Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Set an AzureAD account to expire on a specified date

    Just like in active directory allow accounts to be set to expire on a specified date. Our company policy is to set network accounts for non-employees (consultants, contractors, temporary employees, interns) to expire at a certain interval after they are created. We want the same functionality within Office 365.

    357 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  2. Support plus-addressing in emails, which is invaluable for testing

    We need to create many users for our testing environments. Normally, the way we do this is to use 'plus-addressing'. This is a convention by which you can add a '+' sign and then anything afterwards to an email address, and it gets delivered to the recipient as if the + and everything after did not exist i.e. the following two email addresses are different but get delivered to the same place:

    me@gmail.com
    me+foo@gmail.com

    This is a standard called 'sub-addressing' which is supported by quite a few mail providers, including Google Gmail, Google Apps, Yahoo! Mail, Outlook.com, and quite a…

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  3. Multiple User/Group Delete in Azure AD

    Hi.

    For testing/dev/learning purposes it would be an welcome feature to enable multiple Azure AD User/Group delete.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Today on the list of All users you can select the checkbox for multiple users, and then click the delete button to delete all the selected users. Does this meet your requirement? If not, would you let us know the details of the scenario you’d like to be easier for you to accomplish in our admin portal?

  4. workday to Azure AD automatic user provision

    We are implementing the Workday Azure AD automatic user account provisioning for our client and we are facing below issues.

    https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/workday-inbound-tutorial

    *Workday account username is employeeID. As of now, the employeeID attribute is blank at Azure

    Issue 1: Automatic provisioning creates the duplicate user record at Azure with email id as userid@domain(20955@clientdomain.com), whereas the client is using their own logic to create the email ids (firstname+MiddleName_Lastname@clientdomain.com). After provisioning of accounts, we are getting duplicate records with different email ids.

    Issue 2: Automatic Provisioning is not updating the employeeId attribute in the Azure user account even when…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  5. Have automated alerts for User/Group deletions - Especially for Managed Groups

    It would be really nice to have the ability to set alerts (email) for User/Group deletions.

    This is especially useful for security management when Security Groups are assigned owners, usually regular users, for membership management but can accidentally delete the Security Group.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  6. Access to edit user disconnected session timeout settings in AD users and computer

    We should have the access to edit user disconnected session timeout settings in AD users and computer in AADDS users OU.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  7. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  8. respeito as diferenças

    Segurança geral da internet,inteligência emocional e artificial juntas em armonia na administração interna,externa,local e internacionais,com confiabilidade,sabedoria,saúde,responsabilidade,Amor frateno com os direitos de interatividade para todos os meios de comunicações no mundo inteiro para todos nós...

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  9. PowerShell to remove user from all Office 365 Groups (UnifedGroupLinks)

    When a user leaves the company we would like to clean up all the Office 365 Groups they belong to. The way the "Remove-UnifiedGroupLinks" works you need to know what Groups they belong to. That information is not relevant, I know the user and just want to remove them from all UnifiedGroups. Here is the example given in the Microsoft documentation to remove a member:

    Remove-UnifiedGroupLinks -Identity "Legal Department" -LinkType Members -Links laura@contoso.com,julia@contoso.com

    I'd like to be able to do something like what I use on premise AD:

    Get-ADUser ALIAS -Properties MemberOf | ForEach-Object {$_.MemberOf | Remove-ADGroupMember -Members…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  10. Office My account Login

    Office My Account - if you are a existing user login office.com/myaccount, New user can create your office here. Once you account ready you can download and install MS Office in your device.

    https://www.msofficekeyoffice.com/my-account/

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  11. Better instructions for choosing password in the AAD B2B Redemption Page

    Provide better error information or apply password policies so that the users do not create a weak password in the B2B redemption page scenario as explained in the below link.

    The password rules mentioned here[https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts] are not available to the user while choosing the password, as a result, the page throws an error with no specific error information or work around.

    https://stackoverflow.com/questions/55592569/password-complexity-issue-with-b2b-invitation-redemption-page/55603737#55603737

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  12. Implement Application Permission 'Directory.ReadWrite.OwnedBy' in AAD

    We want to implement an automation job to update the token in Azure AD synchronization API (Provisioning in Enterprise Application). According to the documentation in this link: https://docs.microsoft.com/en-us/graph/api/resources/synchronization-overview?view=graph-rest-beta#authorization, we need to give the service principal Application Permission Directory.ReadWrite.All to work with the synchronization api. This Application permission is too powerful since it will have access to all directories. We don't want to give a service principal this power due to the risks it may raise. Thus, we hope an Application Permission like Directory.ReadWrite.OwnedBy can be implemented in the design, so that we can use the service principal writing to…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  13. azure AD connect clear failed exports

    I recently got stuck with bad thumbnail photos trying to sync to AAD from AD. After changing them on premise, changing them in the cloud, trying to set the field to NULL with sync transforms, I couldn't get it to get past these failed exports. AAD Connect needs the ability to clear these failed exports as opposed to wiping the whole thing out and starting over.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  14. Alias

    After I entered my phone number. I went to enter an email. Then I decided I didn’t need to use that email as I do not really monitor the email entered. I went to remove said email to just stick w/ my phone muber for my window user profile. Now windows is making me keep the email I barely use as my new alias and not remove without adding another email. I do not like this at all. Not everyone has a bunch of emails plus I want my phone number to be my original alias. Give me that option…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  • Don't see your idea?

Feedback and Knowledge Base