(General Feedback)
Do you have an idea or suggestion based on your experience with Azure? We would love to hear it! Please take a few minutes to submit your idea in the one of the forums available on the right or vote up an idea submitted by another Azure customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.
This forum (General Feedback) is used for any broad feedback related to Azure. If you have feedback on a specific service such as Azure Virtual Machines, Web Apps, or SQL Database, please submit your feedback in one of the forums available on the right.
Remember that this site is only for feature suggestions and ideas!If you have technical questions or need help with Azure, please try StackOverflow or visit our MSDN forums
-
Azure Data Factory (ADF) & Dynamics 365 / CDS Connectors
The option of using Azure Data Factory v2 to migrate data to the Power Platform / CDS / D365 is good, although there are a few features that are missing that almost negate considering the tool as a viable option. Two such examples are:-
- You cannot write to the createdby field on any entity as the createdby is always set in the context of the user in the Linked Service and does not respect the data that is passed to it as part of the Sink data source
- There is no way to migrate data into the native CDS /…
122 votes -
support multiple values for the same key when tagging. If i want to allocate multiple departments while tagging i should be able to do that.
Currently AzureRM tagging only supports one value for one key. This means if i want to tag multiple departments to one resource it is incapable of handling it.
63 votes -
Allow granular management access of AAD groups by service principals
We have a scenario where we would like to use automation to manage membership of an AAD group.
We assign group owner permissions to the service principal. However, operations against that group (using Powershell cmdlets like Add-AzureAdGroupMember) fail with a 403 Forbidden.
We cannot grant Directory.ReadWrite permissions to the AAD application, because that would allow write permissions on the entire AAD directory, not just the group that the AAD application owns.
According to Azure support, the scenario where I would like my service principal to manage groups that it owns is not currently possible. Can we make it possible?
50 votes -
Azure VPN with Azure MFA should require two-factor authentication every time it connects
We are using Azure VPN client with Azure MFA, and the client requires the second factor (code via SMS) only when the user connects for the first time. After that, every time we click on the VPN icon, the VPN client connects automatically, ignoring the MFA requirement, even if we log off the user or turn off the PC. It seems that, after the first authentication with MFA, the client turns into a "one-factor authentication" access, requiring only userid and password. If someone obtains the Windows credentials for a user, an attacker with access to the laptop can connect remotely…
48 votes -
SQL Server Management Studio - IntelliSense for Azure SQL Datawarehouse
Currently, we can't use IntelliSense for developing Azure SQL Datawarehouse in SQL Server Management Studio or even Visual Studio.
That's a very basic feature for all developers and should be TOP(1) priority for your development team.
Current (but not a very good one) workaround is using Visual Studio Code... but even here, there's a bug. IntelliSense only works, if the user has read permissions on EVERY database that is available on that Azure SQL Server.47 votesWhile IntelliSense support for Azure SQL was completed, we do not have plans to add support for IntelliSense with Azure SQL DW.
-
Auto-renew of certificates should create and event in the portal in case GoDaddy change their policies and need aditional validation.
Auto-renew of certificates should create and event in the portal in case GoDaddy change their policies and need aditional validation.
Even certificate with Auto-Renew, because changes of policies of GoDaddy Azure didnt renew automaticly like was configured.
Seems GoDaddy sent an email to admin of Azure account but should appear in the Portal an alert about certificate expiration.
43 votes -
Allow GitHub Enterprise to be a source to sync Azure Automation Accounts
Currently there is only three options under the source control blade which allows you to sync Azure Automation Accounts with the latest runbooks. I would like there to be an option to use GitHub Enterprise as a source as a lot of the work that is developed can not be stored on a normal GitHub and my organization pays for GitHub Enterprise
40 votes -
Support for ManageEngine MDM when requiring device compliance in Azure Conditional Access
We use ManageEngine MDM for managing mobile devices. We want to use conditional access policies to ensure the device has been marked as compliant by ManageEngine MDM before allowing access to certain applications.
Currently Azure AD Conditional Access Policies only supports InTune for checking device compliance as described @ https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-policy-connected-applications#trusted-devices. This should be extended to support ALL 3rd party EMM solutions.
