Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

(General Feedback)

Do you have an idea or suggestion based on your experience with Azure? We would love to hear it! Please take a few minutes to submit your idea in the one of the forums available on the right or vote up an idea submitted by another Azure customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

This forum (General Feedback) is used for any broad feedback related to Azure. If you have feedback on a specific service such as Azure Virtual Machines, Web Apps, or SQL Database, please submit your feedback in one of the forums available on the right.

Remember that this site is only for feature suggestions and ideas!

If you have technical questions or need help with Azure, reach out to us on Microsoft Q&A or try StackOverflow


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. enable machine certificate for Radius P2S VPN

    when using Radius for P2S VPN, we could only use user cert, and machine cert is not supported. Please consider to enable machine cert.

    16 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  2. Role for hardware OATH Token management

    Actually, it is not possible to delegate permission to manage upload and activate hardware OATH Token in Azure to a specific role. In the least privilege approach, it will be useful not to use Global Admin role for that.

    40 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  3. Powershell Command improment when using the Set command

    Use the Powershell Command Set-AzApplicationGateway -ApplicationGateway $AppGw will remove the old Listener WAF policy which will cause an outrage.

    The simple steps:
    1. I Do a get a command to get the gateway into a variable $AppGW = Get-AzApplicationGateway -Name agneurdevtdt02 -ResourceGroupName rgneurdevtdt01
    2. I create a new listener, http settings, http rule via Powershell.
    3. I save the above settings into the gateway Set-AzApplicationGateway -ApplicationGateway $AppGw
    4. A soon as run Set-AzApplicationGateway -ApplicationGateway $AppGw The old WAF policy Gets disassociated with the listener

    We regards it as a bug need to fix.

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  4. Create B2C tenants programmatically

    There is no possible way to automate the creation of new Azure B2C tenants, Microsoft confirmed this currently isn't possible using either APIs or PowerShell, as of right now.

    To use Azure B2C as enterprise solution for authentication for our 5000 customers base we will need to automate the creation of B2C tenants.

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  5. improve azure support

    Not sure if there is any higher level of support, currently we have pro direct and the level of expertise in the team that our cases gets assigned to is less than ideal to say the least. It takes weeks to get them to understand the problem and obviously they are not able to solve any of the cases and they have to raise it to Product group and then the communication slows as they only communicate via email to the first level support, How do we get subject matter experts on the case?

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  6. Automatic blocking of malitious traffic on bastion would be great

    In network watcher, we can see malitious traffic was detected but allowed by bastion host. It would be great if bastion have a default blocking setting on these malicious traffics.

    30 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable Helpdesk push notification for user verification

    Even though we have enabled user self-service features for password resets using Azure SSPR, there are times were a user still needs to call the helpdesk. In order for the helpdesk to verify the user is who they say they are, we have to ( using another tool) require the user to answer security questions which are only used to verify the user. The Helpdesk is required to be able to see the users answer, allowing the Heskdesk person to challenge the user for the answer.

    It would be nice to get away from this and allow a Helpdesk person…

    29 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  8. SAP HANA DB backup support with SSLEnforce option

    Currently Azure recovery services vault backup supports SAP HANA DB backup without SSLEnforce option. We request the team to support SAP HANA backup with SSLEnforce.

    20 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  9. Expose more information in activity log if VM/VMSS provisioning failed due to "too many constraints"

    Currently the end user can only see provisioning failed in Azure portal activity logs when they failed to deploy VM/VMSS, however they have no idea why the provisioning failed. We checked from backend and know that the failure is due to "too many constraints". Is it possible to add those information in activity log so that the end user can know whet caused the provisioning failure?

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  10. Custom Role to restrict access to Activity Log and IAM

    If you need to give read access to resources but want to filter out sensitive information such as Activity Log, IAM, Cost etc, you should consider the following permissions for a custom role. The example here is for App Insights, I only wanted the user to have read access on queries and block out Activity Log, IAM, Cost

