Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Revise licensing requirements for initial registered agents

    The current licensing system requires 25 AAD Premium licenses for each additional registered agent beyond the first (i.e. 26 licenses for 2 agents, 51 licenses for 3 agents, etc ...). That's a shame as it makes it impossible for smaller businesses to get even close to full coverage of their relevant infrastructure.

    For example, assume a best practices infrastructure with:
    - 2 x Domain Controllers
    - 2 x AD Federation Servers (installed on DCs)
    - 1 x AAD Connect server
    - 1 x AD FS Web Application Proxy (on AAD Connect server)

    That's 3 Windows servers with two DCs &…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  2. Azure AD vs. On Prem Domain Controllers

    Hello everyone,,
    What are your thoughts on Azure AD? Is it mature enough?

    I'm working with a startup that has 50 employees and no Active Directory or Identity Management.

    We have landed a contract that requires all end points to be managed with security policies etc. Rather than having an on-prem domain controller or VMs on Azure, I'm considering Azure AD (Premium P1). Any drawbacks with going this route?
    https://www.spanish55.com/
    I realize that I may need to license Intune for group policy and other management capabilities. Any gotchas I need to be aware of? Would love to hear your experiences…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enhance RBAC for Support Requests

    The resource provider Microsoft.Support does not offer a way to allow/deny permissions for a specific issue type.

    In our company we would like to grant Azure service developers the right to raise a support request using the Azure portal. But they should only be allowed to raise technical issues and go trough our internal channels for questions regarding billing or limits/quotas.

    It would help if the action "Microsoft.Support/supportTickets/write" would be split in the various types or another method could be provided to control what kind of support requests one can raise.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  4. 2000 role assignment limit considers subscription inherited roles ?

    2000 role assignment limit considers subscription inherited roles ?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  5. make group membership Searchable

    Hi Please can you create a search ability in the device groups from >Azure Active Directory/Groups/groupname/Members

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Groups/Dynamic groups  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow True Custom Claims Without Scripting

    Currently the only user claim you can create and manage through UI is the role. If you want more than that, you need to add an extension element on each user individually through Powershell, then link to it through the custom claims in the manifest, making efficient management an impossibility. This effectively eliminates Azure AD as an option when developing SSO integration in any application that needs per-user information. The UI for the role (a simple dropdown) could be duplicated, and expanded with options such as checkboxes for an array of predefined values or open textboxes for individual strings.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

  7. Add a user SAML attribute claim that can be assigned a text value.

    For example Service providers that Require a EduPersonPrincipalAffiliation or urn:oid:1.3.6.1.4.1.5923.1.1.1.9 you could set a text value to all claims of "Member@contoso.com" or use the Transformation options to filter specific text values to the claim. Like "member@contoso.com" or "Administrator@contoso.com" or "Contributor@contoso.com" this would allow the Service provider to assign roles without having to process groups just a simple text value set at the IDP level.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. your office 365 product ist to complicated. I wont buy it again. I need simple products. not hours of admin work.

    your office 365 product ist to complicated. I wont buy it again. I need simple products. not hours of admin work.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  9. OpenID Connect Logout URL needs to be https

    Single logout is performed by opening the Logout URL in an iframe. The parent document for this iframe is always on https, so if the logout url is on http browsers will block it as mixed content. It is very hard to see that this happens, and the impression you get trying to set this up is that the single logout functionality isn't working.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  10. No way to tap Authenticator or enter or choose code.

    No option to tap or choose code using authenticator

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Create a migration scenario for migrating Azure MFA on-premise to Azure MFA to the cloud

    Imagine an organization of 10000 employees that uses Azure MFA on-premise and wants to migrate to the cloud. Does Microsoft really want that organization to re-enroll all their 10000 users?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. With the new Beta Edge, it is not passing the "join type" or device ID into Azure so some machines are getting MFA prompted due to CA rules

    The Edge Beta and Edge Canary versions of the new Edge browser built on the chromium platform do not pass the join type and/or device ID.

    We have CA policies that are based on being Hybrid AAD joined. Chrome and IE pass this info through where Edge Beta does not yet.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. My mobile is a Samsung. For the last 6 months I have to sign back into my work Outlook every hour.

    My mobile is a Samsung. For the last 6 months I have to sign back into my work Outlook every hour. My work IT have no idea why this happens. I have uninstalled and reinstalled outlook as they advised. I have taken the phone to point of purchase where the put it back to factory settings and the problem continues. What is going on?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  14. API for Azure Open

    It's better to provide API to do the following operations under Azure Open Licensing.
    • create subscription
    • enable key (OSA)
    • get Subscription key status
    • subscription IAM authentication
    • Create Audit for key life cycle and etc
    • User account limitation for the same subscription

    Partners encounters much troubles to manage the customer's subscriptions.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Tutorial: Configure hybrid Azure Active Directory join for federated domains needs update

    https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-federated-domains need and update. Doesn't mention anything that if you are federated and are using alternate log-in ID feature the PRT will never be issued after signing in to the device. This has been verified with Win 10 1803 and 1809. The MS support ticket that I raised for this issue is 11908162200094. It's now been closed after talking to a Subject matter expert. That person asked me, to Post an idea for improvment.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  16. Re-design the security information registration option

    The ability to enforce registration of security information to trusted location works great, but the design seems flawed.

    We don't have the ability to exclude the security information registration page from conditional access. If we enforce conditional access on All Cloud Applications and require Hybrid Azure AD or Compliant Devices external consultants / subcontractors won't be able to do the initial sign-up.

    Instead of adding the option "User Action" to Azure Conditional Access you should have added an application that we could exclude or the ability to exclude "User Action" from a "Cloud Apps" policies. I think this is due…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  17. Hide/Separate features based on subscription

    PLEASE make it so I'm not inundated with unavailable options/features that muddy up the portal -- we have Azure AD for Office 365 and I'm constantly seeing and clicking on "features" that bring me to the "you need P1 or P2 to use this feature". If we can make it so Office 365 services can hide objects based on access permissions, it seems the same would hold true for features. Stop being such a tease!

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  18. OTP sign in failed

    Please provide more details regarding the failed sign in for OTP users. Currently we only see;
    Status Failure
    Sign-in error code

    501811
    Failure reason Other

    If we want to know more ( reason of the failure ) the customer needs to contact support with a Request ID and time stamp. They would like to be able to see the reason themselves. Thank you!

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  19. Canon Printer Support 1-855-617-9111

    Canon printer user may have been having a problem with an error which is displayed as code 5, 156, 69. Anyone would freak out looking at these kinds of error right? But there is no need to worry for anything even in these sorts of situations. Because we are hear to help you out with the error. There are certain steps you need to take to overcome the error. Troubleshooting the device can help to locate the error and find possible solutions for the situations.
    So, if Canon Printer users are also facing similar problems and cannot find any solutionwe…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow the ability to increase the default 30 day review time frame:

    Hi, would be very beneficial if we can increase the time frame Access Reviews checks. At the moment the time frame is 30 days. It would be great to give the options for reviews that check time frames that are 3 months / 6 months / 12 months.

    Example: Long term sickness

    Would also help in creating accurate user to application assignments.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base