Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Better instructions for choosing password in the AAD B2B Redemption Page

    Provide better error information or apply password policies so that the users do not create a weak password in the B2B redemption page scenario as explained in the below link.

    The password rules mentioned here[https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts] are not available to the user while choosing the password, as a result, the page throws an error with no specific error information or work around.

    https://stackoverflow.com/questions/55592569/password-complexity-issue-with-b2b-invitation-redemption-page/55603737#55603737

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

  2. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  3. Reply URL property for SAML configuration should allow to set url with "http" prefix

    Specification of SAML protocol doesn't require that reply url should be only with "https"prefix and many of intranet applications can have "http" prefix so I don't understand this limitation.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  4. meci

    merci

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. I work for BP Shipping. We do not have normal phone link. Why not use what's app?

    Use what's app for ship's who are sometimes 1 month away from land and normal mobile link un-available.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. It’s so new of the products for me to used, it seems have a lot more useful than others normal mails, I will let you know that Soon again.

    It’s so new to me, I don’t even receive the first mail yet, but I will let you all know that later please. Thank you so much to helping me to set it up. I’m sure it very useful mail for me to the futures. Love xoxoxo

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. develop granting permission

    I just have some suggestion for Azure , if there was a feature ,wizard or any tools to assist administrators with detecting which access is applicable for something it would be wonderful .

    For Example administrator checks the permissions user needs in detail and that tools shows the proper role or permission .

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow MFA via Email for external vendors

    The current MFA tools are tied to a device that a 3rd party would likely take with them if released from their employer, which poses a high potential for a security risk. If email based MFA was allowed for vendor access, then emails would be sent to a corporate mail server ensuring that the employee was still employed.

    I understand the argument that sending an email to the account you're trying to access is poor security posture, but if it is being send to a different domain, that risk should be mitigated and overall a better security mechanism.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Implement method to delete device information from Access Panel

    If user provisioned Windows Hello for Business on a device, the device is displayed on the Access Panel of the user.
    Even user dis-provisioned from that device, the device information will not be deleted from Access Panel.
    Currently, we do not have a method to delete this device ifnormation.
    Customer would like us to implemment a method to delete this device information.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure Active Directory Domain Services Identities and Server Roles

    I was recently hired by a company and inherited a messy IT infrastructure. The business has an on-premise server running two VMS, one is Windows Server 2003 and the other is Windows Server 2012. We have 13 offices throughout the U.S. but no way to connect all offices to a centralized domain/location. The on-premise server only hosts the users at our corporate office. I would like to join all the computers at my company to the domain at corporate, but we do not currently have the infrastructure to create a traditional on-prem environment (Sonic walls, VPNs, etc). I am considering…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Keeping guest account in the inviting AAD updated with changes made in the user's home AD

    We're collaborating with an external party on a project and have invited around a 100 users of theirs as guest users in our AAD. The external party recently migration to another email domain. The good news is that this change didn't impact their ability to SSO into SharePoint and other O365 products. The only downside we found is that the user name filed of the guest account in the inviting AAD still had the original email.

    In summary, users added pre-migration have the old email domain suffix and users added post-migration have the new email domain suffix. I would be…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  12. Fix MSAL-Angular library

    Currently, the Angular implementation of the MSAL client library is not synced up with the main branch of MSAL and is broken when using Microsoft Internet Explorer. I hate IE but 70% of our users are stuck on it. PLEASE FIX.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Do not require a person to scan a QR code using the device that they are attempting to register

    I’m trying to access using my mobile device. The app wants me to scan a QR code to register the device. Guess what? I cannot scan a QR Code that is on the screen of the device - with the app - using that same device. As it happens, I also can not look myself in the eyes.

    Even worse, I can already access my Outlook, I just can’t see my folders with unread emails - populated via rules. All I want to do is see my emails and this Authenticator app pops up and won’t let me see anything…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Make Graph calendaring less confusing with respect to time zones

    When sending in datetime to Graph, it accepts an iso8601 which has a timezone offset, but then there is a timezone field that is simply ignored. For a post, we think it shouldn't be in the payload and definitely shouldn't be in a get especially if it's required.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Update MS Graph so that users endpoint supports the $search Odata filter

    Need $search support in the /users endpoint. Right now, it only works in /people and /message

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. ContainerInclusionList

    Would like to fully script AADConnect install and config ... can get lists (attributes, objecttypes, ContainerExclusionList, etc), but do not see how to use PS to add these items to a new install so Staging would match Prod. For now, all handled manually.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add the ability to switch the directory for Access to Azure Active Directory (0110P) subscriptions

    There is no option to change directory for Access to Azure Active Directory subscriptions (0110P) following steps here: https://docs.microsoft.com/en-gb/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory - this option was available in the classic portal.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Azure AD Directory Roles modified date | PowerShell

    Hello,
    Please allow query Azure AD Directory Roles modified date,
    So if we run PS: Get-AzureADDirectoryRole
    We could see when role modified and use this as monitoring parameter, as example we can set current date as non-modified, any older date will be triggered.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  19. Introduce the functionality to add PDLs/DDLs into application's user and group assignment.Right now only security group could be added.

    Introduce the functionality to add PDLs/DDLs into application's user and group assignment.Right now only security group could be added.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  20. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base