Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Flutter / Dart Support
We need a native Flutter / Dart plugin. Flutter is the top trending respository on GitHub! https://github.com/trending
It's a very bad decision not to write any plugin's for Flutter / Dart. Once again Microsoft will be left out and will be forced to play catch up at a later date. There are many plugins for AWS, but NONE for Azure!
As of today:
Xamarin Forms has 2k likes
Flutter has over 28k likes!74 votes -
Passwordless authentication
Add support for phone- and email-based passwordless authentication - using OTPs (one time passwords).
74 votesThis is a scenario we are looking to support in the future however, it is not on our immediate roadmap for the next 6 months. Please continue voting and we will evaluate at a later date.
-
Go Direct to Password Reset from Sign-In/Sign-Up
The Sign-in only policy allows the user to go directly to the password reset.
The Sign-in/Sign-Up does not allow this. The user gets redirected back and you have to handle AADB2C90118.
While this flow is useful for some people the opposite is also true. Please allow me to specify the password reset policy in my sign-in/sign-up policy so the round trip is not required if I don't want it.
73 votesWe have started working on this feature and hope to have another update by Oct 2018.
/Parakh
-
Support for multi-valued attributes synchronized from on premises AD
AD Connect supports synchronizing multi-valued attributes to AAD.
However, AAD doesn't support multi-valued attributes synchronized from on premises AD.Would be great to have this supported so that for example Dynamic Groups can use multi-value attributes for group membership rules.
73 votesWe are investigating what it would take to add support for multi-value attributes in Dynamic Groups to enable this and related scenarios.
Kristina Bain Smith
-
Automatically enable MFA for all members of an Azure AD Group.
Add the ability to automatically enable MFA for all members of an Azure AD group as they are added, in addition ask if MFA should be automatically disabled for users being removed. This could be via an option within the users setting of an Azure AD group.
71 votesToday, you can use conditional access to enforce MFA on a per-group basis. This is Microsoft’s recommended enforcement model.
We will be updating the per-user enforcement of MFA to more closely match how conditional access works, but this is still in the design phase.Richard
-
Device-level authentication as primary authentication like ADFS 4.0 (Windows 2016) in Azure AD
It would be AWESOME, if Azure Active Directory would provide device-level authentication as primary authentication like ADFS 4.0 (Windows 2016)
We need this please!
71 votesThanks for your suggestion. This is under review and in our backlog but initially you will see this capability show up in AD FS in Windows Server 2016.
/ Brjann Brekkan
-
Sync "Account Expired" UserAccountControl to Azure AD (AccountEnabled)
Consider adding support for disabling user accounts in Azure Active Directory when the account is expired in the local Active Directory. Currently you recommend that customers create a PowerShell script that disable user accounts in Active Directory to support this scenario.
I would prefer that a rule be added to Azure Active Directory Connect that automatically changes AccountEnabled to false, if the users account expires in the local Active Directory.
Aaron posted a great workaround solution:
https://blogs.technet.microsoft.com/undocumentedfeatures/2017/09/15/use-aad-connect-to-disable-accounts-with-expired-on-premises-passwords/We would like something built-in Active AD Connect that solves this out of the box
69 votes -
Allow blocking "Sign-ins from anonymous IP addresses"
I would like to be able to block ALL sign-ins from anonymous IP addresses.
68 votesThis feature work is planned, but hasn’t started yet.
-
Update UPN-Suffix Change from one federated UPN Suffix to another federated UPN Suffix
According to Support Article 2669550 (https://support.microsoft.com/en-us/help/2669550), AzureAD Connect doesn't update a user’s userPrincipalName in AzureAD when we change the users UPN-Suffix from one federated Domain to another federated Domain. So we need to fix such changes manually or by a custom script.
I understand that preventing such updates by AzureAD Connect is a good choice for many customers. But for customers with several dozens or hundreds of federated domains, I would like to have a choice whether to sync such changes using AzureAD Connect or leave it on the default behavior of not allowing upn-changes form one federated…68 votesWe’re currently depending on the work of a different team to change this – the plan is to address this in the coming 6 months
-
SSO / Sign in to Azure via Google Apps IDP
We'd like to enable our users for lots of Azure services (incrementally), starting with some RemoteApp services. We do *not* want to move user authentication to Azure AD (users have lots of complex Google Apps logins, with 2-Factor and U2F Keys).
