Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. PIM (Privileged Identity Management). We have a need to

    Similar to PIM - Different policies for one role.

    In this case, two users: both are put into the "eligible" list in the same role. One requires a request to be accepted by a manager. The other is automatically granted the request when he "activate" his role.

    Currently, to do this, one user has to be permanently in the "active" tab, and the other has to be in the "eligible" tab.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  3. option for 2-factor authentication

    Allow EMAIL as an option for the 2nd part of the authorization process!
    Banks allow the option to text or email, get with the show.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Make it easier to delete Tenant

    I am about to delete my Tenant, but the licence based subscriptions are held by an partner. As by now I have to call them or send an email manually to them so they can delete The license-based subscriptions.

    Can you please make an option button inside the product & services - licences panel (managed by partner) to send a automated request to them to delete and set in delete state so I don´t have to call the or send email manually with delete order? :)

    Tom.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  5. Ability to disable "Don't know" as an option

    Ability to disable "Don't know" as an option. For some access reviews we want reviewers to either "Approve" or "Deny", but not have the option to select "Don't know".

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  6. NTLM Windows integrated Authentication

    Currently we have an API that works with NTLM negotiation and that would be great to have it behind an App Proxy but there is at this moment no support available.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  7. Fix Conditional Access exclusions Office365 Apps and Web Entry points.

    In the document: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps#office-365, It says that:

    "The Office 365 app makes it possible to target these services all at once. We recommend using the new Office 365 app, instead of targeting individual cloud apps to avoid issues with service dependencies. Targeting this group of applications helps to avoid issues that may arise due to inconsistent policies and dependencies.

    Administrators can choose to exclude specific apps from policy if they wish by including the Office 365 app and excluding the specific apps of their choice in policy.”

    However, when you create the exclusion for other apps, like PowerApps, Teams,…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Please Add DeviceTrustType to the attributes Dynamic Groups can leverage for filtering

    Please Add DeviceTrustType to the attributes Dynamic Groups can leverage for filtering

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  9. AD Connect Allow more than 99 Custom Rules

    We are hitting the limit of 99 custom rules allowed. Please add space for another 100 rules expand this block to 0-199

    User Case: With 50 Forests this allows only 2 custom rules per forest.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add AppId for application that the user is signing in SignIn Logs.

    It would be nice to have a column added to the Audit Logs to capture the application Id. We use azure B2C to authenticate to our web application. To capture signin attempts for out specific application in the SignIn Logs, we would need a way to filter the SignIn logs so that we can find attempts for the specific app. A potential solution, is to add a column in the SignIn Logs to add information for the the application the user is signing into.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure Devop Roles for PIM to control

    Currently, using Azure Devops with PIM is not supported at the moment.

    We can connect our Active Directory to Azure Devops; but not really control the users; as it is managed via the Devops Administrator.

    Right now only one Azure Devop Admin role exists in AAD; with which you can't manage much in Devops; except the AAD Policy in the Organization Settings.

    Why not to to add the Azure Devop Roles like Project administrators
    , Project Contributors and Project Readers in Azure Active Directory; so one can enforce the PIM concept also to the the Azure Devops Tenants environment.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Remove links to non-interactive logins

    As per documentation: "Identity Protection evaluates risk for all authentication flows, whether it be interactive or non-interactive. However, the sign-in report shows only the interactive sign-ins. You may see risky sign-ins that occurred on non-interactive sign-ins, but the sign-in will not show up in the Azure AD sign-ins report."

    https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk#risky-sign-ins

    This leads to "dead" kinks in the alert interface. This again leads to confusion and lack of trust in the product. Further as not all relevant login can be inspected, a meaningful verdict is impossible, and therefore false positives can't be trained out of the system. I have been informed…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. restricted area access

    there must be an alternative to calling/texting to attain the pass code.
    many work in areas that bar, believe it or not, electronic devices. in the large office complex i work in (15k-20k people), all electronic devices are secured in boxes in the corridors. to attain codes on mobile devices we must close our computers, go to the corridor, retrieve the mobile phone, go to where there is signal, attain the pass code, and the reverse the process to get back to the desk to sign into CVR.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. give me ideas about website

    great post. natashaescortservices.com

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  15. Audit Logs - Entitlement Management, logs and graphAPI

    When a user requests a two-stage approval access package, a log entry gets created with the details, and an accessPackage GUID gets assigned to it in the [targetResources].
    When the first stage approves the package, a log entry gets created again, saying that a package was approved.
    However, the log entry has a targetResource GUID that is different from the first entry. It belongs to an accessReview.

    They both return the same data, however, because the second GUID is different, there is no way to search what package the first stage approval belongs to.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Entitlement Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. I have an application that not accept "@" in the username, I would like to replace this for an other character in the SAML Claim

    I have an application that not accept "@" in the username, I would like to replace this for an other character in the SAML Claim

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  17. Improve CRM workflow

    Please contact me as I would like to advise ways to improve the user experience:

    I would like to advise that I am using a CRM application at work,. but find it exceptionally frustrating as the system is not designed well and there is a lot that you can do to improve the user experience.

    Is there a way that the user experience and work flow is designed better?

    For example: In one area of the free type input boxes, it is possible to autocorrect wrong spellings in the back end when I type up the guest notes on their…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  18. Authentication issue

    How to get resolve this isue for my work school acount:

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. role to create and delete accounts

    We need a role that would be able to add/create and delete users , limited to one group or other sort of container

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  20. Automatic revalidation of Registered APPs on Azure AD

    Hi Team,

    We are trying to implement a governance policy to all the registered APPs into our Azure AD environment and it will be really great if you could help us to do through some automatic revalidation process and management of Disabled Applications.

    FYI I have submitted a Microsoft Support Case 120070823002186 for it but it looks like it is not possible to do so and hence based on the suggestion received from assigned support personnel I am putting my idea here to see if could help us to get some alternative option.

    I have downloaded a spreadsheet from Azure…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base