Anonymous

← Customer Feedback for ACE Community Tooling

My feedback

MFA NPS ext - Support for Network policies via RADIUS-Challange msg via SMS & OTP

46 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

7 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Delete… · Admin →

Anonymous supported this idea · April 23, 2020
Enable SSPR to reset Windows cached credentials

265 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

41 comments · Azure Active Directory » Self-Service Password Reset · Flag idea as inappropriate… · Delete… · Admin →

under review · AdminAzure AD Team (Product Owner, Microsoft Azure) responded

Hey folks! Thank you for your feedback. We are reviewing this ask and will keep you up to date on our findings. We have also added information about this limitation in our documentation. Thank you!

Anonymous supported this idea · April 03, 2020
PowerShell and Graph API support for managing Multi-Factor Authentication

822 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

122 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Delete… · Admin →

started · AdminAzure AD Team (Product Manager, Microsoft Azure) responded

We’re really pleased to let you know that we’ve released the first authentication method APIs to public preview:

https://docs.microsoft.com/graph/api/resources/authenticationmethods-overview

So far there are APIs for managing phone numbers and password resets. When phone numbers are set with the API, the user can use that number for MFA and SSPR (as allowed by your tenant’s policy).

The team is hard at work at building out APIs for all of the other authentication methods, and we’ll update the response here as they’re released.

Anonymous supported this idea · October 10, 2019
Change tracking for Conditional Access Policies

171 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

planned · 24 comments · Azure Active Directory » Conditional Access · Flag idea as inappropriate… · Delete… · Admin →

Anonymous supported this idea · October 10, 2019
Add MFA support to Secure the Windows 10 logon

775 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

65 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Delete… · Admin →

AdminAzure AD Team (Product Manager, Microsoft Azure) responded

For requiring additional factors with Windows Hello for Business, please see – https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock

For why PIN is better than a password, please see https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password

For Authenticator app sign in to Azure AD, please see https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-phone-sign-in

As always, other feedback is welcome

/Ravi

Anonymous supported this idea · August 08, 2019
Remove requirement for onprem Exchange when using DirSync

597 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

64 comments · Azure Active Directory » Azure AD Connect · Flag idea as inappropriate… · Delete… · Admin →

started · Azure AD Team responded

We’re working on a solution and will update you when we know more.

Anonymous supported this idea · August 08, 2019
Abilty to sort Conditional Access Policies alphabetically

33 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

7 comments · Azure Active Directory » Conditional Access · Flag idea as inappropriate… · Delete… · Admin →

planned · AdminAzure AD Team (Product Manager, Microsoft Azure) responded

This is something we are looking to add.

-Daniel Wood.

Anonymous supported this idea · August 08, 2019
Enable app password creation when MFA is enforced using Azure Conditional Access

159 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

22 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Delete… · Admin →

Anonymous supported this idea · August 02, 2019
AzureAD Role Delegation to Groups

548 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

71 comments · Azure Active Directory » Role-based Access Control · Flag idea as inappropriate… · Delete… · Admin →

started · AdminAzure AD Team (Product Manager, Microsoft Azure) responded

Folks,
We are working on it. There is an elevation of privilege concern associated with this feature. If a group is assigned a role, any IT admin who can manage group membership can manage that group’s membership and indirectly manage who gets the role. So, we have to ensure that the feature is secure.

We are taking a staged approach to execute this feature –
Stage 1: Supporting cloud groups to be assigned to roles
Stage 2: Supporting on-prem groups to be assigned to roles

Stay tuned!

Regards,
Abhijeet Kumar Sinha
Azure Active Directory Team

An error occurred while saving the comment

Anonymous commented · June 25, 2019

Would like an update on this.

Submitting...

