Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Introspection endpoint for Azure Active Directory

    Hi,
    Times, there will be cases when the user logs out but the token associated with the user on the client doesn't expire and so when the Resource Servers/APIs invoked with these tokens gets serviced/honored. It would be great to have an introspection endpoint with AAD to check the validatity of the token (as mentioned in RFC 7662 https://tools.ietf.org/html/rfc7662) so that all APIs/Resources can leverage it and accept or reject the token instead of creating a custom repository at our end to blacklist these tokens.

    142 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    25 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Azure AD Team responded

    Thanks for the feedback! We will look into this and share an update when we have more information.

  2. Invalidate JWT Token

    Need a way to invalidate JWTTokens that have been issued to a user to prevent the user from accessing the AAD with the token after issuing the OAuth logout request:
    (https://login.windows.net/{{tenant}}/oauth2/logout?postlogoutredirect_uri={{RedirectUri}})

    82 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Azure AD Team responded

    Thanks for the feedback! We will look into this and share an update when we have more information.

  3. Improve Device Listing Page - Export, sort, filter

    The All Device listing in Azure Active Directory has good information but you can not export it, sort it or filter efficiently.

    Would really appreciate the typical 'Export' option.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  4. Are we able to find out all users and their last logged in date in AAD? A report feature is preferred

    I need to access how Active my AAD users are. Not sure if there is any Report feature that can churn out all users and their last logged in time. Cause base on this. i can tell how LONG has he/she not logged in.

    Appreciate your help pls :(

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide native security services and policy interception in the AppFabric

    Provide native security services in AppFabric such as XML firewalling (structure, grammar, semantics, algorithms, injections, etc), similarly like other XML virtual appliances .
    Ideally, it would great if interception can be implemented between client and the end service by calling Worker / Web Role on Azure to perform this functionality (an possibly policy enforcement) – Customer may or may not to choose to deploy this solution at their own cost. The firewall can be reference implementation on codeplex and / or fully managed service provided by Microsoft.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Anonymous responded

    Your idea has been sent to the appropriate Program Manager for review. Thank you for your input.

  6. Create Managed Service Identity (MSI) in a custom AAD tenant

    Is it possible to have the user defined identity create in a custom AAD-tenant? We maintain several environments within a single subscription, and create all app registrations in a AAD for each environment, and not in the AAD-tenant that is associated with the subscription

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  7. Irregular sign in activity should display what's normal before the triggered event

    The report "Irregular sign in activity" should show what's normal, and detailed why this was triggered.

    If it's a atypical location: What is the typical?
    Signed in from a location distant from the previous location: What was the previous?

    If you have hundreds of users, sending just this list to an administrator is not sufficient.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  8. Provide alternate path or help when removing features. E.g. URL to Grant Access

    We use to have a "URL to Grant Access" in the WAAD application configuration page. This has been removed recently (March 2014) and there is no documentation or help to explain what is the new way of granting access to other WAADs.

    Even the documentation still specifies this "URL to Grant Access".

    Please help!

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Anonymous responded

    Your suggestion has been passed on to the appropriate Program Manager.

  9. Resource Group Missing

    Hello I have EA access. I created two resource group and assigned owner access to there outlook.com account. When they login to portal.azure.com they don't any resource group

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base