Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. Put a refresh on the AAD Connect OU selection screen.

    Put a refresh on the AAD Connect OU selection screen.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  3. Detect if Managed Identity is enabled on VM

    It is possible to detect if an existing VM has Managed Identity enabled? All code samples for enabling on existing VM only shows how to use the Set-AzVm cmdlet, but not how to detect if it was enabled in the first place!
    This feature would be handy if you for example wanted to set New-AzRoleAssignment only if VM uses Managed Identity

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add a find and replace Claims transformation for collection type

    The issue faced:
    We got a string collection claim that holds some preset GUID returned from an Azure AD tenant.
    We wanted to map this GUID into another values so that the GUID will get translated into a readable text. Currently there is a similar string claims transformation: LookupValue, but there is no similar claim transformation for string collection type.

    Currently we can solve this issue by adding a helper Rest API endpoint to do this conversion, but it will be helpful that the custom policy natively supports this claims transformation.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support POST OpenID Connect authentication requests

    Supporting POST authentication/authorization requests is not mandatory for clients, but would be a nice addition if I wanted to use idtokenhint without being it captured in server logs in the referer header response.

    >Authorization Servers MUST support the use of the HTTP GET and POST methods defined in RFC 2616 [RFC2616] at the Authorization Endpoint. Clients MAY use the HTTP GET or POST methods to send the Authorization Request to the Authorization Server. If using the HTTP GET method, the request parameters are serialized using URI Query String Serialization, per Section 13.1. If using the HTTP POST method,…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. when we are able to login the Microsoft account in mobile phones using bio metric, why can't you provide same bio-metric authentication for

    when we are able to login in the Microsoft Authentication App. using the Microsoft account (xyz@hotmail.com) in mobile phones with bio metric Authentication, why can't you provide same bio-metric authentication for PC signing In. the option using Microsoft account signing In is already available, additional requirement is signing using. Mobile signing In using Microsoft Authentication App. For this additionally you have to provide the mobile Icon in the login Screen in windows 10 OS.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. Poor experiencing

    Been trialling B2C directory for a month and have to say it has been a disappointing experience. We had a number of issues deleting unused tenants and have been in contact with Azure support for over a month. Even now these issues are still unresolved. It feels the platform as a whole is immature. We have decided to stop evaluating Azure as our cloud platform.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  8. Include Conditional Access in Microsoft 365 Business

    Include Conditional Access for Microsoft 365 Business customers without Azure Premium subscriptions.

    Right now, a lot of the compliance features that comes with the intune in M365 Business are useless because they cannot be enforced via Conditional Access, because CA is not included in the business edition of Microsoft 365.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow App Owners to approve permission requests to their own application

    We would like to use Azure AD as our authentication and authorization framework for all APIs, however, one issue we believe we have run into is the requirement that an Administrator must approve all Application only requests (vs the expected below).

    Scenario

    Our company has two app registrations
    - Business API 1
    - Scope: Feature.Critical (application role)
    - Business API 2

    Business API 2 requests Application only Feature.Critical permission of Business API 1.

    Expected Result

    The Azure AD App Owner(s) of Business API 1 are the SMEs for this permission knowing best what data and functionality may be released. The…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  11. How to fix my outlook not accepting password

    Get outlook not accepting password solution via the technical support phone number experts as my outlook not accepting password in windows etc.For solution call 1855-345-8210 toll free number for help.

    https://www.outlooktechnicalhelpline.com/outlook-not-accepting-password/

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  12. Prevent users from adding mailbox rules

    Ability to disable end user's ability to create mailbox rules. Would be nice to have when an account breach happens and you want to lock this capability down to prevent malicious 3rd parties from creating rules and hiding email responses.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  13. Enable Groups (AAD or Synchronized) to be members of AAD Roles

    For AAD roels, ie Security Admin, allow Groups to be added. Currently only Users can be added through the portal.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  14. Face id

    Rien avec FaceId, plutôt qu’un système de codes compliqué ? C’est pas très top

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. Better instructions for choosing password in the AAD B2B Redemption Page

    Provide better error information or apply password policies so that the users do not create a weak password in the B2B redemption page scenario as explained in the below link.

    The password rules mentioned here[https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts] are not available to the user while choosing the password, as a result, the page throws an error with no specific error information or work around.

    https://stackoverflow.com/questions/55592569/password-complexity-issue-with-b2b-invitation-redemption-page/55603737#55603737

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

  16. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  17. Reply URL property for SAML configuration should allow to set url with "http" prefix

    Specification of SAML protocol doesn't require that reply url should be only with "https"prefix and many of intranet applications can have "http" prefix so I don't understand this limitation.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  18. meci

    merci

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  19. I work for BP Shipping. We do not have normal phone link. Why not use what's app?

    Use what's app for ship's who are sometimes 1 month away from land and normal mobile link un-available.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  20. It’s so new of the products for me to used, it seems have a lot more useful than others normal mails, I will let you know that Soon again.

    It’s so new to me, I don’t even receive the first mail yet, but I will let you all know that later please. Thank you so much to helping me to set it up. I’m sure it very useful mail for me to the futures. Love xoxoxo

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base