Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Merge onmicrosoft account between Azure and Office 365 Business

    Provide the ability to merge several microsoft accounts. Currently I have to log in with more than one account to manage my portals.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add support for specifying tenants allowed for accessing multitenant web applications

    When registering multitenant web applications in AAD add support for specifying a list of tenants that are allowed to use this application. This could be implemented on the application registration side or in the configuration of an Azure Web Application.
    This capability would be invaluable for developers building Single Page Applications with for example Angular. Being able to configure the list of allowed tenants would allow them to focus on the application rather than building the plumbing to implement this.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  3. UserProfile

    Azure AD joined devices: UserProfile PATH is currently using Display Name. This breaks functionality of programs, powershell etc when display name consists of certain special characters.

    Either replace the special characters with underscore or some other allowed character, or do not use display name and instead the mailnickname attribut, which would most likely provide the same experience when using AADConnect - where it looks like it uses SamAccount.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  4. Enable My App Secure Sign-In Extension to Launch Apps in New Tab

    Enable My App Secure Sign-In Extension to Launch Apps in New Tab instead of launching in the active tab.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  5. Email notifications of expiration policy for Office 365 groups

    There is the expiration policy for Office 365 groups.
    Email notifications are sent to the Office 365 group owners 30 days, 15 days, and 1 day prior to expiration of the group.
    However, I would like to configure (using PowerShell etc.) that do not send Email notification to owner.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  6. Ability to limit Security Group to contain Devices or Users only

    Would be very usefull if you could add group settings to Azure AD Security Groups, where you'd be able to limit members to be either Users objects or Devices objects ONLY.

    We often use security groups for Intune configuration. Including users but excluding devices creates conflicts. It would be very helpfull with this added control and granularity.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure Active Directory app manifest json needs to be updatable via Azure CLI

    Currently, the AAD app manifest json file is only updatable via the Portal. It should also be updatable through the Azure CLI.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  8. Need write back from Azure to an on-prim security group.

    I want to be able to take an on-prim security group that is sync'd to Azure, assign an owner to that group and allow them to make changes to that group with write back to the on-prim AD. Since moving to Office 365 I have to make all the changes to these groups which takes to much of my time. Assigning a manager to the group that they can make changes and have it write back to the on-prim AD would make life easier. The members to these security groups are contently changing.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  9. Create Managed Service Identity (MSI) in a custom AAD tenant

    Is it possible to have the user defined identity create in a custom AAD-tenant? We maintain several environments within a single subscription, and create all app registrations in a AAD for each environment, and not in the AAD-tenant that is associated with the subscription

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  10. MSA allow multiple redirect urls

    MSA Oauth allow multiple redirect urls - or just make it easier.

    Microsoft Oauth makes Azure Easy Auth with Deployment slots difficult. Other OAuth providers make adding multiple redirect hosts easy. Microsoft Oauth is harder and can't be used unless you know the trick.

    In other oauth providers you just add the redirect urls.

    For MSA, you can only add from a single domain, and the host domain has to be added first:

    https://bar.com
    https://foo.bar.com
    https://gug.bar.com

    Otherwise it won't work.

    Why does MSA have to be this hard?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  11. AD password protection for segmented Active Directory

    Create an offline version/add-in of the Azure AD password protection filter. Need the capabilities similar but without Azure AD access.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  12. Control who can view the BitLocker keys from the profile section of the Access Panel

    We have the need to restrict the BitLocker keys for certain devices. We are currently escrowing the BitLocker recovery passwords to AAD and these passwords are visible to the user who Azure joined the device. Since these are corporate owned devices, the administrators should be able to control who can and cannot view their BitLocker recovery keys.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  13. 3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  14. BAD IDEA NOT PROGRESS

    the old way was sign in and password on the same page. ONE click and i'm in. WHY DID YOU MAKE ONE EASY STEP INTO MORE STEPS???????

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  15. 1 Stop Mechanical Inc.

    URL:
    https://1stopmechanical.com
    Keywords:
    Woodbridge Plumber, Woodbridge Plumbing Service, Sewer Line Repair, Sewer Line Replacements, Sewer Pipe Lining
    Description:
    Residential and commercial plumbing service in the area of Woodbridge, Virginia. Also capable of handling HVAC and Electrical service requests. Our specialty is in residential plumbing and sewer pipe lining.
    Owner Name:
    Jon Beachamp
    Full Address
    14381 Pine Lane Suite 9
    Woodbridge, VA 22191
    Phone:
    (703) 491-6542
    Business Email:
    1stopmechanical@gmail.com

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  16. Would like to know the location of the picture--I liked the one from Santa Monica with the PCH that you used before. Can we have a choice?

    You should tell us were the background picture is geographically. I liked the one from Santa Monica with the PCH. Being an expatriate Southern Californian it reminded me of my origina.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow the use of Organizational Units for users and devices, whether synced or using Azure ADDS in Dynamic membership rules

    OU's are the cornerstone of a well designed and implemented Active Directory Domain. OU's help ensure that when selecting users for a dynamic group, that we are not relying on information that may be inaccurate in a user's profile, such as Exchange Attributes, Departments or others. Any data that can be "typed" in, can be "fat fingered", and as OU's are normally static and not modified very often, they are a more trustworthy selection for determining group membership.

    OU's should be a fully configurable and useable in Azure, in all situations, whether you rely on Azure AD Connect, or Azure…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  18. 3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  19. Reduce scope of application permissions when connecting via SDKs / Rest APIs

    We currently have an application registered in our Azure Tenant, along with a Service Prinicpal that we use to connect to Azure via the Node.JS SDK (https://github.com/Azure/azure-sdk-for-node).

    We have configured our application to have fairly broad delegated permissions within the Azure Tenant and we assign Project owner to that application on all the subscriptions that we manage.

    This highly priviledged set of permissions works fine for our own code interfacing with Azure SDKs/APIs, as we have trust in what we are doing. However, we are looking to provide the ability for users to register and run their own…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  20. Provide PowerShell/Azure CLI Access to Application User Provisioning Configuration

    It is challenging when trying to customize the provisioning process for users from an Enterprise Application configuration (when having to update the attribute list or the attribute mappings).

    It would be great if there were visibility into that configuration either through PowerShell or the Azure CLI to allow updating that configuration in a much simper and efficient manner.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base