Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Span AADDS domain across multi regions

    Span the same AADDS domain to multi regions - currently only possible with vnet pairing and VPN gateways. Would also add redundancy to the domain if say a region were to go down or the AADDS service were to stop within a region.

    118 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    22 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  2. B2C Roadmap

    Deliver a roadmap which shows what functionality is planned and under review.

    116 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    Hi all, unfortunately we don’t have plans to share out a public roadmap. This is constantly changing as we’re listening to customer requests. We will continue to update feedback.azure items as they come up so feel free to suggest anything you are curious about.

  3. Custom password complexity

    Allow the ability to set different password complexities for local accounts in a B2C tenant.

    111 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  4. Powershell Enable PIM Role Assignment

    We plan to utilize PIM for Azure Resources (Resource Groups), however it is currently not possible to automate thorugh Powershell. It would be nice if existing Roles could be made eligable and configurated with it's settings thorugh powershell when creating resources/resource groups through powershell.

    110 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  7 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. SSPR - Allow user unlock from the windows 10 logon screen.

    You recently implemented the password reset from the Windows 10 logon screen. However, the possibility of unlocking the user when they remembered the password was lacking.

    I remember that this functionality already exists through the MIM or Azure reset link.

    108 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  6. Flutter / Dart Support

    We need a native Flutter / Dart plugin. Flutter is the top trending respository on GitHub! https://github.com/trending

    It's a very bad decision not to write any plugin's for Flutter / Dart. Once again Microsoft will be left out and will be forced to play catch up at a later date. There are many plugins for AWS, but NONE for Azure!

    As of today:

    Xamarin Forms has 2k likes
    Flutter has over 28k likes!

    104 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  7. User Opt-In to Azure MFA with Office 365

    We have enabled MFA at our Office 365 tenant, but requires Admins to enable users. For organizations that would like to phase MFA in for their users, it would be nice for users to self opt-in sort of like they do with personal email accounts. Then over time, administrators can "require" MFA by a certain date for users holding out. One way to handle this is to include a link for the end user under user settings to "Sign up for Multi-Factor Authentication". Right now, nothing appears under a users security settings until they are enabled by an administrator. Thx!

    102 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. Request for registration of OATH token and connection to user:

    We would like you to allow end users to register OATH token by themselves as well as other multi-factor authentication notifications (i.e. telephone and SMS)

    If our request above is not permitted, please consider the following to reduce the time and effort of the administrator:
    - Registering OATH token information prior to registration of associated user information
    - Connecting the user and OATH token by GUI operation from Azure portal instead of importing CSV
    - No entering authentication code when activating OATH token

    101 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add support to Azure AD B2C for the on-behalf-of flow.

    In order for a web API to call another downstream web API as the user, Azure AD B2C needs to support the OAuth on-behalf-of flow.

    According to the following reference, this isn't supported in B2C: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-apps#web-api-chains-on-behalf-of-flow

    I also cannot find this feature on the Azure Roadmap.

    100 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  10. Group-based Licensing for Nested Groups

    Nested groups have been around for a VERY long time. It is ridiculous that group-based licensing doesn't support nested groups. Please add support for nested groups ASAP!

    98 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Groups/Dynamic groups  ·  Flag idea as inappropriate…  ·  Admin →
  11. Password expiry reminder email notification

    Most people are having separate accounts for accessing Azure AD. It will be good if there is an email to remind users to change their passwords as the users may not login to their cloud accounts frequently.

    97 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  12. Query Azure AD Devices BitLocker recovery key via PowerShell

    Please allow query Azure AD Devices BitLocker recovery key via PowerShell

    96 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  13. Introduce account 'unlock' feature when an account gets locked out during passthrough authentication. (instead of waiting for 30 minutes)

    It will be very helpful if we have the ability to unlock on demand when an O365 user's account is locked (self service), without waiting for the account lockout duration. Currently this feature was confirmed by MS tech that it does not exist and that the end user has to wait for the account lockout duration period. This specially is very useful for accounts that are sync'd via AAD Connect and pwd reset in O365 does not apply because the account is a sync'd account.

    96 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  14. Find all users with app passwords

    We think that it's necessary to have a command for PowerShell to show app passwords per user. It would also need to show what app the password is being used for. MFA is pointless with thousands of app passwords. Not every user we've enforced has set up app passwords. this is what me and many other admins would like to know.

    95 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add hashed password migration to Azure AD B2C

    Currently, I can migrate user accounts from an existing database to Azure AD B2C. However, it only accepts unhashed passwords, which is completely useless for any modern system, which should ONLY be using hashed and salted passwords. What would actually make this feature useful is to include fields for hashed password, hash algorithm (any of several standard ones), salt and salt method (i.e., appended, prepended, etc).

    95 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  16. Microsoft Authenticator support for Tizen Samsung Gear S3 needed

    Pls ADD autenticator to Samsung gear s3 (tizen)

    94 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    20 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support logout and single logout with SAML 2.0 claims provider

    Support for logout and single logout with SAML 2.0 IdP configured as claims provider on B2C.

    The logout and single logout os both requested in some customer cases and in relation to the Danish governments IdP called "NemLog-in". In relation to the Danish governments IdP it is a requirement to support logout and single logout to connect to the central federation.

    94 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  18. Capture and display a last login date

    When reviewing a user's profile, a last login date for any Azure AD/Office 365 login should be captured/displayed, so that admins can evaluate inactive users for account disable and license recovery.

    93 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add support for Kerberos AES and drop RC4_HMAC_MD5

    Per "https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sso#manual-reset-of-the-feature" the "Seamless SSO uses the RC4HMACMD5 encryption type for Kerberos."
    Please add support for modern ciphers and drop that obsolete RC4_MD5!

    92 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  20. Automatically enable MFA for all members of an Azure AD Group.

    Add the ability to automatically enable MFA for all members of an Azure AD group as they are added, in addition ask if MFA should be automatically disabled for users being removed. This could be via an option within the users setting of an Azure AD group.

    92 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Azure AD Team responded

    Today, you can use conditional access to enforce MFA on a per-group basis. This is Microsoft’s recommended enforcement model.
    We will be updating the per-user enforcement of MFA to more closely match how conditional access works, but this is still in the design phase.

    Richard

  • Don't see your idea?

Feedback and Knowledge Base