Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Move Azure AD Domain Services between subscriptions

    Currently a lot of services/resources can be moved from one subscription to another. This way it's possible to move services to a CSP (by moving to their Azure Plan Subscriptions); or change CSP.

    Unfortunately this is not possible with Azure AD Domain Services. That means that when this is created in a subscription under a CSP, there's a CSP lock-in. Of course this is very much undesirable for a customer.

    Please allow for Azure AD Domain Services to be moved between subscriptions.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  2. Use Seamless SSO in AADDS environments.

    At the moment, having seamless SSO in Azure Active Directory Domain Services doesn't work. Logically, this feature should be automatic...

    At the moment, you can join a machine to AADDS domain, and log in to it with Azure AD credentials. But users still need to sign in manually to Office.com, office apps, etc.

    This is extremely important in a AADDS Windows Virtual Desktop scenario (where Microsoft Office is hosted as RemoteApps). To access Office, users will need to log in to WVD, then AGAIN into the remoteapp host itself, and AGAIN into the Microsoft Office apps - all with the…

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  10 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  3. Manage AADDS DNS powershell

    Currently, I am unable to find any documented methods for managing DNS in AADDS using PowerShell. If it is possible, can we get an article published that states specifically how to use PowerShell to manage DNS in AADDS? If it doesn't exist, can we get the functionality created? Using MMC is dated and limits our abilities to be automate.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support NPS/RADIUS for Azure AD Domain Services

    Add support for Microsoft NPS/RADIUS in Azure AD Domain Services

    357 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    51 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →

    UPDATE 01/06/2020
    Multiple scenarios are still being investigated.
    (We changed the status to because Started implied we were working on the feature and we did not want to represent it inaccurately. We are investigating and therefore, we are marking it under review.

  5. Allow using SHA-2 & AES encrypted wildcard SSL certificate for secure LDAP (LDAPS)

    As I understand, we can only use SHA-1 Triple-DES encrypted wildcard SSL certificate with secure LDAP (Azure LDAPS).
    Almost all of the public CAs don't issue SHA1 encrypted certificates anymore and therefore, we need Azure LDAPS accept SHA256 - AES encrypted wildcard SSL certificates so that we can utilize public certificate authorities to issue these certificates for us.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure AD Domain Services Support for LAPS

    We're lifting and shifting more and more servers and desktops from on-premise to Azure. We're protecting local admin passwords with LAPS https://www.microsoft.com/en-us/download/details.aspx?id=46899

    Since one of the main use cases for Domain Services is lift and shift, support for LAPS would make this easier.

    There's a similar suggestion here:
    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/13849404-azure-domain-services-support-for-laps but for Azure AD joined devices and not Domain Services.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure Audit logs do not show the events related to listing of AD users and groups.

    I am interested in viewing the events when someone tried to list Azure AD users, groups, or apps. Currently, this is not being captured in Audit logs.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  8. General Availability for Azure Locations based in Switzerland

    Since Microsoft has launched Azure in Switzerland, general availability of Azure AD Domain Services would be much appreciated in order VMs can be joined thus On Premise infrastructure be migrated to the Cloud.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  9. Azure File Share support Kerberos authentication for AD and AAD

    I'd like to migrate our on premise File Server to Azure File Shares. Unfortunetaly Azure File Shares do not currently support Kerberos authentication with our on premise Active Directory or our Azure Active Directory.
    In addition to this, we cannot mount Azure Files shares with ACLs enforced, even after we successfully deployed AAD-DS (Domain Services).
    A summary of my requirement would be.
    How can my users map an Azure File Share with equivalent funcionality and security they have when they map a Share on an premise File Server?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  10. Powershell support to update LDAPS certificate

    Hi, we're using Azure AD Domain Services and would like to use Let's Encrypt certificates for LDAPS. Unfortunately, It doesn't seem possible to use Powershell or some other API to programmatically update the certificate. As Let's encrypt certificates are meant to be renewed often (between 30 and 90 days depending on type of cert), we need an API to automate the certificate renewal process.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure Active Domain Services Synchronisation Report

    Currently, it is not possible to get accurate information from AADDS about what and when attributes are synchronised from Azure AD to Azure ADDS. It would be most helpful if customers could query on a per user or per directory basis to find out what attributes were synced and at what time (including password changes)

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  3 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  12. Switzerland North-South

    It's not available yet in Switzerland. Why not make available everything already? At least when to expect this?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  13. Increase regional support of AD DS

    Currently, we are limited to a single UK region for AD DS. Support of AD DS in UK West would be advantageous.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  14. DNS record set synch from local to AADDS

    There is no direct way to synch Local/On Prem DNS record set to Azure AD Domain Services.

    We are using the same domain name for local and global DNS. So it's very important for us to make every entry in local DNS as well.
    With AADDS now we have to make a same entry in Global DNS ( which is Azure DNS) and then to Local DNS and AADDS.

    There should be a way to synch Local To AADDS

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  15. Support for Kerberos authentication security events

    The idea behind is to enable Kerberos Authentication Service event from Azure AD Domain controller to get Network Information and Account Information from the computers connected to Azure AD Domain Services https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4768

    In a Microsoft Active Directory, we could easily get event ID 4768 when a computer in the domain needs to authenticate to the DC typically when a workstation boots up or a server restarts. But in Azure AD DS we could not get this event, even after if you enabled the security audits https://docs.microsoft.com/en-us/azure/active-directory-domain-services/security-audit-events

    The Event Id 4768 is not listed under the Account Logon security event lists …

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  16. I need to cancel this account as I am charged for two separate accounts and I can not seem to locate where to contact you to do this

    I can not locate where to contact you regarding my accounts - I need to close one of them as I seem to have two

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  17. Integration of Azure AD DS with Azure Private DNS

    Today, it is very painful for automation when in the same network you are mixing Linux and Windows VMs, or you need to create a custom internal domains for internal services

    There are a great product Azure Private DNS which can resolve many problems with DNS management, but it is disintegrated from Domain Services

    I think it could be the option also to resolve https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/34733890-make-azure-active-directory-dns-records-editable-t

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  18. add GC port 3269 to AD-DS created LB

    Hi,

    right now we can't access port 3269 (Global Catalog) of our AD-DS service.
    After open it in NSG and modify the LB it only stay open for hours. The LB get's overwritten every now and then.

    Request: Add LB rule for 3269 to the auto-create script of AD-DS. Customer still can control access this via NSG.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  5 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  19. AADDS domain to build trust with an on-prem domain

    have the ability to to have domain trusts so we can have our current on-prem services Domain trust user accounts in our AAD-DS Domain.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  20. AADDS allow multiple managed domain scoped views

    It would be nice to have for the following reason.
    One single Azure AD. Each branch could have it's own domain via a AADDS Managed Domain with Scoped view.

    This would be for the same tenant, same subscription. or same tenant different subscription.

    This way each branch office could manage there own users in their own scoped domain, but the AAD would maintain the identity

    Think of it like views in MS SQL..

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base