Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Set an AzureAD account to expire on a specified date

    Just like in active directory allow accounts to be set to expire on a specified date. Our company policy is to set network accounts for non-employees (consultants, contractors, temporary employees, interns) to expire at a certain interval after they are created. We want the same functionality within Office 365.

    402 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  2. Support plus-addressing in emails, which is invaluable for testing

    We need to create many users for our testing environments. Normally, the way we do this is to use 'plus-addressing'. This is a convention by which you can add a '+' sign and then anything afterwards to an email address, and it gets delivered to the recipient as if the + and everything after did not exist i.e. the following two email addresses are different but get delivered to the same place:

    me@gmail.com
    me+foo@gmail.com

    This is a standard called 'sub-addressing' which is supported by quite a few mail providers, including Google Gmail, Google Apps, Yahoo! Mail, Outlook.com, and quite a…

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  3. AAD Usernames need to support all character sets

    Many customers allow usernames with special characters, double byte characters and Asian character sets. AAD Connect and Azure AD do not support all of these character sets. Not all customers use Active Directory on premise as their main identity store. Thus identities with special characters cannot be synchronized into AAD. For customers with hundreds of thousands of usernames with special character sets, it is a horrible user experience and very costly to try to rename all these logins.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  4. Block Sign In Source-of-Authority issue

    It is very confusing for customers that they have the option to change the "Block Sign In" state, when the users source-of-authority is "Windows AD Server" (Active Directory).

    Why is this not disabled like all other attributes. It doesn't make any sense to have the control enabled, when the UserAccountAttribute overwrite the setting during Azure AD Connect sync.

    You should at least have a popup box telling the users that this setting will be overwritten by Azure AD Connect sync, if the Azure AD Connect is configured to update the AccountEnabled value based on the UserControlControl state in the local…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  5. workday to Azure AD automatic user provision

    We are implementing the Workday Azure AD automatic user account provisioning for our client and we are facing below issues.

    https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/workday-inbound-tutorial

    *Workday account username is employeeID. As of now, the employeeID attribute is blank at Azure

    Issue 1: Automatic provisioning creates the duplicate user record at Azure with email id as userid@domain(20955@clientdomain.com), whereas the client is using their own logic to create the email ids (firstname+MiddleName_Lastname@clientdomain.com). After provisioning of accounts, we are getting duplicate records with different email ids.

    Issue 2: Automatic Provisioning is not updating the employeeId attribute in the Azure user account even when…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  6. Multiple User/Group Delete in Azure AD

    Hi.

    For testing/dev/learning purposes it would be an welcome feature to enable multiple Azure AD User/Group delete.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Today on the list of All users you can select the checkbox for multiple users, and then click the delete button to delete all the selected users. Does this meet your requirement? If not, would you let us know the details of the scenario you’d like to be easier for you to accomplish in our admin portal?

  7. 3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  8. Have automated alerts for User/Group deletions - Especially for Managed Groups

    It would be really nice to have the ability to set alerts (email) for User/Group deletions.

    This is especially useful for security management when Security Groups are assigned owners, usually regular users, for membership management but can accidentally delete the Security Group.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  9. Allow Group Sergregation for Azure AD Password Protection

    We need to select groups of users to have Azure AD Password Protection applied. We synchronize it to our local AD through the proxy and DC agents. We have a subset of users that require a more simple password. This configuration is available with SSPR and would like the same functionality here. Thanks

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  10. This may well be the least user-friendly program I have ever encountered. How do I get rid of it?

    I want get rid of this beast off my iPad, but I am afraid to delete in case it prevents me gain access to something.
    How do I get rid safely?
    Thanks
    Wyn

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  11. Allow True Custom Claims Without Scripting

    Currently the only user claim you can create and manage through UI is the role. If you want more than that, you need to add an extension element on each user individually through Powershell, then link to it through the custom claims in the manifest, making efficient management an impossibility. This effectively eliminates Azure AD as an option when developing SSO integration in any application that needs per-user information. The UI for the role (a simple dropdown) could be duplicated, and expanded with options such as checkboxes for an array of predefined values or open textboxes for individual strings.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  12. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  13. Reset Enterprise State Roaming Data

    Please provide an ability to reset the Enterprise State Roaming data for individual users.

    Scenario, we are in the middle of a new Windows 10 rollout, where users already have ESR enabled, we want to provision a new profile though for each user, where we set some settings in a default user profile on the machine. With ESR enabled - we cannot set some default settings though.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  14. Access to edit user disconnected session timeout settings in AD users and computer

    We should have the access to edit user disconnected session timeout settings in AD users and computer in AADDS users OU.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  15. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  16. Native support for all Active Directory Attribute Field Actual names

    Please add the full on-premise Active Directory Attribute Field Actual name list to Azure AD.

    Many Orgs have fields mapped for critical company apps like employeeType but since that does not exist in Azure AD I have to map it to an extentionAtributeXX.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  17. respeito as diferenças

    Segurança geral da internet,inteligência emocional e artificial juntas em armonia na administração interna,externa,local e internacionais,com confiabilidade,sabedoria,saúde,responsabilidade,Amor frateno com os direitos de interatividade para todos os meios de comunicações no mundo inteiro para todos nós...

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  18. PowerShell to remove user from all Office 365 Groups (UnifedGroupLinks)

    When a user leaves the company we would like to clean up all the Office 365 Groups they belong to. The way the "Remove-UnifiedGroupLinks" works you need to know what Groups they belong to. That information is not relevant, I know the user and just want to remove them from all UnifiedGroups. Here is the example given in the Microsoft documentation to remove a member:

    Remove-UnifiedGroupLinks -Identity "Legal Department" -LinkType Members -Links laura@contoso.com,julia@contoso.com

    I'd like to be able to do something like what I use on premise AD:

    Get-ADUser ALIAS -Properties MemberOf | ForEach-Object {$_.MemberOf | Remove-ADGroupMember -Members…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  19. Office My account Login

    Office My Account - if you are a existing user login office.com/myaccount, New user can create your office here. Once you account ready you can download and install MS Office in your device.

    https://www.msofficekeyoffice.com/my-account/

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  20. Better instructions for choosing password in the AAD B2B Redemption Page

    Provide better error information or apply password policies so that the users do not create a weak password in the B2B redemption page scenario as explained in the below link.

    The password rules mentioned here[https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts] are not available to the user while choosing the password, as a result, the page throws an error with no specific error information or work around.

    https://stackoverflow.com/questions/55592569/password-complexity-issue-with-b2b-invitation-redemption-page/55603737#55603737

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base