Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Device-level authentication as primary authentication like ADFS 4.0 (Windows 2016) in Azure AD

    It would be AWESOME, if Azure Active Directory would provide device-level authentication as primary authentication like ADFS 4.0 (Windows 2016)

    We need this please!

    72 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. Fully Support WebSocket protocol in Azure AD Application Proxy

    The current Application Proxy does not support rewriting ws:// or wss:// URLS from my testing.

    We have an application that has it's content (HTML, JavaScript, images ...) hosted by IIS and a standalone service that provides data through websockets.

    I created an app proxy for the IIS component requesting content rewriting and created a second app proxy for the websocket service. However, it seems that the first app proxy doesn't know to rewrite the embedded ws:// URLS to point them to the second app proxy.

    Also, running a websocket tester against the second app proxy external URL fails as it…

    71 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add Microsoft Authenticator to Approved Client App

    Currently the "Require approved client app" list of apps does not include the Microsoft Authenticator app, thus preventing adoption of cool features such as 'passwordless sign-in' which is apparently signing in as the user and therefore getting blocked.

    70 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Invalidate JWT Token

    Need a way to invalidate JWTTokens that have been issued to a user to prevent the user from accessing the AAD with the token after issuing the OAuth logout request:
    (https://login.windows.net/{{tenant}}/oauth2/logout?postlogoutredirect_uri={{RedirectUri}})

    70 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Azure AD Team responded

    Thanks for the feedback! We will look into this and share an update when we have more information.

  5. Azure Active Directory Domain Services - More Pricing Tiers

    Can we have more pricing tiers? I run a small consultancy business with 1 user and enabling AADDS will cost in excess of £90 a month, even though I won't have anything like the 25000 objects minimum tier cap. However AADDS is useful for demonstrating to SME clients how they can go cloud only so it would make sense to provide an entry level price point, for example max 2500 objects to suit the smaller scenarios.

    70 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  16 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  6. CSP subscription transfer between tenants

    Eneblemnt of Azure CSP subscription tranfer between AAD tenants.

    70 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  7. AADB2C Password history policy

    Allow us to set passwords must not be the same as the previous passwords used by a user. The number should be configurable, so not the same as the last 10 passwords used by the individual for example.

    68 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow multiple groups for SSPR rather than only one group

    you have to make a group for SSPR and assign users or sub groups. If you already have the user groups why cant we just use those?

    68 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  9. Delegate permissions to remove devices

    The user role User administrator is not able to remove users registered device objekts in Azure AD. I think that roles should be granted that permisson.
    Or create an addiotional role that have the permission to remove device objects in Azure AD.

    67 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    18 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  10. 67 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  11. Set Default Country Code in Azure MFA

    When importing users from AD, if the country code isn't included in attribute Azure MFA will set the country code to +1(USA).
    Can a feature be added to allow the default country code to be set a the global level. So that in our case we could set all number to default to +44(Great Britain) .

    67 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Azure AD Team responded

    We’ll take this in consideration as we plan new features. In the short term, we are working on Graph API‘s that will allow you to change phone numbers in the StrongAuthentication fields.

    Richard

  12. Custom Roles at the Management Group Level

    Please add the ability to define custom roles for Azure RBAC at the new Management Group level. Would like to be able to create custom roles and set the assignable scope to our root management group so that the role definition is available throughout our tenant.

    https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-control-custom-roles

    66 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  13. Improve Azure Authenticator App to require password or touch id validation before approving push request.

    Currently, if you receive a push notification to the Azure Authenticator app while the phone is locked, merely swiping the notification and selecting View allows access to approve (or deny) the request. Other authenticator apps (Google, Lastpass, etc.) require the device password or touch id (on iOS) before the request can be approved. This is a security flaw and needs to be fixed.

    66 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add support for webhooks when users are invited, added, removed from Azure AD + Azure AD B2B Collaboration

    Currently it is not possible to receive a notification from Azure AD when a user has been invited (through B2B Collaboration) or added directly through Graph API or the portal.

    65 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  15. Provide "Conditional Access" on a SharePoint Online Site Collection Level

    It would be great, if any future "Conditional Access" provided for SharePoint Online could be done on a per. Site Collection Level.

    Talk to the SharePoint Online team regarding this

    65 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow Azure AD to Azure AD Trust

    Add the ability to trust another 365 tenant like exists with on prem active directory. The scenario is a company that has an establish 365 acquires another company that has a 365 environment. In a on prem scenario a domain trust would be put in place, however federation and external user access is the only options. This capability needs to be in place for Azure AD to trust another Azure AD.

    64 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  B2B  ·  Flag idea as inappropriate…  ·  Admin →
  17. RBAC roles for Viewing/Modifying Authentication Info (MFA)

    Currently, only Global Admins can view and modify the information in a user's account in the Authentication Info fields. This is problematic as we have people performing B2C support that are User Administrators and can't see or update the user's info in these fields to help troubleshoot access issues/MFA issues.

    For users assigned the User Administrator role, allow them to view and modify the Authentication Info fields. They currently see grey fields that are empty.

    64 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    22 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  18. Modern end-user portal

    One of the main blockers to deploy MIM is lack of a modern end-user facing portal. One doesn't need to port all the functionalities to such a portal straight away and MPRs, Workflows etc can stay within an old portal for admins, but users should see responsive and simple interface (not based on SharePoint)

    64 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  19. Implement the ability to join Mac OS X to Azure AD

    It would great to have the ability to allow Mac OS X users with the ability to join Azure AD.

    63 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  20. App Proxy connector monitoring and alerting

    Currently we can notice that app published by App Proxy is not working only by manual check.
    It will be great to have build in monitoring and alerting(idea with ITSM tools integrations like SNOW) to be informed about issues with connectors.

    63 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →

    Quick update here that we’re still planning to do this. It will take us some time to complete, but we’ve heard your feedback and know how important it is.
    In the meantime we would love to hear more about the type of data points you would like to see.

  • Don't see your idea?

Feedback and Knowledge Base