39 votes -
In Azure AD Connect, enable Group Writeback for *all* types of Azure groups (including Security groups, Mail-enabled Security groups, and Ex
In Azure AD Connect, enable Group Writeback for all types of Azure groups (including Security groups, Mail-enabled Security groups, and Exchange distribution groups). This will enable us to utilize the Group Writeback feature to meet our business requirements. It is our opinion that the limitation of Azure AD Connect Group Writeback which restricts to only Microsoft 365 Groups greatly reduces the value of the feature, and we would like to understand why Microsoft decided to limit Group Writeback to only handle Microsoft 365 Groups. We would like to use Group Writeback for all types of Azure groups (including Security groups,…
38 votes -
Prevent Account Lockout due to Brute Force Attack
Currently Azure Active Directory is locking Office 365 user accounts based on the number of failed sign-ins. If the user credentials are entered incorrectly, it does not check or verify existing Azure Conditional Access Policy, whether this account can sign-in from that location (Country or IP address) or not, because the authentication was not successful.
To prevent Azure AD account lockouts, can you design the Modern Authentication system in Azure AD to check for existing Azure Conditional Access Policy for failed logins coming from blocked locations (Country or IP address)?
This will help Office 365 Admins prevent account lockouts, sourced…
38 votes -
deny guest users to list all membership users
A guest user when accept the invitation goes to a "myApp" page in which can see all tenant users (other guests included).
I want to deny this possibility (also for GDPR)33 votes -
Outstanding Payment
Need Payment history and total outstanding per subscription.
As a subscriber I can only see invoices at azure, but there is no payment history which tells me how and when azure has captured this payment.
It is our legal right to see the payments captured by AZURE. Tomorrow AZURE go and capture another payment from my card how I will reconcile which payment is for what.
If you are taking payment then you must show somewhere that we have captured this payment via this way against this invoice or for this purpose.
Also there is no way I can see…
32 votes -
Privileged Identity Management (PIM) - Start and End Time in PIM email to be in local time not UTC
Require new feature to customize the time from UTC to local time in the PIM email.
32 votes -
Add the "created by" and "created on" metadata to Azure objects
It would be helpful for each object in Azure to have the account that created the object and the date/time of the creation imbedded in the metadata for the object. This would avoid the current method of having to get that information from the Activity Log and store it somewhere else that is more permanent.
32 votes -
Get more information in Microsoft Authenticator notifications
Using MFA with Microsoft Authenticator, we can only see the username. It woulde be useful get also the application and the devices that is requesting the approval. It is difficult to determine if it is right when multiples applications are in use (Outlook, OneDrive, Skype...)
31 votes -
Migration of Azure CSP subscriptions to EA tenants
It's relatively straightforward to migrate an Azure EA subscription into CSP, but not in the opposite direction.
There's a workaround available to move CSP subscriptions out into EA tenants (by using a separate PAYG subscription as a temporary staging area), but it has issues and is not commonly documented.
Please refine, formalise and publish the process.
31 votes -
App Service update history
I would like to know the exact date and time when the Azure platform update was actually performed on Azure Portal.
I've heard many complaints about not being able to do that.Many vendors need to report exact date and time to end users.
28 votes -
Monitor alert: Throttling Health Event's title and cause needs to be more specific rather than word like "UserInitiated"
properties: {
title: This storage account was throttled because it exceeded Azure Storage partition request per second, partition bandwidth, or IP scalability limits.,
details: null,
currentHealthStatus: Degraded,
previousHealthStatus: Available,
type: Downtime,
cause: UserInitiated
},==========================
Storage account throttling can be caused by busy storage partitions on the server side which is not related to customers' usage.
The "UserInitiated" wording in the health event cause would lead to misunderstanding of reaching service limit when customers' traffic is not there yet. Maybe we can change the wording to "ClientInitiated".
More specific alert cause can help both customers and support team to identify…
28 votes -
enterprise portal auditing
The EA portal needs auditing capabilities.
27 votes -
Custom Roles AssignableScope for root ("/")
Currently Custom roles cannot have an AssignableScope set to root ("/"). Capability must be addded to have all subscriptions federating to a certain Azure AD tenant inherit a custom role. Maybe the AssignableScope parameter must be modified to also accept a tenant id or name for the scope of the role. The global admin of the tenant must be afforded the privilege to create this role.
27 votes
- Don't see your idea?