Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Provide ability to unlink Azure from Office 365

    My company has an Office365 subscription and we use the AD to manage internal staff roles, system access, etc. We also have entirely separate external data centres running systems and services for external customers and financial partners. We are now engaging in a migration exercise to move our data centres to the cloud. I created an Azure account using my company email address (naturally), and it automatically pulled in all settings and staff and who knows what else from our Office365 AD. This has already caused many issues in just a few days. Through multiple calls and emails with MS…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. add sign-in with other account button to unauthorised message/page

    When access an Azure AD SSO application from a PC registered to another tenant, authentication proceeds using SSO with the account that is signed into the PC. The attached message is displayed, saying the account is not authorised to that application.

    This page should give the option to try to sign-in using a different account, by providing credentials.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure Policy - MFA Policies support for an internal MFA Server

    We would like to use the Azure MFA policies, however they assume the usage of Azure MFA, and within our company we are using an On-premise MFA server. We have now disabled the policies, based on a statement from the PG on supporting this feature:

    • You have disabled the default policies since you had no clear view on when it works.
    • We have checked the policy "Audit accounts with write permissions who are not MFA enabled on a subscription" and some of the users that had write permissions on the subscription were not enabled for MFA in Azure AD. You…
    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to up-vote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  5. block non-USA logins, foreign IPs are locking out my users.

    block non-USA logins, foreign IPs are locking out my users.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. SCRIPT1002: Error on internet explorer 11 when using b2clogin.com

    Hi,

    I’m working with custom policy azure B2C, I get suddenly the error “SCRIPT1002: Erreur de syntaxe jquery-bundle-1.10.2.min.js (3,15655)” on internet Explorer . Image below

    So I cannot using the verify email function any more
    I get juste a text of verification email Instead of button verify email

    I guess there is a problem with execution javaScript code on IE.
    PS: I get this error only on Internet Eplorer but It works on chrome and firefox and also it's work on IE when i use login.microsoftonline.com and not b2clogin
    I’ll be gretful if I get any help on this .

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  7. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. Put a refresh on the AAD Connect OU selection screen.

    Put a refresh on the AAD Connect OU selection screen.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  9. Detect if Managed Identity is enabled on VM

    It is possible to detect if an existing VM has Managed Identity enabled? All code samples for enabling on existing VM only shows how to use the Set-AzVm cmdlet, but not how to detect if it was enabled in the first place!
    This feature would be handy if you for example wanted to set New-AzRoleAssignment only if VM uses Managed Identity

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add a find and replace Claims transformation for collection type

    The issue faced:
    We got a string collection claim that holds some preset GUID returned from an Azure AD tenant.
    We wanted to map this GUID into another values so that the GUID will get translated into a readable text. Currently there is a similar string claims transformation: LookupValue, but there is no similar claim transformation for string collection type.

    Currently we can solve this issue by adding a helper Rest API endpoint to do this conversion, but it will be helpful that the custom policy natively supports this claims transformation.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support POST OpenID Connect authentication requests

    Supporting POST authentication/authorization requests is not mandatory for clients, but would be a nice addition if I wanted to use idtokenhint without being it captured in server logs in the referer header response.

    Authorization Servers MUST support the use of the HTTP GET and POST methods defined in RFC 2616 [RFC2616] at the Authorization Endpoint. Clients MAY use the HTTP GET or POST methods to send the Authorization Request to the Authorization Server. If using the HTTP GET method, the request parameters are serialized using URI Query String Serialization, per Section 13.1. If using the HTTP POST method,…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. when we are able to login the Microsoft account in mobile phones using bio metric, why can't you provide same bio-metric authentication for

    when we are able to login in the Microsoft Authentication App. using the Microsoft account (xyz@hotmail.com) in mobile phones with bio metric Authentication, why can't you provide same bio-metric authentication for PC signing In. the option using Microsoft account signing In is already available, additional requirement is signing using. Mobile signing In using Microsoft Authentication App. For this additionally you have to provide the mobile Icon in the login Screen in windows 10 OS.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Poor experiencing

    Been trialling B2C directory for a month and have to say it has been a disappointing experience. We had a number of issues deleting unused tenants and have been in contact with Azure support for over a month. Even now these issues are still unresolved. It feels the platform as a whole is immature. We have decided to stop evaluating Azure as our cloud platform.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  14. Include Conditional Access in Microsoft 365 Business

    Include Conditional Access for Microsoft 365 Business customers without Azure Premium subscriptions.

    Right now, a lot of the compliance features that comes with the intune in M365 Business are useless because they cannot be enforced via Conditional Access, because CA is not included in the business edition of Microsoft 365.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow App Owners to approve permission requests to their own application

    We would like to use Azure AD as our authentication and authorization framework for all APIs, however, one issue we believe we have run into is the requirement that an Administrator must approve all Application only requests (vs the expected below).

    Scenario

    Our company has two app registrations
    - Business API 1
    - Scope: Feature.Critical (application role)
    - Business API 2

    Business API 2 requests Application only Feature.Critical permission of Business API 1.

    Expected Result

    The Azure AD App Owner(s) of Business API 1 are the SMEs for this permission knowing best what data and functionality may be released. The…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  17. How to fix my outlook not accepting password

    Get outlook not accepting password solution via the technical support phone number experts as my outlook not accepting password in windows etc.For solution call 1855-345-8210 toll free number for help.

    https://www.outlooktechnicalhelpline.com/outlook-not-accepting-password/

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  18. Prevent users from adding mailbox rules

    Ability to disable end user's ability to create mailbox rules. Would be nice to have when an account breach happens and you want to lock this capability down to prevent malicious 3rd parties from creating rules and hiding email responses.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enable Groups (AAD or Synchronized) to be members of AAD Roles

    For AAD roels, ie Security Admin, allow Groups to be added. Currently only Users can be added through the portal.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  20. Face id

    Rien avec FaceId, plutôt qu’un système de codes compliqué ? C’est pas très top

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base