Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Security Bug: Please Fix Bug Application Delegation Bug Lingering Active Directory Delegation

    If application registration has Active Directory delegation it would NOT remove the Active Directory delegation behind the scenes even after removing all delegations.

    I need to remove all application delegations, Save and then add a new non-active directory delegation and Save again in order to limit who can access the application and/or web service.

    This is a issue as if there is any application that uses OAuth 2.0 and gets a token where the the "audience" | "aud": "00000002-0000-0000-c000-000000000000" it will have access to any application without restrictions of delegation rules if this lingering active directory access is behind the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Identity synchronization and duplicate attribute resiliency issues

    We receive an email every 30 minutes when an account has a duplicate and or Azure Synchronization error. We thought that after the first error that the error would be quarantined and viewable in the Dirsync error status within Office 365 admin center. I have not seen this happen once yet. Also, When I put in individual email addresses into the Azure portal for notification those email addresses do not receive notification. Only the technical contact get an email. I attached a screenshot of where I put separate email addresses.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  4. Federate with on-premises identities

    We are working on a strategy to move from on-premises AD RMS to Azure IP; however, we have encountered a blocker in our migration strategy: Azure IP cannot authenticate a user not located in an Azure AD tenant. In this scenario, we have implemented AD RMS in a resource forest and account forest scenario. The resource forest contains AD RMS, the protected content, AD FS, and contact objects of the users in the account forest. The account forest contains the user objects and uses Ping to federate with the resource forest. These user accounts can use any email address suffix…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  5. Office iDFix tool - some column widths cannot be adjusted

    When using the Office iDFix tool - columns cannot be adjusted to prepare an AD for Azure Sync, the result table can be flexible adjusted for nearly all columns but the first 2 from the left that is DN.

    Especially the DN is very long and it is not helpful that you cannot adjust the width there.

    also when clicking on DN the DN will be incorrectly sorted (not by OU / path / alphabetical)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  6. Office iDFix Tool will not notify about incompatible displaynames

    Problem:
    there is a technet document about the known limitations for Group names (255 char long, no dots allowed etc) but idFix will not flag them as errornous if they violate these rules.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  7. Obj-Browse Method

    Obj-Browse Method:

    Use the Obj-Browse technique to go looking instances of one class and copy the entire instances, or specific properties, to the clipboard as an array of embedded pages.

    simplest residences exposed as columns may be used as choice criteria. but, values of homes that aren't uncovered as columns, which includes embedded houses, may be lower back.

    The Obj-Browse technique has the subsequent parameters

    -page name: input the name of the vacation spot web page to incorporate seek outcomes. The gadget uses Code-Pega-list because the class of this web page.

    -ObjClass: perceive a class to look. you could search…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Adding MFA to Skype

    It would be great to allow MFA on Skype for Business as I always get an error when it is active. However, I am able to access it when it is de-activated.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. https

    I'm using Azure B2C directory and Azure functions. B2C is only allowing HTTPS callbacks. Which is a bit too strict. There is one usecase where it is not necessary:

    I have a single web page application and the token is returned using html anchors. (#hash). The connection to B2C is under https, so as the redirect directive when the authentication was finished.
    Then the next GET won't include the part of the URL after the #, so it will never leave the browser, only the app could read it (then redirect away from it).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  10. Domain Services - Ability to add non-Admin users to Remote Desktop Users group

    It appears I am unable to manage built-in security groups at all. I would need this capability for Domain Services to work for us.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  11. Retrieve / pass through the profile data from the identity provider's profile

    If attributes also available in Azure AD B2C are set in the identity provider's profile, copy them to the Azure AD B2C profile. E. g., the address set in the Google profile.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  12. Words Windows (Mobile Application) idea 41

    phpBB Better Safe Harbor Complaints

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. MyApps iOS - Ability to trigger Safari browser

    When browsing in a web app that contains a PDF. Users cannot download the PDF, because of the limited options in the MyApps browser within the iOS app. Adding the ability to either open in Safari or include the share button to connect with other apps on the device would be helpful so users can download and share a PDF.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add Contributing MA to CSExport when staging Azure AD Connect

    When in Staging mode in Azure AD Connect it would be very helpful to know the Contributing MA for the NewValue in the CSV created by csexport.exe and csexportanalyzer.exe.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure Media offerings publicizes Media Analytics and plenty extra at IBC 2016

    Microsoft Azure, the cloud platform, has recently taken a few main steps as a media offerings issuer. The platform proved its potential to address high volumes of labor when it performed the report streaming of Rio Olympics 2016. On September 12, 2016, the Microsoft Azure Media services crew announced its choice to end up a part of the upcoming IBC Hackfest.

    The bulletins made by the Azure Media services were as follows:

    Multi-DRM:

    Azure just recently announced that it'd also be imparting the Apple Fairplay Streaming DRM service. With this, Azure Media offerings will now offer services for all principal…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add ability to select Windows Store as a platfrom when registering a new app in the App Registration Portal

    You should be able to add Windows Store as a platform when you add a new app in the app registration portal (https://apps.dev.microsoft.com/#/appList)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add WebHooks to Azure IDP Alerts or Integration with OMS

    I would like the opportunity to integrate with Azure AD Identity Protection alerts through WebHooks called directly by AAD IDP when an alert is triggered and meets the threshold defined at /Microsoft_AAD_ProtectionCenter/IdentitySecurityDashboardMenuBlade/Alerts/ or by integrating Operations Management Suite (OMS) with AAD IDP, perhaps as future functionality in an existing OMS Solution like Security and Audit. This functionality would allow an administrator to, for example, have alerts posted to a Slack channel via the WebHook URL of a Slack Custom Integration configuration.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Need a way to provide group memberships during account provisioning

    We have created a custom app with no SSO and only account provisioning enabled. We have implemented a web service exposing SCIM (2.0) endpoints Our web service gets the users and groups. But the user objects are missing 'groups' SCIM attribute (memberof). And while the group objects have the attribute 'members', it is empty.

    We need a way to get group memberships of users.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add a 3rd option to 'reset password due to password expiry'

    Add a 3rd option to 'reset password due to password expiry'

    The poor use of english is confusing users

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  20. password

    The current SSRPT does not give a 3rd option to enter a new password because its expired (90day policy) it currently provides 1. I have forgotten 2. I know my password but i cant login (unlock feature). This is language issue is causing a lot of confusion to our user.

    The site also needs to return a meaningful error msg when the user is unable to reset the password.. not a generic one like whats available today.

    Finally it will be handy to have listed when i last logged in successfully or failed attempt using my password..

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base