Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Authenticator behavior under different conditions
It is very difficult to understand and to explain to users under what conditions they will be prompted from the Authenticator App for the following:
- Simple (Approve/Deny) challenge
- Number matching challenge
- True passwordless sign in
Can you create a simple table that explains the criteria for each of the 3 scenarios. If you can also include what steps are required by admins and users to clearly achieve each that would also be very useful.
Thank you!
1 vote -
Specify "prompt" parameter in OpenID Connect provider (B2C)
We've followed this guide (https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-oidc-azure-active-directory) to configure B2C and AAD integration and It seems that by default "prompt" is set to "none" and users (if they've logged in before) are logged in automatically without presenting "select account screen" and/or ability to enter another account credentials. This is a bit misleading as the user should have the ability to (at least) enter other credentials if they don't want to login with the existing one.
If there a way to add "prompt" parameter for custom OpenID providers? (official OpenID documentation, where this parameter is refered https://openid.net/specs/openid-connect-core-1_0.html)
1 vote -
Alert about expiry of Kerberos keys
As keys have to be rolled over manually we are keen to find some way of the the tenant sending an alert (email) when the keys need rolling over. At the moment getting the date right requires manual set up on our side. It would be helpful if the tenant could provide an alert by email to say that the keys are due to be rolled over - say 5 days before it needs to happen.
1 vote -
We need to set Alert in Conditional Access Policy if someone successfully access from Outside India if policy violates.
We have Conditional Access Policy to restrict users if someone access from Outside India MFA should be triggered. This policy is working fine but if someone successfully hack the user account and Successfully Login from Outside India, alert should be configured but alert configuration option is not available in Azure. Please add this option which will improve the user experience.
1 vote -
AADDS allow multiple managed domain scoped views
It would be nice to have for the following reason.
One single Azure AD. Each branch could have it's own domain via a AADDS Managed Domain with Scoped view.This would be for the same tenant, same subscription. or same tenant different subscription.
This way each branch office could manage there own users in their own scoped domain, but the AAD would maintain the identity
Think of it like views in MS SQL..
1 vote -
This authentication app
the authentication app makes me frustrated. More passwords, codes, sms, devices. Make proper software and do not change procedures each time. i am not a software guy and i do not be one. 2 way verification is safer than 1...duhh. You can make 1000 way verification which is even more safe but not workable.
I have a pc, need to log in with a password. When i want to see my company account i need a VPN with again a password.
Than suddenly i see that i need Microsoft verification with this app.
This app doesn't work when i needed.…1 vote -
Support Emitting objectGUID for Group Claims
Currently you cannot emit a group objectGUID as a group claim even if you are syncing it as a directory extension via Azure AD Connect. This should be a claim type that is available with the group claims feature.
1 vote -
create new AAD - region is unclear
When creating a new "Azure AD", the wizard asks to select a region or country - but the products page states that Azure AD is non-regional. it is not clear why a region must be selected
1 vote -
Allow Scope Filtering Based On Group Type
It would be very useful to allow for scope filtering of groups by Group Type. Currently, there's no easy way to filter out groups based on whether they're Office, Distribution, Security, etc.
1 voteCould you please describe the scenario where the specific distribution type is needed as a scoping filter?
-
Limited Password Reset Admin rights for specified groups.
We run an Azure tenant for our private school district with 29 schools across the state. We need the ability for individual(s) at each site to have the authority to reset passwords of student (members of a specific security group) at that location without having the rights to reset the passwords of users at other sites or of our superintendents.
1 vote -
Managing a tree structure for Azure Active Directory Users
It would be good to have a tree structure while viewing the users in azure active directory.
For example, to have a clear distinction between two colleagues who belong to two different departments. This will also help to manage the third-party developers.
1 vote -
Allow the customization of non-compliance message in Azure policies
Allow the customization of non-compliance message in Azure policies.
When clicking on the compliance detail of a policy assignment the message underneath "Reason for non-compliance" currently for example says: "Current value must be like the target value." It would be great if this would be customizable.
Thank you1 vote -
Delegate a user to be able to reset passwords for only a group of users, but not all users.
We are a college and have a student helpdesk that needs the ability to reset student passwords but we do not want them to be able to reset passwords or access the staff and faculty accounts. Being able to assign these helpdesk users as administrators over a student group similar to Active Directory would be great.
1 vote -
Defining the Azure Active Directory (AD) attributes similar to how the Active Directory (AD) attributes are defined
In the same fashion that there is on-line documentation that defines the Active Directory (AD) attributes would like to have on-line documentation for Azure Active Directory (AA) attributes that give full definitions as well. The attributes that would like to have the definitions given for are as follows of:
cloudAnchor
cloudLegacyExchangeDN
cloudMSExchRecipientDisplayType
cloudSOAExchMailbox
cloudSourceAnchor
cloudMastered
1 vote -
Azure / Intune third party app integration for subscription based apps
Hello,
I work with a software development company on a mobile applications team which produces an iOS / Android app. This app is used extensively both recreationally and commercially for field data collection.
Many of our larger enterprise clients already utilize MDM's such as Intune, and have shown interest in accessing and distributing our app to team members through such an MDM.
I have spoken to both Intune Support Engineers and Azure Authentication specialists about a specific technical use case regarding in-app subscription integration. Our app utilizes subscription based registration for access to premium app tools and features via a…
1 vote -
https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/38767417-can-we-release-a-powershell-cmdlet-for-hide-appli
We were automating the publishing of apps but there is one thing which we could not find a cmdlet for is "can we release a PowerShell cmdlet for "Hide applications from end-users in Azure Active Directory"
This is not exposed via Powershell
1 vote -
portal.azure.com icon should indicate kind of account login
When I log into partner centre with my work account I can see the dogtag icon on my profile.
However when I login to portal.azure.com with my work account I just see a user icon on my profile.
It would be great if the portal.azure.com icon displayed the dogtag similar to the way partner centre works.
1 vote -
Conditional Access View - Unprotected Application
Please create a view within Azure Active Directory\Conditional Access that shows all applications that do not have a CA Rule applied. Currently you have to click into each application separately to view if there is a CA Rule applied to that app.
1 vote -
Policy definition read permission deny
NotAction: "Microsoft.Authorization/policyDefinitions/read" (Get information about a policy definition) :: when I am using this action in not Action and assigning that Custom role to any active AAD user then he should not be able to read ARM policy definition. However, he can read the ARM Policy definition. This is a bug.
1 vote -
Allow ability to assign multiple management groups to custom role
In cases where it is not possible to use a common parent over all subscriptions, can Microsoft please allow the ability to assign multiple management groups to a custom role in Azure Active Directory? The option exists to add multiple subscriptions, but when there are over 200 subscriptions, it becomes difficult to administer with 100% accuracy.
1 vote
- Don't see your idea?