Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sort out your menus

    So all I want is to find the azure milti factor portal.. it's not here.. mmmm.. so I google it and I have to sign in the classic portal. Why ? Fix it.. oh - couldn't find the portal anyway so total waste of my time. Fail Microsoft and we pay you for hundreds of licenses for O365 and this is what I have to deal with.

    Azure is marketed a lot but I have no interest in actually doing anything with it. I also tell my guys not to bother with any Azure certification because its still a beta…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  2. No photo available in myapps application panel

    The AAD Application panel is making use of the AAD thumbnailphoto attribute. In most environments this is a different photo as the O365 photo.

    It would be a good end user experience to provide AAD admins functionality to configure which photo can be used: O365 photo (can be set with Outlook web, Skype or Delve) or the AAD photo (which can be synced from AD on prem and is also current behavior).

    The other option would be to provide an option to sync O365 photo to AD on prem, which then would sync back to AAD. Less preferred in my…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  3. Minimum Length of App in registration portal is not consistent

    Minimum Length of App in registration portal is different when you use the Let us help you get started method and when you create without guided setup.

    "Let us help you get started" method for registering a new app in the Registration Portal allow App name less than 4 characters.
    If you add an app without the guide setup and if it has less than 4 characters in its name, it does not allow you to save you modification without any error message.

    It take me 4h to understand why I could not save the App modification or create an…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  4. Security Bug: Please Fix Bug Application Delegation Bug Lingering Active Directory Delegation

    If application registration has Active Directory delegation it would NOT remove the Active Directory delegation behind the scenes even after removing all delegations.

    I need to remove all application delegations, Save and then add a new non-active directory delegation and Save again in order to limit who can access the application and/or web service.

    This is a issue as if there is any application that uses OAuth 2.0 and gets a token where the the "audience" | "aud": "00000002-0000-0000-c000-000000000000" it will have access to any application without restrictions of delegation rules if this lingering active directory access is behind the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Identity synchronization and duplicate attribute resiliency issues

    We receive an email every 30 minutes when an account has a duplicate and or Azure Synchronization error. We thought that after the first error that the error would be quarantined and viewable in the Dirsync error status within Office 365 admin center. I have not seen this happen once yet. Also, When I put in individual email addresses into the Azure portal for notification those email addresses do not receive notification. Only the technical contact get an email. I attached a screenshot of where I put separate email addresses.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  6. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  7. Federate with on-premises identities

    We are working on a strategy to move from on-premises AD RMS to Azure IP; however, we have encountered a blocker in our migration strategy: Azure IP cannot authenticate a user not located in an Azure AD tenant. In this scenario, we have implemented AD RMS in a resource forest and account forest scenario. The resource forest contains AD RMS, the protected content, AD FS, and contact objects of the users in the account forest. The account forest contains the user objects and uses Ping to federate with the resource forest. These user accounts can use any email address suffix…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  8. Office iDFix tool - some column widths cannot be adjusted

    When using the Office iDFix tool - columns cannot be adjusted to prepare an AD for Azure Sync, the result table can be flexible adjusted for nearly all columns but the first 2 from the left that is DN.

    Especially the DN is very long and it is not helpful that you cannot adjust the width there.

    also when clicking on DN the DN will be incorrectly sorted (not by OU / path / alphabetical)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  9. Office iDFix Tool will not notify about incompatible displaynames

    Problem:
    there is a technet document about the known limitations for Group names (255 char long, no dots allowed etc) but idFix will not flag them as errornous if they violate these rules.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  10. Adding MFA to Skype

    It would be great to allow MFA on Skype for Business as I always get an error when it is active. However, I am able to access it when it is de-activated.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. https

    I'm using Azure B2C directory and Azure functions. B2C is only allowing HTTPS callbacks. Which is a bit too strict. There is one usecase where it is not necessary:

    I have a single web page application and the token is returned using html anchors. (#hash). The connection to B2C is under https, so as the redirect directive when the authentication was finished.
    Then the next GET won't include the part of the URL after the #, so it will never leave the browser, only the app could read it (then redirect away from it).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  12. Domain Services - Ability to add non-Admin users to Remote Desktop Users group

    It appears I am unable to manage built-in security groups at all. I would need this capability for Domain Services to work for us.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  13. Retrieve / pass through the profile data from the identity provider's profile

    If attributes also available in Azure AD B2C are set in the identity provider's profile, copy them to the Azure AD B2C profile. E. g., the address set in the Google profile.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  14. MyApps iOS - Ability to trigger Safari browser

    When browsing in a web app that contains a PDF. Users cannot download the PDF, because of the limited options in the MyApps browser within the iOS app. Adding the ability to either open in Safari or include the share button to connect with other apps on the device would be helpful so users can download and share a PDF.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add Contributing MA to CSExport when staging Azure AD Connect

    When in Staging mode in Azure AD Connect it would be very helpful to know the Contributing MA for the NewValue in the CSV created by csexport.exe and csexportanalyzer.exe.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  16. Azure Media offerings publicizes Media Analytics and plenty extra at IBC 2016

    Microsoft Azure, the cloud platform, has recently taken a few main steps as a media offerings issuer. The platform proved its potential to address high volumes of labor when it performed the report streaming of Rio Olympics 2016. On September 12, 2016, the Microsoft Azure Media services crew announced its choice to end up a part of the upcoming IBC Hackfest.

    The bulletins made by the Azure Media services were as follows:

    Multi-DRM:

    Azure just recently announced that it'd also be imparting the Apple Fairplay Streaming DRM service. With this, Azure Media offerings will now offer services for all principal…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add ability to select Windows Store as a platfrom when registering a new app in the App Registration Portal

    You should be able to add Windows Store as a platform when you add a new app in the app registration portal (https://apps.dev.microsoft.com/#/appList)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add WebHooks to Azure IDP Alerts or Integration with OMS

    I would like the opportunity to integrate with Azure AD Identity Protection alerts through WebHooks called directly by AAD IDP when an alert is triggered and meets the threshold defined at /MicrosoftAADProtectionCenter/IdentitySecurityDashboardMenuBlade/Alerts/ or by integrating Operations Management Suite (OMS) with AAD IDP, perhaps as future functionality in an existing OMS Solution like Security and Audit. This functionality would allow an administrator to, for example, have alerts posted to a Slack channel via the WebHook URL of a Slack Custom Integration configuration.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Need a way to provide group memberships during account provisioning

    We have created a custom app with no SSO and only account provisioning enabled. We have implemented a web service exposing SCIM (2.0) endpoints Our web service gets the users and groups. But the user objects are missing 'groups' SCIM attribute (memberof). And while the group objects have the attribute 'members', it is empty.

    We need a way to get group memberships of users.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add a 3rd option to 'reset password due to password expiry'

    Add a 3rd option to 'reset password due to password expiry'

    The poor use of english is confusing users

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base