Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
1 vote
-
Turn off Deep Inspection by default for Cloud App Discovery Agent
We deployed the Cloud App Discovery Agent to a number of test systems in our IT department, and while we got good feedback, we deployed before it was made obvious that the Deep Packet Inspection feature installed a custom Root CA in each workstation's Trusted Root Authority store. The name on that cert was a random FQDN from our tenant, and confused the heck out of us when we tried to delete what we thought was an unknown cert. We've also found issues when using Cisco's Cloud Web Security suite wherein the custom Root CA was causing problems with the…
1 vote -
Notification when getting added to a directory in portal
Getting added to someones directory doesn't give you any notification. And since the sync takes some time it gives you the idea the added user doesn't have access.
The cause for this is a colleague who created an application insights dashboard and added me as a viewer, after being added there was no notification whatsoever that told me I can view the dashboard. Just now I noticed that I can click on my user name to switch directories and view the dashboard.
1 vote -
ADB2C Apply Sign-Up Attributes per Provider, not per entire Policy
You can select the attributes you want at sign-up in the policy, awesome. BUT, it applies this to ALL providers that are associated with that policy.
I want certain attributes to apply ONLY to my Email sign-up and different attributes used on 3rd party sign-up. Please separate these attributes out per provider.
1 vote -
Stop loggin on with Org account by default!!!
For some reason, MSFT decided that automatically logging onto he O365 org account by default was a good idea? Why? Almost everyone uses their Microsoft Account. In fact, we must use our MS account if we are developers and need to capture benefits from our partner relationships, etc. Yet, everytime I log off Azure and log back in, it automatically logs in to the Org account which has no assets.
Suggestion: Stop doing that
1 vote -
Group Managed Service Account Help with Azure AD Connect
I am trying to setup the Azure Active Directory Connect, and want to use a Group Managed Service Account. But when I get to the configuring part I get the following error: An error occurred executing Configure Service account task: An error accured while create a new Key Distribution Service Root Key (add-kdsrootkey) for configuring a group managed service. The user I am running it as is a domain, and enterprise and built in administrators member, as well as the account that is asked for during setup. I have ran the command Add-KDSRootKey –EffectiveImmediately and it that works fine. The…
1 vote -
Azure B2C: [BUG] Encoded user attribute descriptions are showing in UI
The user attributes descriptions on the Select signup attributes blades are showing the strings encoded in the UI. For example, the apostrophe is showing up as ' in the field. See attached.
1 vote -
Change Group Name/DN used to filter objects in AAD Connect
Currently it is not possible to Change the Name / Location (DN) of the Group used to filter objects that should not be synchronized to Azure AD in AAD Connect.
But there are many situations (eg. AD migrations) where names or Locations of Groups may Change.
So implementation of changing the filter Group should be possible without reinstalling AADC
1 vote -
Allow mass editing of users sign on domain
Currently if you sync a local active directory before verifying ownership of a custom domain all snchronised users become xyx@azureADname.onmiscrosoft.com. It would be very useful to be able to configure a group of users, or at least all users, in one go to use a different domain such as a newly added custom domain.
1 vote -
Need a way to break connections to orphaned AAD applications
I just went through a living nightmare with an orphaned VSO application in one of my AAD directories that was preventing me from deleting the directory. The VSO system wasn't letting me have access to the VSO instance. I couldn't reach it via https://<account>.visualstudio.com; and although I could see the instance at http://www.visualstudio.com, that portal wouldn't let me delete the VSO instance.
The original Azure subscription where the VSO account was connected was deleted. The VSO instance was still connected in my regular Azure AAD ... in a directory with nothing else in it and no users other…
1 vote -
Add a "whats the point of this" control next to a feature label
Then, give your Azure AD customers the ability to post responses in their own language - often if you take a users description it is formulated in a way that is more accessible to other users versus the technical documentation. Whenever someone provides feedback, someone at azure reviews it and compares to the current answer and if they think the new answer is better, they replace it - or edit as they see fit
1 vote -
Why do I have to sign in with a work or school account?
I am currently a student using Dreamspark and still trying to figure out account access and it is annoying that it keeps demanding that I sign in with a Work or school account, when I need to use my Microsoft account. However my Microsoft account which I use for Dreamspark, keeps telling me that I do not have an account, and it is trying to connect me with AN OLD work account that is now DEAD.
I wish I could figure out how to remove this old account, but it keeps coming back, I do not want to use a…1 vote -
AD groups should be instantly available in O365 (& SharePoint) without one minute delay (average)
when adding a new AD group in manage portal (azure) I notice a small delay for SharePoint to be able to EnsureUser for this ADgroup. Should there not be a way to prioritize this task?
1 vote -
Enhance domain verification
The @ host with a text entry is used by so many services now (including your own stuff like 365). This makes it complicated when you're trying to do domain verification. You should either allow the user to set the host value or generate a random host value for domain verification. Plus the service that is doing verification is not flushing cache >.< so then you have to wait for TTL to expire if you mess up the entry.
1 vote -
1 vote
Thanks for the feedback! This is indeed a usability bug due to the fact that the directory deletion actually happens as a background task that may take a few minutes to finish. Looking into options to improve the experience.
-
Need to strip out the special characters when answering SSPR questions
Like FIM, it would be nice if SSPR stripped out the spaces (in the answers) and the special characters so that users are not challenged remembering the exact answer, such as hyphens or apostrophes on answers.
1 voteThank you for your feedback! This is a great idea and we will look into adding this to the SSPR feature. Please vote if this is important to you and your organization.
Thanks,
Sadie Henry -
1 vote
-
1 vote
-
1 vote
-
allow different authentication options by group, instead of one rule tenant wide
We turn off phone and SMS authentication for security reasons, however how specific applications used by outside contractors that we don't want to support helping them install and configure the Authenticator app.
It would be helpful to have the ability to configure the authentication options for specific groups, or at least do so via powershell per user, not just one option tenant wide.0 votes
- Don't see your idea?