Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Identity risk Graph

    Allow methods for dismissing identity protection risk events from Graph.
    Currently it seems that you can get them, but that's about it.
    Being able to close them as well allows for meaningful automation.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. MFA whitelist for NPS

    We need to be able to whitelist IPs so they are excluded from azure MFA when the users are connecting to RDS and NPS forwards requests to MFA.

    Scenario:
    We need to set up RDS environments where users who are connecting from the internet are provided with Multi-factor authentication, but with the possibility to bypass MFA when connecting from specific IP-addresses.

    The MFA-part is working, however, we need to be able to bypass MFA for specific IP-addresses which is impossible at the moment.

    This is business critical for our clients.

    Thank you

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. meci

    merci

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  4. I work for BP Shipping. We do not have normal phone link. Why not use what's app?

    Use what's app for ship's who are sometimes 1 month away from land and normal mobile link un-available.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. It’s so new of the products for me to used, it seems have a lot more useful than others normal mails, I will let you know that Soon again.

    It’s so new to me, I don’t even receive the first mail yet, but I will let you all know that later please. Thank you so much to helping me to set it up. I’m sure it very useful mail for me to the futures. Love xoxoxo

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. develop granting permission

    I just have some suggestion for Azure , if there was a feature ,wizard or any tools to assist administrators with detecting which access is applicable for something it would be wonderful .

    For Example administrator checks the permissions user needs in detail and that tools shows the proper role or permission .

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  7. Recycle Bin for Groups

    Was wondering why there are no Recycle Bins for Groups in Azure AD. Users have a Recycle Bin
    Without the use of Powershell or disabling Azure Tenant Sync there is no way to convert or orphan an on-prem Distro group to In Cloud

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Groups/Dynamic groups  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow MFA via Email for external vendors

    The current MFA tools are tied to a device that a 3rd party would likely take with them if released from their employer, which poses a high potential for a security risk. If email based MFA was allowed for vendor access, then emails would be sent to a corporate mail server ensuring that the employee was still employed.

    I understand the argument that sending an email to the account you're trying to access is poor security posture, but if it is being send to a different domain, that risk should be mitigated and overall a better security mechanism.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Implement method to delete device information from Access Panel

    If user provisioned Windows Hello for Business on a device, the device is displayed on the Access Panel of the user.
    Even user dis-provisioned from that device, the device information will not be deleted from Access Panel.
    Currently, we do not have a method to delete this device ifnormation.
    Customer would like us to implemment a method to delete this device information.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure Active Directory Domain Services Identities and Server Roles

    I was recently hired by a company and inherited a messy IT infrastructure. The business has an on-premise server running two VMS, one is Windows Server 2003 and the other is Windows Server 2012. We have 13 offices throughout the U.S. but no way to connect all offices to a centralized domain/location. The on-premise server only hosts the users at our corporate office. I would like to join all the computers at my company to the domain at corporate, but we do not currently have the infrastructure to create a traditional on-prem environment (Sonic walls, VPNs, etc). I am considering…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Keeping guest account in the inviting AAD updated with changes made in the user's home AD

    We're collaborating with an external party on a project and have invited around a 100 users of theirs as guest users in our AAD. The external party recently migration to another email domain. The good news is that this change didn't impact their ability to SSO into SharePoint and other O365 products. The only downside we found is that the user name filed of the guest account in the inviting AAD still had the original email.

    In summary, users added pre-migration have the old email domain suffix and users added post-migration have the new email domain suffix. I would be…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  12. Fix MSAL-Angular library

    Currently, the Angular implementation of the MSAL client library is not synced up with the main branch of MSAL and is broken when using Microsoft Internet Explorer. I hate IE but 70% of our users are stuck on it. PLEASE FIX.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Do not require a person to scan a QR code using the device that they are attempting to register

    I’m trying to access using my mobile device. The app wants me to scan a QR code to register the device. Guess what? I cannot scan a QR Code that is on the screen of the device - with the app - using that same device. As it happens, I also can not look myself in the eyes.

    Even worse, I can already access my Outlook, I just can’t see my folders with unread emails - populated via rules. All I want to do is see my emails and this Authenticator app pops up and won’t let me see anything…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Make Graph calendaring less confusing with respect to time zones

    When sending in datetime to Graph, it accepts an iso8601 which has a timezone offset, but then there is a timezone field that is simply ignored. For a post, we think it shouldn't be in the payload and definitely shouldn't be in a get especially if it's required.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Update MS Graph so that users endpoint supports the $search Odata filter

    Need $search support in the /users endpoint. Right now, it only works in /people and /message

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Update Graph Explorer to support removing permissions

    In the Graph Explorer, you can't remove permissions, which makes it harder to explore which scopes do what.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support "contains" string operator in OData parameters of Microsoft Graph

    Need support for "contains" string operator in OData parameters of Microsoft Graph

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. ContainerInclusionList

    Would like to fully script AADConnect install and config ... can get lists (attributes, objecttypes, ContainerExclusionList, etc), but do not see how to use PS to add these items to a new install so Staging would match Prod. For now, all handled manually.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  19. Guest Account Expiration Date

    Add the ability to mark an expiration date on guest accounts. Once the expiration date has passed, it should automatically unable to login to resources in the tenant (similar to the block sign it bit on a member account)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add the ability to switch the directory for Access to Azure Active Directory (0110P) subscriptions

    There is no option to change directory for Access to Azure Active Directory subscriptions (0110P) following steps here: https://docs.microsoft.com/en-gb/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory - this option was available in the classic portal.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base