Anonymous supported this idea · June 25, 2019
Conditional Access Support for Storage Explorer

148 votes

Vote

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

You have left! (?) (thinking…)

4 comments · Storage » Storage Explorer · Flag idea as inappropriate… · Delete… · Admin →

Anonymous supported this idea · April 04, 2019
Intune mam policies

7 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

0 comments · Azure mobile app · Flag idea as inappropriate… · Delete… · Admin →

unplanned · AdminAzure portal team (Product Manager, Microsoft Azure) responded

We are hoping to do this! Please upvote it!

Anonymous supported this idea · March 12, 2019
AAD access in the mobile app

85 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

5 comments · Azure mobile app · Flag idea as inappropriate… · Delete… · Admin →

under review · AdminAzure portal team (Product Manager, Microsoft Azure) responded

We definitely want to support AAD! Please vote this request up if you’d like to see it in the app.

Thank you for your feedback!

Anonymous supported this idea · March 12, 2019
Dynamic Groups: Member of group

1,050 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

80 comments · Azure Active Directory » Groups/Dynamic groups · Flag idea as inappropriate… · Delete… · Admin →

under review · Azure AD Team responded

Thank you for your feedback! The feature team is aware of this suggestion and will keep it under consideration. There are technical challenges to overcome in order to make this happen. Please keep the votes coming if this feature matters to you.

Chen

Anonymous supported this idea · February 22, 2019
Allow the User Admin role to Enable/Disable MFA for users

1,277 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

246 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Delete… · Admin →

planned · AdminAzure AD Team (Product Manager, Microsoft Azure) responded

This feature is now on the roadmap. The MFA team is planning to adjust admin roles or create a new role that will allow delegation of MFA registration and credentials to an admin role.

Anonymous supported this idea · February 22, 2019
Add support for nested groups in Azure AD (app access and provisioning, group-based licensing)

1,901 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

407 comments · Azure Active Directory » SaaS Applications · Flag idea as inappropriate… · Delete… · Admin →

started · AdminAzure AD Team (Admin, Microsoft Azure) responded

We’re currently evaluating an option that will provide the functionality offered by nested groups, but removes the complexity nested groups adds. We appreciate your patience on this ask and want to ensure we deliver a solution that benefits all of our customers. Below are use cases that we’d like for you to stack rank, with #1 being priority for you. We thank you for the continued comments and feedback.

Use case A: nested group in a cloud security group inherits apps assignment
Use case B: nested group in a cloud security group inherits license assignment
Use case C: nesting groups under Office 365 groups

Anonymous supported this idea · February 22, 2019
Ability to trigger a dynamic group update

403 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

50 comments · Azure Active Directory » Groups/Dynamic groups · Flag idea as inappropriate… · Delete… · Admin →

under review · Azure AD Team responded

Our feature team is looking into options for addressing this scenario, but we do not yet have any timelines to share. For now as a workaround, you can manually trigger the reprocessing by updating the membership rule to add a whitespace at the end. We’ve also added the ability to check the membership processing status, to keep track of the status and know if processing is complete.

Anonymous supported this idea · February 22, 2019
Merge office365 and live accounts that use the same email address

1,298 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

233 comments · Azure Active Directory » End user experiences · Flag idea as inappropriate… · Delete… · Admin →

started · AdminAzure AD Team (Product Owner, Microsoft Azure) responded

Folks,

Thanks for the questions and suggestions. And apologies for not sharing any update on this thread for so long. We’ve been working on this problem and have announced changes on our official team blog (see here: https://cloudblogs.microsoft.com/enterprisemobility/2016/09/15/cleaning-up-the-azure-ad-and-microsoft-account-overlap/).

First, we are acutely aware of the UX pain this is causing and we are sorry for this. We are trying to undo a decade and a half of systems divergence. There are literally hundreds of different engineering teams across Microsoft involved in this effort. So this is taking time.

Second, we can’t easily “merge” two accounts, or allow IT to “take over” personal Microsoft accounts. There are two main hurdles: (1) The terms of service are fundamentally different for the two account types and (2) they are based on different technologies with different stacks (different identifiers, SDKs, token formats, etc.). We’re working to converge the two stacks but again this takes time. There are details of this in the blog post linked above.

