Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

We have a new log in experience integrated with Azure AD, and we strongly recommend you log in with your Azure AD (Office 365) account. If your UserVoice account is the same email address as your Azure AD account, your previous activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support Azure AD domain join for Windows Server 2016

    Microsoft should strongly consider implementing support for Azure AD join in future builds of Windows Server 2016. I how a couple of customers that have nearly finished the transition to all cloud and is left with a couple of servers due to legacy software. They are currently left with the option to deploy Azure AD Domain Services for supporting a couple (2-5) servers.

    https://windowsserver.uservoice.com/forums/295047-general-feedback/suggestions/32995450-support-azure-ad-domain-join-for-windows-server-20

    143 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  2. Utilize AAD Security Groups for Device "Additional Local Administrators" support

    Emulating the Intune Roles method with Assignments, Members and Scopes would be ideal. Also the ability to disable Global Admin access (limit to groups/scopes added).

    82 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  3. All Powershell/BASH/script Azure AD join

    For converting BOYD to Azure AD in the field w/o user intervention, we need a way for elevated accounts to be able to perform an Azure AD join of devices via script.... come on, this is the basics...

    Think of it as MDM self-enrollment... if not that, then give us a one-click way for users to self-enroll the device.

    62 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback on this. There are several ways to do Azure AD join (OOBE, bulk enrollment and Autopilot) which provide a richer experience to join devices to Azure AD. We’re continuously working to enhance those, so currently this is unplanned for the near future. Please continue to vote to help us prioritize


    Ravi

  4. Delegate permissions to remove devices

    The user role User administrator is not able to remove users registered device objekts in Azure AD. I think that roles should be granted that permisson.
    Or create an addiotional role that have the permission to remove device objects in Azure AD.

    62 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  5. AzureAD Joined Device: Do not automatically add Global Admin to LocalAdmin Groups

    Whenever a Client Joins AzureAD, All Global Admins are automatically added as LocalAdmin on the Client joined AzuerAD. This is the default behavior of AzureAD Join – and cannot be altered currently.
    From my Point of view Global Admins are similar sensitive for the AzureAD like Domain Admins are on-premises in ADDS. On-premises a lot of effort has been taken to separate Endpoint Admins from ADDS Admins -> PtH Mitigation and other security best practices. Now AzureAD mixes up highly privileged Identity (Global Admins) and Endpoint Admins.
    Therefore we need a Switch in AzureAD to change AzureADs Default behavior and…

    35 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure AD Join - Password Change At Logon

    When a users password expires or has been set to change at next logon, they are unable to logon on Azure AD Joined Machines, there is no 'password must be changed' dialog as there is with Local AD. Can this please be added?

    19 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  7. AzureAD join give user Admin access- needs to restrict

    By Default AzureAD join gives user Admin access can we restrict this? This is a huge security risk.

    15 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  8. dsregcmd.exe with help

    The command dsregcmd.exe should have /help switch to show all viable option of this command with usage examples.

    13 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  9. Auto-configure Mail / Outlook / OneDrive / Calendar apps

    When we join computers using AD Join, existing apps (Outlook, OneDrive) should SSO to our Office 365 account -- or at least auto-complete the working user's email.

    12 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  10. Fix Windows 10 AAD Join not allowing user to share local resources

    When a machine is only joined to AAD then these credentials are not allowed to be exposed to sharing local resources on workstations.

    For example, if one machine wants to access a share on another machine we need to be able to use the AAD credentials between the machines as an authenticator.. however, these credentials do not present themselves to the local machines.

    Somehow, we need to be able to take a local share, assign it to an AAD Group then be allowed to add/remove AAD users to and from that group so that local resources can be authenticated with…

    10 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow disabling Windows Hello without InTune subscription

    If you've got an Office 365 subscription, you get AzureAD for free. You can domain-join machines to your AzureAD, and your users get the magic of Single Sign-On.

    However, the default configuration is to force them to setup a PIN in "Windows Hello for Business". You can't disable this setting without an Intune or AzureAD Premium subscription.

    9 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support group exemption for Azure AD Join MFA requirement

    Please add a feature that allows IT-Pros (Azure AD Admins) to define a exemption group for people performing Azure AD join. Not every user in a company uses Autopilot for setting up his/her own device or performs the Azure AD Join. Normally this is handled by the IT department. It would be nice if one could use a bypass group during Azure AD join for these users.

    8 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  13. Fully migrate to Azure Active directory

    Currently there is no way to fully migrate an on-prem Active Directory domain to Azure. If there was an option to do so, I would gladly get rid of most of my server infrastructure and have it hosted in Azure.

    Being a mid-sized company, most hybrid architectures are geared towards large sized corporations, and so add complexity to environments that make it prohibitive to take fully advantage of Azure Services.

    Small and mid-sized companies need the same level of security, configuration capabilities, management and monitoring as large corporations, we just don't have the same resources to implement technologies like ADFS…

    8 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  14. Autopilot Offline profile with Hybrid AAD Join

    Please add support for doing Hybrid AAD Join with Autopilot Offline Profile... As of now we need to import hashes of devices, into Autopilot service, in order to do Hybrid AAD Join.
    Support for Hybrid AAD Join in Autopilot offline profile would be awesome, fx. when doing MDT deployment of devices etc.

    6 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  15. Create a way to block automatically Azure join only some of domain join computers (servers).

    Create a way to block automatically Azure join only of some domain join computers (servers). Even if you set the GPO "Software\Policies\Microsoft\Windows\WorkplaceJoin\”autoWorkplaceJoin” to disable computers with Windows 10 or Windows Server 2016 are still joined automatically at user login.

    6 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  16. Eliminate the 15 device CAP on Azure enrollment by a single O365 admin account

    There is a 15 device CAP on Azure enrollment by a single O365 admin account. There is a program through Intune that allows up to 1000 devices in a corporate network, but there's a fair gap between 15 devices and an environment large enough to support an Intune account.

    Let's say you've been using admin@contoso.com as your global admin account and adding computers to the Azure AD account. Currently, after enrolling 15 devices you have to create another, unlicensed Global Admin Account, such as admin2@contoso.com. Use that to add additional computers until you use up another 15 devices, then…

    6 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  17. Azure AD Joined Machines To Get MFA Prompts at Signin

    When an MFA protected user logs into windows 10 azure ad joined device. It just lets them in with their username and password. Can a system please be put in place which also prompts for MFA BEFORE letting them into windows, not by a small notification in the bottom to ask for it...

    4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  18. 4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  19. Azure AD Join computer without gaining local admin access

    We really need a settings option in the Azure AD portal managing the local device permission level upon Azure AD Join for users and groups.

    To get remotely close to this today we have to Azure AD join and Intune enroll with a specific Account that we only grant permission to join and it becomes the Admin as users there after does not...

    3 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure AD device version

    The version that is showing under devices, is not upgraded after device version upgrade.
    For example, Windows 10 1703 that was updated to 1709.

    3 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base