Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Regular expression as banned password

    I want to restrict to use specific characters as password, not only banned keywords.
    Because some language's keyboard have difficulty on inputting special characters like single quotation or '|' and so on. So I want to use regex as banned password on Azure AD Password Protection for Windows Server Active Directory to prevent using such characters on password.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enable custom fields in Device Properties

    Can the product team please look into the ability to add custom fields to Azure AD joined devices? So in Azure Active Directory -> Devices -> All Devices -> [device name] -> in the setting that come up with the "Name", "ID", "Enabled" etc... allow us to have the ability to enter a custom attributes.

    One thing I can think of that would come to mind is an asset tag field. Or a "Custom 1" field where we can put an Asset Tag.

    However multiple custom fields could serve other purposes, like date of purchase, warranty expiry etc.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow changing text "Sign in with your work or school account"

    We have enterprise applications using Azure AD and this text looks very unprofessional. Could you please implement a feature so we can customize it?

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  4. O365 Granular Password Policy

    Raised a ticket with the MS support to see if we could set our password policy to be more complex, e.g. not use the same password as the last 4, certain number of characters, etc. We were told it's not possible unless we have an on-premise AD with Directory Sync setup. We don't plan on setting an on-premise AD. It would be great if O365 had similar password policy settings though.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  5. Cloud App Discovery Agent for Mac's

    How about creating a Cloud App Discovery agent for Mac's? We believe they are one of our biggest users of cloud apps and we would love to be able to get some data to move them to supported apps.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  6. Make CSP Foreign Principal AD groups/users visible in Azure AD

    For one of our customers we are setup as a Foreign Principal on their Azure tenancy that was setup by another CSP - each using own subscription. There was very little information available detailing that each of our employees would have permissions to all resources under the subscription, nor is this displayed in the Azure AD panel in Azure Portal that our employees have these permissions.

    The customer's Azure AD gives no indication that every employee of the Foreign Principal with admin rights on the partner portal, will in fact have permission to everything under the subscription - neither the…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow ICMP/Ping through NSG

    The lack of the most BASIC functionality such as PING has forced my CTO to prevent the renewal of a $140,000 Enterprise Agreement. Our clients use external monitoring software. Amazon Web Services and Google Cloud Engine allow this, yet Microsoft's "Excuse" is that it is a security risk (It isn't, and anyone saying it is, is lying.)

    Without Ping, I cannot approve the renewal of the contract. Please add Ping before I must also revoke our subsidiaries contracts with Azure!

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  8. Feature to check if the account is organizational or not

    Without the user's login, we can't distinguish whether the account belongs to an organization or Microsoft account.
    I think this specification is due to the possible case of the same account name between organizational and Microsoft accounts.

    Some IT Pro members in an organization get confused because they can't judge if accounts of their domain are already registered as a Microsoft account or not.
    They must search a specific account into all of their own Azure AD.

    Also, some command-line tools cannot be used as a Microsoft account user.
    (For example, Add-AzureAccount command with a credential string cannot be used…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  9. Make Azure AD available A La Carte like every other Azure Service

    Below was a Request for Azure AD to be available without an EA. So the "solution" was to make it available via CSPs and the Open program. https://www.microsoft.com/en-us/licensing/licensing-programs/open-license.aspx

    This still MISSES THE MARK. If I build an Azure solution that integrates an Azure AD instance into it for authentication and GraphAPI ACL purposes, I need to be able to do the kinds of things I do that a BASIC license provides

    but
    I do not NEED an EA
    I do not NEED a CSP
    I do not NEED an "Open License"

    I just need an instance of Azure AD that…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  10. Make the AD Raw logs (event/logs) avaiable for SIEM monitoring

    Been subscribed to Azure AD as an organization, it's hard to monitor scurity events realtime using SIEM solution without having access to Raw event logs. Although Audit log report offers what to extract out as a report but realtime monitoring to events for organizational domain is unavailable. This is quite crutial. oraganization doesn't have access to its own domain security events.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback! Have you had a look at the Azure AD Reporting API? This will allow you to feed the reporting data from the Azure AD reports directly into your SIEM. See the following article: https://azure.microsoft.com/en-us/documentation/articles/active-directory-reporting-api-getting-started/

    (I’m marking this as “started” and not “completed” because the API is still in Preview—feedback is welcome!)

    Philippe Signoret
    Program Manager, Azure Active Directory

  11. dynamic groups: Numeric Values (greater or less than operators)

    Would like to see -gt and -lt added as valid operators for Dynamic Group queries.

    Use Case 1: Numeric values in Extension Attributes.
    If an attribute has a numeric value (Career Level, in our case), it's much simpler to build a query based on -gt 30 rather than using the -notin operator and listing out 0-30 individually.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  12. Password writeback in Office 365 portal. Admins should be able to reset Onprem. users passwords.

    Password writeback in Office 365 portal.
    Admins should be able to reset Onprem-users passwords from Office 365 Admin portal and Admin App

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  13. More affordable tier of AAD with Enterprise State Roaming?

    We're a small business, and are trying out Azure AAD with our Office 365 subscription.

    We would like to use Enterprise State Roaming to sync user preferences between computers -- but it's outrageously expensive for that one feature ($6/user/month).

    We don't want any other Azure AD Premium features (no need for writeback, conditional access, etc.) -- we just want the Enterprise State Roaming ESR feature.

    Would it be possible to only add on that feature -- or have some Small Business tier between the Office 365 / Basic options and the very expensive ESR / Premium options?

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  14. 7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  15. Emit Azure Event Grid Events

    When user or group objects are created/updated/deleted it would be beneficial to have near real-time events have actions happen. Example would be, a user is added to a group, an Azure Function App is subscribed to events from Azure AD and then reaches out to another system to perform some action, e.g. deprovision them or change their access.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  16. roadmap

    Since recently an AAD release history is available: https://docs.microsoft.com/en-us/azure/active-directory/whats-new

    Can there also be a roadmap with features, similar as with O365? The current Azure roadmap for Identity is not up-to-date https://azure.microsoft.com/en-us/roadmap/?category=security-identity

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  17. Dynamic Azure AD group based on device ownership

    Idea is to have user group which will be automatically generated based on device attributes. Like ot have group of all users who have iOS device.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  18. Multiple AAD Domain Services for single AAD tenant

    Can we have multiple AAD Domain services across different region from single AAD tenant, for the cases where
    01) Customer has to do a DR drill test
    02) Want to minimize the RTO of recovering/recreating the AAD DS services on the other region in case of regional disaster
    03) To manage active-active site where every AADDS instance should be local to the region

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  19. Purge inactive registered devices on Azure

    It would be useful if old devices that haven't been seen for a period of time could be automatically purged from the list of a user's registered devices. It looks like when devices are reset or different insider builds installed Azure/Intune doesn't do a good job of identifying it as a previously seen device. I found I had lots of duplicates for the same device with different build numbers and was hitting the maximum device limit (set to 20) which prevented further devices being registered. If this can't be done automatically, it would be useful to be able to run…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  20. Improve granular control of password policy

    Following the recent re-write of NIST's password guidelines, could we have better granular control of the password policies in place for a tenant. Namely, I would like to see the option to increase the minimum number of characters (it gets exponentially harder to ***** passwords using brute force attack when passwords are 10 charcters long or more instead of 8 characters), reduce the number of failed logins to less than 10 (say 3) before a user is blocked and have passwords checked against a list of known common passwords. These settings should be available in Office365 control panel as well…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base