Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

We have a new log in experience integrated with Azure AD, and we strongly recommend you log in with your Azure AD (Office 365) account. If your UserVoice account is the same email address as your Azure AD account, your previous activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. serviceNow

    I think there is significant area for improvement of the Auto Provisioning functionality when dealing with referenced fields.

    For example, the user table within ServiceNow looks similar to the sample snippet below:

    TABLE - User [sys_user]
    -----------------------------
    FIELD - Username [user_name] - string
    FIELD - Name [name] - string
    FIELD - Email [email] - string
    FIELD - Department [department] - references Department [cmn_department] table
    FIELD - Location [location] - references Location [cmn_location] table
    FIELD - etc. etc.

    Provisioning from Azure - in the cloud - is an awesome alternative to the previous configuration of having ServiceNow communicate with on-prem AD…

    13 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning to Applications  ·  Flag idea as inappropriate…  ·  Admin →
  2. Integrate site mapping for Samanage App

    I am provisioning users from AAD to Samanage and I am trying to map the AD attribute "physicalDeliveryOfficeName" to the Samanage "site" attribute. This mapping is currently not supported and I would find it useful.

    13 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Provisioning to Applications  ·  Flag idea as inappropriate…  ·  Admin →
  3. Getting more granular permissions with Graph API and SPO sites

    Do we have any plans to allow Azure AD-registered apps accessing Microsoft Graph APIs (such as SharePoint Online) to have more granular permissions? Can we get SharePoint Online (SPO) to enforce more granular authorization rules based on the app identity and some manifest rules to restrict the site collection for example, instead of Sites.Read.All? I am looking for something like this: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs, but for Azure-AD apps (where we can specify really granular permissions).

    This question is around the ability to customize Microsoft Graph APIs such as SharePoint Online APIs to restrict the site collections that can be accessed by…

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning to Applications  ·  Flag idea as inappropriate…  ·  Admin →
  4. Make Azure Groups PATCH remove operation SCIM v2 compliant

    The request body for Update Group [Remove Members] is not compliant with the SCIM v2 specification.
    https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups#update-group-remove-members

    Azure is specifying the member value they want deleted in the "value" property. SCIM specification states that the member value that would be removed in the PATCH operation needs to be set in the "path" property, not "value". The "value" property should actually never be sent in a PATCH remove operation per specification.
    https://tools.ietf.org/html/rfc7644#section-3.5.2.2

    If a Service Provider that implemented SCIM per specification were to receive PATCH remove request from Azure as is documented above, that request would result in ALL users being…

    1 vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning to Applications  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base