    "permissions": [

            {
    
    "actions": [
    "*/read",
    "Microsoft.OperationalInsights/workspaces/analytics/query/action",
    "Microsoft.OperationalInsights/workspaces/search/action",
    "Microsoft.Insights/Components/Read"
    ],
    "notActions": [
    "Microsoft.OperationalInsights/workspaces/sharedKeys/read",
    "Microsoft.Insights/Components/GetAvailableBillingFeatures/Read",
    "Microsoft.Insights/Components/BillingPlanForComponent/Read",
    "Microsoft.Insights/Components/CurrentBillingFeatures/Read",
    "Microsoft.Authorization/classicAdministrators/read",
    "Microsoft.Authorization/classicAdministrators/operationstatuses/read",
    "Microsoft.Authorization/denyAssignments/read",
    "Microsoft.Authorization/locks/read",
    "Microsoft.Authorization/operations/read",
    "Microsoft.Authorization/permissions/read",
    "Microsoft.Authorization/policyAssignments/read",
    "Microsoft.Authorization/policyAssignments/privateLinkAssociations/read",
    "Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/read",
    "Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnections/read",
    "Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnectionProxies/read",
    "Microsoft.Authorization/policyDefinitions/read",
    "Microsoft.Authorization/policyExemptions/read",
    "Microsoft.Authorization/policySetDefinitions/read",
    "Microsoft.Authorization/providerOperations/read",
    "Microsoft.Authorization/roleAssignments/read",
    "Microsoft.Authorization/roleDefinitions/read",
    "Microsoft.Insights/eventtypes/values/Read",
    "Microsoft.Insights/EventCategories/Read",
    "Microsoft.Insights/LogProfiles/Read",
    "Microsoft.Insights/LogDefinitions/Read",
    "Microsoft.Insights/eventtypes/digestevents/Read",
    "Microsoft.Insights/Logs/AzureActivity/Read"

    12 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow Port Ranges for Azure Firewall DNAT Rules

    Would be great to add a range of ports to a single DNAT rule instead of a single port per rule. This prevents us from using the Azure Firewall for protocols like SIP where the ranges are in the thousands

    47 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  12. Azure policy to block all public access

    I would like to be able to create a policy and apply it to subscription(s), that would block any created resource from being able to be reached from the public internet. I want my developers to be able to experiment and try out different resources, but I don't want to put my network at risk while they experiment.
    Right now I have to play wack-a-mole and identify all the different resources that could get a public IP and create policy around that resource.
    I believe it would be in Microsoft's best interest to create a policy that one could apply…

    35 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  13. support "Managment Groups" Scope under CSP Cost Management.

    Currently it is not supported selecting a "Management Group" Scope it there are CSP subscriptions (which is currently supported with Azure Plan).

    116 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  14. Edit button on Azure Sentinel Watchlist

    It will be great if Azure Sentinel watchlists include an edit button so when you need to edit your reference sets you don't have to delete it and upload it again each time.

    16 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  15. allow non-admins to receive Subscription notifications

    Today, you must be a Service Admin, Co Admin or Owner of a Subscription in order to receive audit notifications for a Subscription.

    Example: SQL Audit Log Notifications

    Users in our environment that own resources in a Subscription have Reader permissions at a Subscription scope, with higher level permissions on Resource Groups. As a result, there are very few human accounts that have Owner permissions on a Subscription. So these notifications may be missed, or are sent to Cloud Admins who then need to forward these onto Teams that own those resources. In order to maintain a least-privilege model, we…

    26 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  16. Powershell

    We want to have PowerShell command which have any ways to revoke certificate for P2S VPN in Virtual WAN.
    For PS command:
    Add-AzVpnClientRevokedCertificate -VpnClientRevokedCertificateName <String> -VirtualNetworkGatewayName <String>
    -ResourceGroupName <String> -Thumbprint <String> [-DefaultProfile <IAzureContextContainer>]
    [<CommonParameters>]

    We could not put the child gateway name such as: 2d70d7aa13284d6ca3cf4b1382f39511-southeastasia-gw

    It will shows [Resource not found], we have the needs that automate the revoke certificate process.

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
  17. Official Tool to change WVD Pool size (number of Session Hosts) based on a schedule

    We’ve set up a way to do this via script, but would really appreciate an official tool! Via Powershell script and a Runbook, Automation Account, and Service Principal, we are switching between a “peak hours” Pool size, and nightly “off peak hours” Pool size.

    When drawing down the pool size for “off peak”, we’re using cmdlets to delete Session Host objects and their associated VMs, disks, and NICs.

    When increasing the pool size for “peak hours”, we are running an Incremental Host Pool deployment from template; dynamically inserting the desired Poolsize into the deployment template .json file before Deployment.

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  18. Official Tool to shutdown/start WVD Session Hosts, based on number of User sessions

    We’ve set up a way to do this via script, but would really appreciate an official tool! Via Powershell script and Azure Function, we are automatically shutting down and starting up WVD Session Hosts (based on Pool usage) to optimize Compute usage.

    By specifying that we would like (for example) 20 Session Hosts available at all times, each time the Function executes, it calculates the current number of User Sessions in the Pool + 20, and turns on or shuts down Session Hosts accordingly.

    This may be most useful in a use case like ours, where the Session Hosts are…

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  19. Azure firewall should have a metric to be able to see the distribution of data being processed

    "Data processed" can only see the total amount of data currently processed by the FW. I think Azure FW should have a feature to see which IPs the data comes from? And how much data come from each IP.

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  20. Notification for maintenance

    Customers experience errors (like HTTP 500), and are forced to contact Azure support for the issue and how it can be resolved.
    It would be very helpful if customers received an email as to when and where a maintenance will take place, so they know when and how their applications will be affected.

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Availability  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

(General Feedback)

Categories

Feedback and Knowledge Base