Let's say you have a security group with email address, group@contoso.com, on AAD that is synchronized from on-prem AD.
Delete the email address in on-prem AD, and run a sync. The SG now has email address of group@contoso.onmicrosoft.com.
IMHO, the email address should be completely deleted from the SG on AAD too.
Thoughts?

just like amazon aws it would be good to have single invoice for all subscriptions.

its cumbersome for accounts department to handle multiple bills
single monthly invoice
subscription wise break-up
resource wise break-up would be good

moving from aws to azure itself a humongous learning curve
now, multiple billing is another burden

Please rename the North and West Europe regions so they are aligned with France, UK, Switzerland naming convention.

Currently instances deployed behind nat gateway can't ping public resources because NAT gateway does not support ICMP traffic. Please have support ICMP traffic as well

Please allow German workshop organisers to use the Azure Fast Pass program for commercial usage. Credit cards are rarely used in Germany, for cultural reasons, and it is a huge roadblock to run these workshops and to acquire potentially new Azure customers. It would be great if the workshop owner had the option to create Fast Pass codes, and use their own subscription as cost centre.

The user attributes that are provided by Azure Active Directory by default are inadequate. Please also include the following attributes:
company
employeeID
mail
extensionAttribute1
extensionAttribute2
extensionAttribute3
extensionAttribute4
extensionAttribute5
extensionAttribute6
extensionAttribute7
extensionAttribute8
extensionAttribute9
extensionAttribute10
extensionAttribute11
extensionAttribute12
extensionAttribute13
extensionAttribute14
extensionAttribute15

Maintain the sort in Azure Storage Explorer when clicking Refresh

Quite often I want to look at the latest records in Table Storage, so I sort by the created date. If I then click refresh to get the latest data the sort resets and I have to apply the sort again, its driving me crazy

If you create a Group with hidden membership and assign it to an Administrative Unit a "Groups administrator" for that AU cannot view the membership. Only the root directory Groups administrator role can view hidden membership.

It would be good to allow the microsoft.directory/groups/hiddenMembers/read permission at the AU level.

This would also make it match the documentation as that permission is assumed to be working at the AU level but it is not currently.

To have a way of identifying the expiry of SAS token of API Management using command line

Allow protect Cloud Shell storage with Azure storage firewall. Is not supported now to limit access to Azure Storage account. I need protect storage to be accessible from azure backend only

Many a times, we will need to reserve Private IP addresses for certain VMs/Services, so that we can raise Firewall Requests well in advance. If someone parallelly launches another VM or Service that uses the private IP from the same subnet, the IP address mapping is lost and causes inconveniences to adjust the firewall requests. By reserving the Private IP address in the portal using a 'tentative resource ID/Name/URI', we can ensure the address will not be hijacked intentionally or not.

Currently, you can only leave an organization if you can login into that tenant. This is a big problem if your account is locked.

When a user logs into AAD, there are fields for tenant id, client id, in_corp (optional), home, country, etc.

For working with user contexts in our app, we rely heavily on the ImmutableId, but have to request that info through an external service. Ask here is to allow for including immutable id as an optional claim. The Graph API supports assigning Immutable Id and requires uniqueness for this field.

The Virtual machines page list all the virtual machines with columns that are not available in the all resources page, like private and public IP addresses. but there is not export list option on the page like you have in the all resources page.
Kindly make this available.

We'd love to use WAF, but it is missing a captcha/challenge mechanism.

e.g. after X amount of attempts - put a recaptcha image or "I am not a robot" checkbox type functionality

Ideally this threshold would have some advanced settings or configuration - based on throughput or anaylitics of traffic.

we currently use cloudflare, and this is holding us back from switching. some appliances (e.g. barracuda WAF) include it - but they are quite pricey to deploy within Azure compared to WAF.

We have several databases that is configured for geo-replication. Our databases are big (>1TB) in size but low in CPU usage. We expect to save quite a lot of cost by using hyperscale. Could you support geo-replication for Azure SQL Database Hyperscale?

Our dev team is using LUIS API to generate utterances from database.

Ofter we find issues in our utterances and we need to remove all utterances and re-generate them again. To delete utterances we're using this API: https://westus.dev.cognitive.microsoft.com/docs/services/5890b47c39e2bb17b84a55ff/operations/5890b47c39e2bb052c5b9c0b

if we have 2000 utterances in one intent, we need to make 2000 requests to LUIS API. we would like to remove all utterances in one API call. Or at least remove them by chunks, 100 utterances at a time. This will speed up our process.

Please add utterance batch delete API.

Currently there is no option in AKS to monitor Disks mounted to Pods, this is really a drawback as we do not have any alerts/notification if disk usage is high.