Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

(General Feedback)

Do you have an idea or suggestion based on your experience with Azure? We would love to hear it! Please take a few minutes to submit your idea in the one of the forums available on the right or vote up an idea submitted by another Azure customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

This forum (General Feedback) is used for any broad feedback related to Azure. If you have feedback on a specific service such as Azure Virtual Machines, Web Apps, or SQL Database, please submit your feedback in one of the forums available on the right.

Remember that this site is only for feature suggestions and ideas!

If you have technical questions or need help with Azure, reach out to us on Microsoft Q&A or try StackOverflow


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. In Azure AD Connect, enable Group Writeback for *all* types of Azure groups (including Security groups, Mail-enabled Security groups, and Ex

    In Azure AD Connect, enable Group Writeback for all types of Azure groups (including Security groups, Mail-enabled Security groups, and Exchange distribution groups). This will enable us to utilize the Group Writeback feature to meet our business requirements. It is our opinion that the limitation of Azure AD Connect Group Writeback which restricts to only Microsoft 365 Groups greatly reduces the value of the feature, and we would like to understand why Microsoft decided to limit Group Writeback to only handle Microsoft 365 Groups. We would like to use Group Writeback for all types of Azure groups (including Security groups,…

    199 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add the ability to enable and configure access-based enumeration (ABE) for Azure Files Shares

    Add the ability to enable and configure access-based enumeration (ABE) for Azure Files Shares

    159 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  3. granularity for delegation of azure app permissions

    We need more granularity for the delegation of azure app permissions to developers and administrators.
    Administrators and developers require that an app must be restricted to a specific group of users or objects. For a group in a single tenant, there is no granular authorization for groups of users or objects (such as Sharepoint online sites, teams and other resources).
    Developers can do this by using popular authorization patterns, such as: B. Azure's role-based access control (Azure RBAC). However, this approach involves a considerable amount of work for developers.
    We would like a delegation of authorizations in a single tenant…

    141 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  4. support "Managment Groups" Scope under CSP Cost Management.

    Currently it is not supported selecting a "Management Group" Scope it there are CSP subscriptions (which is currently supported with Azure Plan).

    122 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  5. support multiple values for the same key when tagging. If i want to allocate multiple departments while tagging i should be able to do that.

    Currently AzureRM tagging only supports one value for one key. This means if i want to tag multiple departments to one resource it is incapable of handling it.

    83 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  6. Get more information in Microsoft Authenticator notifications

    Using MFA with Microsoft Authenticator, we can only see the username. It woulde be useful get also the application and the devices that is requesting the approval. It is difficult to determine if it is right when multiples applications are in use (Outlook, OneDrive, Skype...)

    79 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support for ManageEngine MDM when requiring device compliance in Azure Conditional Access

    We use ManageEngine MDM for managing mobile devices. We want to use conditional access policies to ensure the device has been marked as compliant by ManageEngine MDM before allowing access to certain applications.

    Currently Azure AD Conditional Access Policies only supports InTune for checking device compliance as described @ https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-policy-connected-applications#trusted-devices. This should be extended to support ALL 3rd party EMM solutions.

    78 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support Linux/MacOS/Android VPN client connexion to Azure VPN P2S OpenVPN protocol with Azure Active Directory authentication

    At the moment the only way to connect to Azure VPN P2S OpenVPN protocol with Azure Active Directory authentication is with Azure VPN Client on Windows 10.
    Please create a Linux / Mac/ Android client OR any other action that as result gives user the availability to connect from OS other than Windows 10

    68 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  9. Prevent Account Lockout due to Brute Force Attack

    Currently Azure Active Directory is locking Office 365 user accounts based on the number of failed sign-ins. If the user credentials are entered incorrectly, it does not check or verify existing Azure Conditional Access Policy, whether this account can sign-in from that location (Country or IP address) or not, because the authentication was not successful.

    To prevent Azure AD account lockouts, can you design the Modern Authentication system in Azure AD to check for existing Azure Conditional Access Policy for failed logins coming from blocked locations (Country or IP address)?

    This will help Office 365 Admins prevent account lockouts, sourced…

    67 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  10. Migration of Azure CSP subscriptions to EA tenants

    It's relatively straightforward to migrate an Azure EA subscription into CSP, but not in the opposite direction.

    There's a workaround available to move CSP subscriptions out into EA tenants (by using a separate PAYG subscription as a temporary staging area), but it has issues and is not commonly documented.

    Please refine, formalise and publish the process.

