Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sending Azure Active Directory logs to Log Analytics does not work for sign-in logs.

    Sending Azure Active Directory logs to Log Analytics as per (preview) feature https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics works for audit logs but not for sign-in logs (i.e. the former show up in Log Analytics; the latter don't). The same issue occurs with streaming these logs to an event hub.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  2. Azure Active Directory app manifest json needs to be updatable via Azure CLI

    Currently, the AAD app manifest json file is only updatable via the Portal. It should also be updatable through the Azure CLI.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  3. Need write back from Azure to an on-prim security group.

    I want to be able to take an on-prim security group that is sync'd to Azure, assign an owner to that group and allow them to make changes to that group with write back to the on-prim AD. Since moving to Office 365 I have to make all the changes to these groups which takes to much of my time. Assigning a manager to the group that they can make changes and have it write back to the on-prim AD would make life easier. The members to these security groups are contently changing.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  4. Adding standard provisioning for SAP Cloud Platform Identity Provisioning Service SAP CP IPS

    It would be nice if there was a readily available mechanism for provisioning users from Azure AD into SAP Cloud Platform Identity Provisioning Service (SAP CP IPS).

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  5. Control who can view the BitLocker keys from the profile section of the Access Panel

    We have the need to restrict the BitLocker keys for certain devices. We are currently escrowing the BitLocker recovery passwords to AAD and these passwords are visible to the user who Azure joined the device. Since these are corporate owned devices, the administrators should be able to control who can and cannot view their BitLocker recovery keys.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  6. To stop automatically translate något förståeligt to something som ær skrap

    Be able to turn off automatic translation since it makes the text unreadable. Jag hoppas att jag gjort mig förstådd? Anyhuu, the English to Svenska översättningen är under all kritik. För att kunne ge intryck av att vara ett seriöst företag så kan men verkligen inte använda sig av ord som "quintesentially". I think the original author and or editor of the article's would be fly förbannade.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  7. SAML Token Attributes Preview

    It would be extremely helpful for diagnostic purposes to be able to preview the SAML response for an application. I've been able to do this with my Okta and Centrify customers. Ideally after creating an application and setting the SAML attributes to include I would click "Test" or "Preview", select a user in the director and view what the full SAML XML document would look like. It really helps in catching any errors ahead of deploying the application.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add view of monthly active users for all apps in the company

    Show list of all apps and their active monthly users, not just the top 5.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  9. Make it possible for users to view own devices and bitlocker recovery keys on account page.

    Make it possible for users to view own devices and bitlocker recovery keys on account page.

    Would also be nice as an administrator to easily get a list of all joined devices, the user and the bitlocker recovery keys for each device. Today recovery keys and devices are really located deep in the UI.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow configuring custom SAML-based apps without AzureAD Premium

    SAML-based apps in the AzureAD marketplace can be implemented without an AzureAD premium subscription. However, I cannot set up my own SAML-based app (for example for a SaaS app not listed in the AzureAD gallery) without a premium subscription. This feels wrong to me - please allow adding custom saml-based apps without a premium subscription.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add support for specifying tenants allowed for accessing multitenant web applications

    When registering multitenant web applications in AAD add support for specifying a list of tenants that are allowed to use this application. This could be implemented on the application registration side or in the configuration of an Azure Web Application.
    This capability would be invaluable for developers building Single Page Applications with for example Angular. Being able to configure the list of allowed tenants would allow them to focus on the application rather than building the plumbing to implement this.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  12. able to add custom AD attributes into Analytics/Sentinel

    We have attributes like Market ID per user , synced to Azure.
    Custom user attributes should be possible to sync to analytics so you can use for queries , usage reports and so on.
    If not in you have to build a second loop, identify user, identify user related custom attribute , a mess for large tenants.
    At the end the same for the other integration like Exchange, Sharepoint Analytics.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  13. Zoom Enterprise App - Add funtionality to provision AAD Photo attribute to Zoom during user provisioning

    We need to be able to access the AAD photo attribute during user provisioning for the Zoom Enterprise App instead of manually updating each user.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  14. Bulk import/export should use the same id shown in the device info pages/export

    Bulk import/export use the objectid but this is not given in the UI for a device, only the ADdeviceid. So either the info screen and other export should include both or the bulk operations should be based on the ADdeviceid

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  15. UserProfile

    Azure AD joined devices: UserProfile PATH is currently using Display Name. This breaks functionality of programs, powershell etc when display name consists of certain special characters.

    Either replace the special characters with underscore or some other allowed character, or do not use display name and instead the mailnickname attribut, which would most likely provide the same experience when using AADConnect - where it looks like it uses SamAccount.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable My App Secure Sign-In Extension to Launch Apps in New Tab

    Enable My App Secure Sign-In Extension to Launch Apps in New Tab instead of launching in the active tab.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  17. LinkedIn Integration: Need to control whether company users are allowed to share data with LinkedIn

    LinkedIn integration with company's tenant is great. But company needs to be in control to decide whether their users are allowed to send company's internal data to LinkedIn.

    Yes, there's an option for users to decide whether they should be configuring the connection or not to send their company info to LinkedIn but that's not good enough for large organizations. Users will make mistake and this will cause a lot of unforeseen concerns. This needs to be managed centrally. Please look into this.

    According to this article : "https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/linkedin-user-consent"

    the below info will be sent to LinkedIn and…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  18. Email notifications of expiration policy for Office 365 groups

    There is the expiration policy for Office 365 groups.
    Email notifications are sent to the Office 365 group owners 30 days, 15 days, and 1 day prior to expiration of the group.
    However, I would like to configure (using PowerShell etc.) that do not send Email notification to owner.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  19. Ability to limit Security Group to contain Devices or Users only

    Would be very usefull if you could add group settings to Azure AD Security Groups, where you'd be able to limit members to be either Users objects or Devices objects ONLY.

    We often use security groups for Intune configuration. Including users but excluding devices creates conflicts. It would be very helpfull with this added control and granularity.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  20. tôi quên mật khẩu giúp tôi lấy lại mật khẩu.

    tôi quên mật khẩu giúp tôi lấy lại mật khẩu.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base