Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support Hybrid AD join when using VDI

    Please support Hybrid AD join when using VDI to deal with conditional access policy.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support Azure AD domain join for Windows Server 2016

    Microsoft should strongly consider implementing support for Azure AD join in future builds of Windows Server 2016. I how a couple of customers that have nearly finished the transition to all cloud and is left with a couple of servers due to legacy software. They are currently left with the option to deploy Azure AD Domain Services for supporting a couple (2-5) servers.

    https://windowsserver.uservoice.com/forums/295047-general-feedback/suggestions/32995450-support-azure-ad-domain-join-for-windows-server-20

    241 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    27 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow disabling Windows Hello without InTune subscription

    If you've got an Office 365 subscription, you get AzureAD for free. You can domain-join machines to your AzureAD, and your users get the magic of Single Sign-On.

    However, the default configuration is to force them to setup a PIN in "Windows Hello for Business". You can't disable this setting without an Intune or AzureAD Premium subscription.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  4. critica constructiva.

    demasiada información incluyan imágenes para no hacer el texto tan aburrido aun que es para uso académico y su propósito no es entretener

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  5. Nidekkmathewpotts

    Describe your 💡

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  6. dsregcmd.exe with help

    The command dsregcmd.exe should have /help switch to show all viable option of this command with usage examples.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  7. Autopilot Offline profile with Hybrid AAD Join

    Please add support for doing Hybrid AAD Join with Autopilot Offline Profile... As of now we need to import hashes of devices, into Autopilot service, in order to do Hybrid AAD Join.
    Support for Hybrid AAD Join in Autopilot offline profile would be awesome, fx. when doing MDT deployment of devices etc.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  8. AzureAD join give user Admin access- needs to restrict

    By Default AzureAD join gives user Admin access can we restrict this? This is a huge security risk.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  9. this is ******** I"m on my site

    this is ********. I"m on my site,is this site not secure?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure AD Join - Password Change At Logon

    When a users password expires or has been set to change at next logon, they are unable to logon on Azure AD Joined Machines, there is no 'password must be changed' dialog as there is with Local AD. Can this please be added?

    28 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  11. How can i join mac into Azure Active Directory, please help

    I have more than two machines in my organization, i have to add them to Azure Active directory. how can i achieve this.

    Thanks,
    Suresh

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  12. Utilize AAD Security Groups for Device "Additional Local Administrators" support

    Emulating the Intune Roles method with Assignments, Members and Scopes would be ideal. Also the ability to disable Global Admin access (limit to groups/scopes added).

    113 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →

    We’re currently working on this capability and will provide an update when it’s done.

    However, instead of expanding the “Additional Local administrators” setting, we will support adding AAD groups to Windows 10 local groups (.e.g Administrators, Remote Desktop Users) via MDM policy and elevate user privileges on logon. This will provide greater flexibility to assign different groups to different devices


    Ravi

  13. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure AD Joined Machines To Get MFA Prompts at Signin

    When an MFA protected user logs into windows 10 azure ad joined device. It just lets them in with their username and password. Can a system please be put in place which also prompts for MFA BEFORE letting them into windows, not by a small notification in the bottom to ask for it...

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →

    You can use Windows Hello for Business, that requires MFA to be setup and that can be used to authenticate to Windows as a strong hardware protected credential. In addition, you can also enable multifactor unlock with Windows hello that requires 2 different factors to be present for user to authenticate – https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock

    Hope this helps

  15. All Powershell/BASH/script Azure AD join

    For converting BOYD to Azure AD in the field w/o user intervention, we need a way for elevated accounts to be able to perform an Azure AD join of devices via script.... come on, this is the basics...

    Think of it as MDM self-enrollment... if not that, then give us a one-click way for users to self-enroll the device.

    90 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback on this. There are several ways to do Azure AD join (OOBE, bulk enrollment and Autopilot) which provide a richer experience to join devices to Azure AD. We’re continuously working to enhance those, so currently this is unplanned for the near future. Please continue to vote to help us prioritize


    Ravi

  16. Specify Profile Path Attribute for AAD Joined Windows 10

    Administrator should be able to choose which attribute from AAD should be used for local profile path creating for Windows 10 Azure AD Joined workstations in C:\Users. Current DisplayName attribute is not flexible, because it create different paths with special characters.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  17. Azure AD Join computer without gaining local admin access

    We really need a settings option in the Azure AD portal managing the local device permission level upon Azure AD Join for users and groups.

    To get remotely close to this today we have to Azure AD join and Intune enroll with a specific Account that we only grant permission to join and it becomes the Admin as users there after does not...

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  18. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  19. Delegate permissions to remove devices

    The user role User administrator is not able to remove users registered device objekts in Azure AD. I think that roles should be granted that permisson.
    Or create an addiotional role that have the permission to remove device objects in Azure AD.

    63 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    18 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  20. Create a way to block automatically Azure join only some of domain join computers (servers).

    Create a way to block automatically Azure join only of some domain join computers (servers). Even if you set the GPO "Software\Policies\Microsoft\Windows\WorkplaceJoin\”autoWorkplaceJoin” to disable computers with Windows 10 or Windows Server 2016 are still joined automatically at user login.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base