Third, in the past year we’ve worked with 70+ teams across Microsoft that operate business services but only supported MSA for historical reason. Our goal is for all of these apps to support Azure AD (work accounts) as well. As of Nov 2017, we’re about half way there. Dev Center and MSDN subscriptions (now called Visual Studio subscriptions) are example of apps that now support Azure AD. Microsoft Payment Central and Invoicing are a few weeks away. Volume Licensing and many others are in progress and a couple months away.

The best recommendations we can provide right now are:
1) Use your work account (in Azure AD) to access any work application that supports it.
2) If you had created a personal Microsoft account to access Microsoft business apps, and no longer need it, close the account. Or rename it (which means chancing the user id) to avoid confusion.

Please follow our team blog for future updates on this problem.

Ariel Gordon

Folks,

Thanks for the questions and suggestions. And apologies for not sharing any update on this thread for so long. We’ve been working on this problem and have announced changes on our official team blog (see here: https://cloudblogs.microsoft.com/enterprisemobility/2016/09/15/cleaning-up-the-azure-ad-and-microsoft-account-overlap/).

First, we are acutely aware of the UX pain this is causing and we are sorry for this. We are trying to undo a decade and a half of systems divergence. There are literally hundreds of different engineering teams across Microsoft involved in this effort. So this is taking time.

Second, we can’t easily “merge” two accounts, or allow IT to “take over” personal Microsoft accounts. There are two main hurdles: (1) The terms of service are fundamentally different for the two account types and (2) they are based on different technologies with different stacks (different identifiers, SDKs, token formats, etc.). We’re working to converge the two stacks but again this…

Anonymous supported this idea · January 29, 2019
Support exporting and importing conditional access policies using PowerShell

767 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

52 comments · Azure Active Directory » Conditional Access · Flag idea as inappropriate… · Delete… · Admin →

started · AdminAzure AD Team (Product Manager, Microsoft Azure) responded

We’ll be wrapping up work soon, after making updates from feedback we’ve received so far. We should have a public date soon.

-Caleb

Anonymous supported this idea · January 18, 2019
Set an AzureAD account to expire on a specified date

698 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

81 comments · Azure Active Directory » User Creation, Deletion, and Profile Management · Flag idea as inappropriate… · Delete… · Admin →

Anonymous supported this idea · January 18, 2019
Enter time of day as a condition for conditional access.

54 votes

Sign in
prestine

(thinking…)

Sign in with: Microsoft

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

8 comments · Azure Active Directory » Conditional Access · Flag idea as inappropriate… · Delete… · Admin →

Anonymous supported this idea · January 18, 2019

Anonymous

My feedback

MFA NPS ext - Support for Network policies via RADIUS-Challange msg via SMS & OTP

Enable SSPR to reset Windows cached credentials

PowerShell and Graph API support for managing Multi-Factor Authentication

Change tracking for Conditional Access Policies

Add MFA support to Secure the Windows 10 logon

Remove requirement for onprem Exchange when using DirSync

Abilty to sort Conditional Access Policies alphabetically

Enable app password creation when MFA is enforced using Azure Conditional Access

AzureAD Role Delegation to Groups

Conditional Access Support for Storage Explorer

Intune mam policies

AAD access in the mobile app

Dynamic Groups: Member of group

Allow the User Admin role to Enable/Disable MFA for users

Add support for nested groups in Azure AD (app access and provisioning, group-based licensing)

Ability to trigger a dynamic group update

Merge office365 and live accounts that use the same email address

Support exporting and importing conditional access policies using PowerShell

Set an AzureAD account to expire on a specified date

Enter time of day as a condition for conditional access.

Feedback and Knowledge Base

Searching…

Give feedback

Microsoft Azure

Your password has been reset