Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Authenticator behavior under different conditions

    It is very difficult to understand and to explain to users under what conditions they will be prompted from the Authenticator App for the following:


    1. Simple (Approve/Deny) challenge

    2. Number matching challenge

    3. True passwordless sign in

    Can you create a simple table that explains the criteria for each of the 3 scenarios. If you can also include what steps are required by admins and users to clearly achieve each that would also be very useful.

    Thank you!

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Specify "prompt" parameter in OpenID Connect provider (B2C)

    We've followed this guide (https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-oidc-azure-active-directory) to configure B2C and AAD integration and It seems that by default "prompt" is set to "none" and users (if they've logged in before) are logged in automatically without presenting "select account screen" and/or ability to enter another account credentials. This is a bit misleading as the user should have the ability to (at least) enter other credentials if they don't want to login with the existing one.

    If there a way to add "prompt" parameter for custom OpenID providers? (official OpenID documentation, where this parameter is refered https://openid.net/specs/openid-connect-core-1_0.html)

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  3. Alert about expiry of Kerberos keys

    As keys have to be rolled over manually we are keen to find some way of the the tenant sending an alert (email) when the keys need rolling over. At the moment getting the date right requires manual set up on our side. It would be helpful if the tenant could provide an alert by email to say that the keys are due to be rolled over - say 5 days before it needs to happen.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  4. We need to set Alert in Conditional Access Policy if someone successfully access from Outside India if policy violates.

    We have Conditional Access Policy to restrict users if someone access from Outside India MFA should be triggered. This policy is working fine but if someone successfully hack the user account and Successfully Login from Outside India, alert should be configured but alert configuration option is not available in Azure. Please add this option which will improve the user experience.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. AADDS allow multiple managed domain scoped views

    It would be nice to have for the following reason.
    One single Azure AD. Each branch could have it's own domain via a AADDS Managed Domain with Scoped view.

    This would be for the same tenant, same subscription. or same tenant different subscription.

    This way each branch office could manage there own users in their own scoped domain, but the AAD would maintain the identity

    Think of it like views in MS SQL..

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  6. This authentication app

    the authentication app makes me frustrated. More passwords, codes, sms, devices. Make proper software and do not change procedures each time. i am not a software guy and i do not be one. 2 way verification is safer than 1...duhh. You can make 1000 way verification which is even more safe but not workable.
    I have a pc, need to log in with a password. When i want to see my company account i need a VPN with again a password.
    Than suddenly i see that i need Microsoft verification with this app.
    This app doesn't work when i needed.…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support Emitting objectGUID for Group Claims

    Currently you cannot emit a group objectGUID as a group claim even if you are syncing it as a directory extension via Azure AD Connect. This should be a claim type that is available with the group claims feature.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. create new AAD - region is unclear

    When creating a new "Azure AD", the wizard asks to select a region or country - but the products page states that Azure AD is non-regional. it is not clear why a region must be selected

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Directory  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow Scope Filtering Based On Group Type

    It would be very useful to allow for scope filtering of groups by Group Type. Currently, there's no easy way to filter out groups based on whether they're Office, Distribution, Security, etc.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning to Applications  ·  Flag idea as inappropriate…  ·  Admin →
  10. Limited Password Reset Admin rights for specified groups.

    We run an Azure tenant for our private school district with 29 schools across the state. We need the ability for individual(s) at each site to have the authority to reset passwords of student (members of a specific security group) at that location without having the rights to reset the passwords of users at other sites or of our superintendents.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  11. Managing a tree structure for Azure Active Directory Users

    It would be good to have a tree structure while viewing the users in azure active directory.

    For example, to have a clear distinction between two colleagues who belong to two different departments. This will also help to manage the third-party developers.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow the customization of non-compliance message in Azure policies

    Allow the customization of non-compliance message in Azure policies.
    When clicking on the compliance detail of a policy assignment the message underneath "Reason for non-compliance" currently for example says: "Current value must be like the target value." It would be great if this would be customizable.
    Thank you

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Delegate a user to be able to reset passwords for only a group of users, but not all users.

    We are a college and have a student helpdesk that needs the ability to reset student passwords but we do not want them to be able to reset passwords or access the staff and faculty accounts. Being able to assign these helpdesk users as administrators over a student group similar to Active Directory would be great.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Defining the Azure Active Directory (AD) attributes similar to how the Active Directory (AD) attributes are defined

    In the same fashion that there is on-line documentation that defines the Active Directory (AD) attributes would like to have on-line documentation for Azure Active Directory (AA) attributes that give full definitions as well. The attributes that would like to have the definitions given for are as follows of:

    cloudAnchor

    cloudLegacyExchangeDN

    cloudMSExchRecipientDisplayType

    cloudSOAExchMailbox

    cloudSourceAnchor

    cloudMastered

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure / Intune third party app integration for subscription based apps

    Hello,

    I work with a software development company on a mobile applications team which produces an iOS / Android app. This app is used extensively both recreationally and commercially for field data collection.

    Many of our larger enterprise clients already utilize MDM's such as Intune, and have shown interest in accessing and distributing our app to team members through such an MDM.

    I have spoken to both Intune Support Engineers and Azure Authentication specialists about a specific technical use case regarding in-app subscription integration. Our app utilizes subscription based registration for access to premium app tools and features via a…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/38767417-can-we-release-a-powershell-cmdlet-for-hide-appli

    We were automating the publishing of apps but there is one thing which we could not find a cmdlet for is "can we release a PowerShell cmdlet for "Hide applications from end-users in Azure Active Directory"

    This is not exposed via Powershell

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  17. portal.azure.com icon should indicate kind of account login

    When I log into partner centre with my work account I can see the dogtag icon on my profile.

    However when I login to portal.azure.com with my work account I just see a user icon on my profile.

    It would be great if the portal.azure.com icon displayed the dogtag similar to the way partner centre works.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  18. Conditional Access View - Unprotected Application

    Please create a view within Azure Active Directory\Conditional Access that shows all applications that do not have a CA Rule applied. Currently you have to click into each application separately to view if there is a CA Rule applied to that app.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Policy definition read permission deny

    NotAction: "Microsoft.Authorization/policyDefinitions/read" (Get information about a policy definition) :: when I am using this action in not Action and assigning that Custom role to any active AAD user then he should not be able to read ARM policy definition. However, he can read the ARM Policy definition. This is a bug.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow ability to assign multiple management groups to custom role

    In cases where it is not possible to use a common parent over all subscriptions, can Microsoft please allow the ability to assign multiple management groups to a custom role in Azure Active Directory? The option exists to add multiple subscriptions, but when there are over 200 subscriptions, it becomes difficult to administer with 100% accuracy.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base