Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure AD Account Initials

    The initials circle that is generated in Azure AD and propagated to other workloads seems to parse the DisplayName attribute which does not always render the correct initials. For example, if the CX uses "BusinessUnit-FirstName LastName (Contractor)" as a naming convention then everyone gets the exact same "BC" initials. This has been a complaint for way too long and is easily resolved by using the FirstName and LastName attributes to generate the correct initials and fall-back to DisplayName only if they are not populated.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  3. Email verification/activation after sign-up

    The local account sign-up page is confusing to the users and a common problem is that users are clicking "Create" button without verifying email. An alternative would be to let user fill in all the sign-up page details and create the account and then send a email for the user to activate their account.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add frontend MFA to PAM

    PAM can only MFA via CustomPhoneProvider, which has its issues:
    - Users must have a phone number (or the provider is not called)
    - In effect limits you to Back-end MFA (phone call, or push notification)
    - Frontend can be achieved, but technically much harder.

    Allow the PAM API to get tokens/inputs/other from frontend.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add logging to PAM API

    From what I have experienced, the PAM API does not log anything of value. Please make it log when it has problems, debugging running processes is not logging.

    Alternatively: If it can log, please document how to configure it.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow PAM to join MIM Sets

    The basic of PAM is that you have to activate privileges... But somehow MIM cannot do this for itself?

    (Correct me if I am wrong, but I was unable to create a Set that targets users who have activated a PAM role.. I was able to target the PAM Requests, but not extract the users)

    Alternatively: Allow Security Groups in AD to be a member of a set directly, not with Sync.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  7. Fix PAM API to not use impersonation for Active Directory

    In some patch or another the PAM API was altered to call Active Directory in the callers contexts. Which for Constrained Delegation means you have to add the SPN for LDAP for all your domain controllers.

    According to my brief read of the code it seems it only does this to... find the users expiration date.

    For AD reads, use the service accounts identity, not impersonation.

    Relevant blog post:
    https://www.steadyblog.com/microsoft-identity-manager-sp1-pam-rest-api-requests-either-fail-with-http-404-or-500-when-calling-remotely/

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support Managed Service accounts in PAM Powershell Cmdlets

    Managed service accounts cannot use (all) the PAM Cmdlets correctly.

    Get-* Works

    But creation does not work; Why:
    - The source code assumes the caller is a user when it tries to resolve its sid (to populate the creator id in MIM)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  9. AD Attribute Info (AKA Notes) for Groups should be sync to Cloud and Available to Exchange Online.

    The AD Attribute Info (AKA Notes) is currently synced for Users but not for Groups. The companies I have worked before made heave use of it and surprise no one else complain. Also, its a field available in the GUI. I would think all attributes exposed via the GUI should have been synced.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure Identity Protection Alerts progamability

    Enable us to send Azure Identity Protection alerts to an external entity such as our SIEM. At the very least expose these alerts via powershell, bonus points if you allow us to send them through an EventHub similar to AzureAD Logs.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Show Azure AD Connect sync server IP address in Azure

    It would be good if the IP address for Azure AD Connect server would be shown in Azure. This could be shown for example in Azure AD Connect Health (sync server properties).

    Additionally, the IP address field is <null> in the sync account's audit log. The sign-in logs are empty for the account.

    The motivation for this was protecting the sync account with conditional access using IP-based rules. While one can find the sync server public IP by other means, it would be logical to show it in Azure.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enable Azure AD to actually govern Azure VM's without on-premise Domain Controllers

    We started with O365 - great.

    We added an Azure RDS VM to run Sage and added it to the Azure AD - great.

    We wanted Azure AD to govern our O365 users logging into the Azure RDS VM - which it does, sort-of...

    We have the password policy in Azure AD configured to "Never" expire - we do annual password resets.

    Turns out the Azure VM does not get the never expire information from the Azure AD instead its has a default 90 day expiration policy which can't be changed because there is no Domain Controller the VM talks…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Intune for B2C , Same as AADB2C is for AAD

    Azure AD is good for Enterprise internal , Azure AD-B2C for enterprise customer , i realy want an Intunes Version for B2C , we don't want to depend to store provider to publish app in a specifc environnement

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow P2 license to be assigned even if P1 already exists. And vice versa

    When assigning two different plans the "largest" should take precedence instead of throwing an error and requiring manual intervention

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Licensing  ·  Flag idea as inappropriate…  ·  Admin →
  15. Activar la confirmación de entrega y lectura

    Como activo confirmación de entrega y lectura

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  16. Reset Password confirmation message?

    When local B2C user forgets their password and has to reset it there is no confirmation message to let the user know that they have updated their password.

    Steps:
    Open portal
    click on Sign in option
    1. click on Forgot option
    2. enter email and click on Send verification code option
    3. enter verification code and click on change password option
    4. Enter new and Confirm new password and click on Continue button

    password is updated and the users redirected to the sign in page without any confirmation.

    Can a message be added before the redirect to let the user…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  17. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add service principle (app registration) to AD roles like Application Administrator

    We need this for automation to have rights to buildout web apps.
    Would like a way to add a service principle (app registration) to specific roles like Application Administrator. I understand there is a programmatic way but I was unable to find PowerShell examples I could follow.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  19. Assigned license column for users and groups in AAD

    When viewing users and groups in the AAD console directory listing, please make a column available that lists out the assigned licenses like in the O365 Active User console. This would help ID impact of changes at a higher level without having to drill in to the group.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  20. remove company branding background overlay

    If you configure company branding and set a background image, there will be a grey overlay which breaks all colors. White will be grey and blue is nearly black.

    CSS
    .background-overlay {

    background: rgba(0,0,0,0.55);
    

    Remove that overlay and provide more possibilities for company branding.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base