Is there an easy way for us to enable Google Apps as an IdP in Azure AD?
Like, can we copy user profiles from Google Apps -> Azure, and on login attempt, redirect to the Google Apps sign in screen?
68 votesYou can federate with GSuite/Google@Work with B2B direct federation, soon to be in public preview.
-Maria Lai
-
Support for 3rd party EMM solutions when requiring device compliance
We use Airwatch for managing mobile devices. We want to use conditional access policies to ensure the device has been marked as compliant by Airwatch before allowing access to certain applications.
Currently Azure AD Conditional Access Policies only supports InTune for checking device compliance as described @ https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-policy-connected-applications#trusted-devices. This should be extended to support 3rd party EMM solutions.
66 votes -
Pre-Provision MFA "StrongAuthenticationUserDetails" via PowerShell?
We have over 12,000 users we need to provision for MFA.
I know we can enable MFA via PowerShell, but there doesn't seem to be a way to update the "StrongAuthenticationUserDetails" attribute (Alt. Phone, Email, etc.) programmatically.
This is turning out to be a huge pain for us. Does anyone have a timeline for when we'll be able to do this?
66 votes -
All Powershell/BASH/script Azure AD join
For converting BOYD to Azure AD in the field w/o user intervention, we need a way for elevated accounts to be able to perform an Azure AD join of devices via script.... come on, this is the basics...
Think of it as MDM self-enrollment... if not that, then give us a one-click way for users to self-enroll the device.
65 votesThanks for the feedback on this. There are several ways to do Azure AD join (OOBE, bulk enrollment and Autopilot) which provide a richer experience to join devices to Azure AD. We’re continuously working to enhance those, so currently this is unplanned for the near future. Please continue to vote to help us prioritize
—
Ravi -
Enable app password creation when MFA is enforced using Azure Conditional Access
I'm actually implementing this for a customer and this one small thing has caused a BIG hold up.
I find it very odd that MFA being enabled from 2 different places would have a different effect. If MFA is enabled directly on a user in the Azure Classic Portal then, the app password creation option is presented during the MFA setup process. If MFA is enabled using Conditional Access policies in the new Azure Portal then, the app password creation option is not presented at all. Both are implementing the same function essentially but the latter blocks the apps that…
64 votes -
Deny Access Control in the RBAC
Please add the options below to RBAC.
Disable inheritance.
Deny.64 votesWe recently added deny capability to Azure’s RBAC system, in the form of deny assignments that can be set by the system only. The first Azure feature to use deny is BluePrint. We intend to add a configurable deny capability in the future, but have not yet announced any details.
Cheers,
/Stuart and Balaji -
63 votes
We are looking for private preview customers who are interested in using Azure AD (single tenant only) or any other custom OIDC compliant identity providers in your built-in policies. If you are interested, please send an email specifying this specific request to aadb2cpreview@microsoft.com with your Azure AD B2C tenant name.
-
Delegate permissions to remove devices
The user role User administrator is not able to remove users registered device objekts in Azure AD. I think that roles should be granted that permisson.
Or create an addiotional role that have the permission to remove device objects in Azure AD.62 votesCloud Device Administrator is the new role that will provide this capability . This will be generally available in the coming months
-
MFA Remembering Device
Have the configuration option to remember a device for MFA, like with non-B2C tenants, instead of requiring MFA each time a user logs in.
61 votesThere is a current configuration to allow users to choose to remember a device for MFA: https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-whats-next#remember-multi-factor-authentication-for-trusted-devices
Additionally, we’re looking at providing more controls for this through conditional access. -
Microsoft Authenticator support for Tizen Samsung Gear S3 needed
Pls ADD autenticator to Samsung gear s3 (tizen)
60 votes -
Add AAD B2C to CSP
B2C is currently available on the CSP pricing calculator, it can be found in the CSP portal, but it is not actually activated for CSP. Why isn't it available yet, and how do I get on the list to be an early user?
60 votesThis is planned for the next 6 months.
/Parakh
- Don't see your idea?