    63 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure VPN with Azure MFA should require two-factor authentication every time it connects

    We are using Azure VPN client with Azure MFA, and the client requires the second factor (code via SMS) only when the user connects for the first time. After that, every time we click on the VPN icon, the VPN client connects automatically, ignoring the MFA requirement, even if we log off the user or turn off the PC. It seems that, after the first authentication with MFA, the client turns into a "one-factor authentication" access, requiring only userid and password. If someone obtains the Windows credentials for a user, an attacker with access to the laptop can connect remotely…

    60 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow granular management access of AAD groups by service principals

    We have a scenario where we would like to use automation to manage membership of an AAD group.

    We assign group owner permissions to the service principal. However, operations against that group (using Powershell cmdlets like Add-AzureAdGroupMember) fail with a 403 Forbidden.

    We cannot grant Directory.ReadWrite permissions to the AAD application, because that would allow write permissions on the entire AAD directory, not just the group that the AAD application owns.

    According to Azure support, the scenario where I would like my service principal to manage groups that it owns is not currently possible. Can we make it possible?

    60 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  13. SQL Server Management Studio - IntelliSense for Azure SQL Datawarehouse

    Currently, we can't use IntelliSense for developing Azure SQL Datawarehouse in SQL Server Management Studio or even Visual Studio.
    That's a very basic feature for all developers and should be TOP(1) priority for your development team.
    Current (but not a very good one) workaround is using Visual Studio Code... but even here, there's a bug. IntelliSense only works, if the user has read permissions on EVERY database that is available on that Azure SQL Server.

    55 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow GitHub Enterprise to be a source to sync Azure Automation Accounts

    Currently there is only three options under the source control blade which allows you to sync Azure Automation Accounts with the latest runbooks. I would like there to be an option to use GitHub Enterprise as a source as a lot of the work that is developed can not be stored on a normal GitHub and my organization pays for GitHub Enterprise

    53 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow VM SSO with Azure AD & Bastion Host

    I'm not sure why the bastion as a service does not support Azure AD login for VM's which are Azure AD joined.

    I would hope to see, VM's which are Azure AD joined, and use Bastion as a Service to simply use SSO to connect to the VM.

    When authenticated users go to connect, instead of being prompted for a password, it should simply see which account they are logged into Azure with, and automatically sign them into the VM (provided IAM allows) when they attempt to connect through Bastion.

    This would allow much easier authentication (especially when dealing with…

    51 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  16. Monitor outgoing messages of a Event Hub on a consumer group level

    Right now it is possible to monitor an Event Hub Namespace's incoming and outgoing messages. An Event Hub shared between project's will have a different consumer group for each project. Right now there's no way for the projects to monitor if they're keeping up with the message production rate, because Event Hub doesn't offer a metric of outgoing messages per consumer group.

    What I need is a metric that tells me "There's this much messages coming into this Event Hub, and this many is how much my Consumer Group is consuming."

    PS. There's also a related suggestion regarding monitoring on…

    50 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow Port Ranges for Azure Firewall DNAT Rules

    Would be great to add a range of ports to a single DNAT rule instead of a single port per rule. This prevents us from using the Azure Firewall for protocols like SIP where the ranges are in the thousands

    48 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  18. Enable MFA FIDO2 Key as the main method

    for users who cannot have a phone, it is useful to give the possibility to use fido2 security key as the first method, without an app authenticator

    46 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  19. Azure Firewall Network Rule Logs there is no place to see which rule(rule name) blocked/allowed the traffic.

    Azure Firewall Network Rule Logs there is no place to see which rule(rule name) blocked/allowed the traffic.

    This will helpful for Daily operation and troubleshooting.

    MSFT Case :120092424003536

    45 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  20. Update published base image of vmss

    Scenario:
    We have a VMSS running our frond-end servers. The instances have custom software installed on a CIS base image. We would like to to change the base image so that new instances automatically have the software installed and when we upgrade the software we can use 1 instance to create an image and reimage all other instances.
    Original plan information:
    Publisher : center-for-internet-security-inc
    Offer : cis-windows-server-2019-v1-0-0-l1
    Sku : cis-ws2019-l1
    Id :

    Update process:
    1.0 Create new managed disks (os and data) from VMSS instance disk snapshots
    1.1 Snapshot VMSS instance disks
    1.2 Create managed disk from OS disk snapshot …

    45 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 122 123
  • Don't see your idea?

(General Feedback)

Categories

Feedback and Knowledge Base