release history is available: https://docs.microsoft.com/en-us/azure/active-directory/whats-new

    Can there also be a roadmap with features, similar as with O365? The current Azure roadmap for Identity is not up-to-date https://azure.microsoft.com/en-us/roadmap/?category=security-identity

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provide PowerShell/Azure CLI Access to Application User Provisioning Configuration

    It is challenging when trying to customize the provisioning process for users from an Enterprise Application configuration (when having to update the attribute list or the attribute mappings).

    It would be great if there were visibility into that configuration either through PowerShell or the Azure CLI to allow updating that configuration in a much simper and efficient manner.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  19. Multiple AAD Domain Services for single AAD tenant

    Can we have multiple AAD Domain services across different region from single AAD tenant, for the cases where
    01) Customer has to do a DR drill test
    02) Want to minimize the RTO of recovering/recreating the AAD DS services on the other region in case of regional disaster
    03) To manage active-active site where every AADDS instance should be local to the region

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  20. Password writeback in Office 365 portal. Admins should be able to reset Onprem. users passwords.

    Password writeback in Office 365 portal.
    Admins should be able to reset Onprem-users passwords from Office 365 Admin portal and Admin App

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base