Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. Turn off Deep Inspection by default for Cloud App Discovery Agent

    We deployed the Cloud App Discovery Agent to a number of test systems in our IT department, and while we got good feedback, we deployed before it was made obvious that the Deep Packet Inspection feature installed a custom Root CA in each workstation's Trusted Root Authority store. The name on that cert was a random FQDN from our tenant, and confused the heck out of us when we tried to delete what we thought was an unknown cert. We've also found issues when using Cisco's Cloud Web Security suite wherein the custom Root CA was causing problems with the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  3. Notification when getting added to a directory in portal

    Getting added to someones directory doesn't give you any notification. And since the sync takes some time it gives you the idea the added user doesn't have access.

    The cause for this is a colleague who created an application insights dashboard and added me as a viewer, after being added there was no notification whatsoever that told me I can view the dashboard. Just now I noticed that I can click on my user name to switch directories and view the dashboard.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  4. ADB2C Apply Sign-Up Attributes per Provider, not per entire Policy

    You can select the attributes you want at sign-up in the policy, awesome. BUT, it applies this to ALL providers that are associated with that policy.

    I want certain attributes to apply ONLY to my Email sign-up and different attributes used on 3rd party sign-up. Please separate these attributes out per provider.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  5. Stop loggin on with Org account by default!!!

    For some reason, MSFT decided that automatically logging onto he O365 org account by default was a good idea? Why? Almost everyone uses their Microsoft Account. In fact, we must use our MS account if we are developers and need to capture benefits from our partner relationships, etc. Yet, everytime I log off Azure and log back in, it automatically logs in to the Org account which has no assets.

    Suggestion: Stop doing that

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. Group Managed Service Account Help with Azure AD Connect

    I am trying to setup the Azure Active Directory Connect, and want to use a Group Managed Service Account. But when I get to the configuring part I get the following error: An error occurred executing Configure Service account task: An error accured while create a new Key Distribution Service Root Key (add-kdsrootkey) for configuring a group managed service. The user I am running it as is a domain, and enterprise and built in administrators member, as well as the account that is asked for during setup. I have ran the command Add-KDSRootKey –EffectiveImmediately and it that works fine. The…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure B2C: [BUG] Encoded user attribute descriptions are showing in UI

    The user attributes descriptions on the Select signup attributes blades are showing the strings encoded in the UI. For example, the apostrophe is showing up as ' in the field. See attached.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  8. Change Group Name/DN used to filter objects in AAD Connect

    Currently it is not possible to Change the Name / Location (DN) of the Group used to filter objects that should not be synchronized to Azure AD in AAD Connect.

    But there are many situations (eg. AD migrations) where names or Locations of Groups may Change.

    So implementation of changing the filter Group should be possible without reinstalling AADC

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow mass editing of users sign on domain

    Currently if you sync a local active directory before verifying ownership of a custom domain all snchronised users become xyx@azureADname.onmiscrosoft.com. It would be very useful to be able to configure a group of users, or at least all users, in one go to use a different domain such as a newly added custom domain.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  10. Need a way to break connections to orphaned AAD applications

    I just went through a living nightmare with an orphaned VSO application in one of my AAD directories that was preventing me from deleting the directory. The VSO system wasn't letting me have access to the VSO instance. I couldn't reach it via https://<account>.visualstudio.com; and although I could see the instance at http://www.visualstudio.com, that portal wouldn't let me delete the VSO instance.

    The original Azure subscription where the VSO account was connected was deleted. The VSO instance was still connected in my regular Azure AAD ... in a directory with nothing else in it and no users other…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add a "whats the point of this" control next to a feature label

    Then, give your Azure AD customers the ability to post responses in their own language - often if you take a users description it is formulated in a way that is more accessible to other users versus the technical documentation. Whenever someone provides feedback, someone at azure reviews it and compares to the current answer and if they think the new answer is better, they replace it - or edit as they see fit

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. Why do I have to sign in with a work or school account?

    I am currently a student using Dreamspark and still trying to figure out account access and it is annoying that it keeps demanding that I sign in with a Work or school account, when I need to use my Microsoft account. However my Microsoft account which I use for Dreamspark, keeps telling me that I do not have an account, and it is trying to connect me with AN OLD work account that is now DEAD.
    I wish I could figure out how to remove this old account, but it keeps coming back, I do not want to use a…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  13. AD groups should be instantly available in O365 (& SharePoint) without one minute delay (average)

    when adding a new AD group in manage portal (azure) I notice a small delay for SharePoint to be able to EnsureUser for this ADgroup. Should there not be a way to prioritize this task?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Groups/Dynamic groups  ·  Flag idea as inappropriate…  ·  Admin →
  14. Enhance domain verification

    The @ host with a text entry is used by so many services now (including your own stuff like 365). This makes it complicated when you're trying to do domain verification. You should either allow the user to set the host value or generate a random host value for domain verification. Plus the service that is doing verification is not flushing cache >.< so then you have to wait for TTL to expire if you mess up the entry.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  15. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  16. Need to strip out the special characters when answering SSPR questions

    Like FIM, it would be nice if SSPR stripped out the spaces (in the answers) and the special characters so that users are not challenged remembering the exact answer, such as hyphens or apostrophes on answers.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  17. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  19. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  20. allow different authentication options by group, instead of one rule tenant wide

    We turn off phone and SMS authentication for security reasons, however how specific applications used by outside contractors that we don't want to support helping them install and configure the Authenticator app.
    It would be helpful to have the ability to configure the authentication options for specific groups, or at least do so via powershell per user, not just one option tenant wide.

    0 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base