Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support Hybrid AD join when using VDI

    Please support Hybrid AD join when using VDI to deal with conditional access policy.

    45 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  2. Static Proxy for Windows 10 AAD Hybrid Joined Machines

    For environments requiring explicit outbound web proxy the requirements for Windows 10 Hybrid Join are far from ideal.

    Currently we have to implement WPAD which is insecure and requires internal web servers to support.

    Setting WinHTTP proxy settings will break mobile clients that are often off the corporate network.

    A much more suitable method would be similar (or identical) to Defender ATP which has the option to explicitly set a proxy.
    https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#configure-the-proxy-server-manually-using-a-registry-based-static-proxy

    Please seriously consider this! We don’t want to configure WPAD just for Hybrid Join.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  3. Fix Windows AAD Login when MDM User Scope is set to ALL

    The MDM user scope in Intune needs to be set to NONE for the machine to be able to be AAD joined. Having it to ALL will fail with code
    AzureSecureVMEnroll failed with 0x801c0001
    AzureSecureVMJoinOperation: DeviceEnroller::AzureSecureVMEnroll failed 0x801c0001. AAD Join failed with status code -214564863

    This requires someone with Intune permissions to change the scope to None for the VM to be able to AAD Join itself. This is not a valuable solution when you want to build automation. When using either the PowerShell, the cli or ARM, the extension will fail.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow administrators to join device to azure without the user's credentials

    When I have to setup a replacement laptop for an existing user I cannot join the device to Azure AD without the user's credentials. This is really difficult when the user is remote and not in the office (bigger challenge now that everyone is working from home).

    It would be great if an Azure Administrator could join a device to Azure and assign said device to the user within the Azure Portal.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support Azure AD domain join for Windows Server 2016

    Microsoft should strongly consider implementing support for Azure AD join in future builds of Windows Server 2016. I how a couple of customers that have nearly finished the transition to all cloud and is left with a couple of servers due to legacy software. They are currently left with the option to deploy Azure AD Domain Services for supporting a couple (2-5) servers.

    https://windowsserver.uservoice.com/forums/295047-general-feedback/suggestions/32995450-support-azure-ad-domain-join-for-windows-server-20

    316 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    39 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow disabling Windows Hello without InTune subscription

    If you've got an Office 365 subscription, you get AzureAD for free. You can domain-join machines to your AzureAD, and your users get the magic of Single Sign-On.

    However, the default configuration is to force them to setup a PIN in "Windows Hello for Business". You can't disable this setting without an Intune or AzureAD Premium subscription.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  7. critica constructiva.

    demasiada información incluyan imágenes para no hacer el texto tan aburrido aun que es para uso académico y su propósito no es entretener

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  8. Nidekkmathewpotts

    Describe your 💡

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  9. dsregcmd.exe with help

    The command dsregcmd.exe should have /help switch to show all viable option of this command with usage examples.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  10. Autopilot Offline profile with Hybrid AAD Join

    Please add support for doing Hybrid AAD Join with Autopilot Offline Profile... As of now we need to import hashes of devices, into Autopilot service, in order to do Hybrid AAD Join.
    Support for Hybrid AAD Join in Autopilot offline profile would be awesome, fx. when doing MDT deployment of devices etc.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  11. AzureAD join give user Admin access- needs to restrict

    By Default AzureAD join gives user Admin access can we restrict this? This is a huge security risk.

    24 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  12. this is ******** I"m on my site

    this is ********. I"m on my site,is this site not secure?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  13. Azure AD Join - Password Change At Logon

    When a users password expires or has been set to change at next logon, they are unable to logon on Azure AD Joined Machines, there is no 'password must be changed' dialog as there is with Local AD. Can this please be added?

    36 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  14. How can i join mac into Azure Active Directory, please help

    I have more than two machines in my organization, i have to add them to Azure Active directory. how can i achieve this.

    Thanks,
    Suresh

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  15. Utilize AAD Security Groups for Device "Additional Local Administrators" support

    Emulating the Intune Roles method with Assignments, Members and Scopes would be ideal. Also the ability to disable Global Admin access (limit to groups/scopes added).

    152 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →

    We’re currently working on this capability and will provide an update when it’s done.

    However, instead of expanding the “Additional Local administrators” setting, we will support adding AAD groups to Windows 10 local groups (.e.g Administrators, Remote Desktop Users) via MDM policy and elevate user privileges on logon. This will provide greater flexibility to assign different groups to different devices


    Ravi

  16. Specify Profile Path Attribute for AAD Joined Windows 10

    Administrator should be able to choose which attribute from AAD should be used for local profile path creating for Windows 10 Azure AD Joined workstations in C:\Users. Current DisplayName attribute is not flexible, because it create different paths with special characters.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  17. All Powershell/BASH/script Azure AD join

    For converting BOYD to Azure AD in the field w/o user intervention, we need a way for elevated accounts to be able to perform an Azure AD join of devices via script.... come on, this is the basics...

    Think of it as MDM self-enrollment... if not that, then give us a one-click way for users to self-enroll the device.

    135 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback on this. There are several ways to do Azure AD join (OOBE, bulk enrollment and Autopilot) which provide a richer experience to join devices to Azure AD. We’re continuously working to enhance those, so currently this is unplanned for the near future. Please continue to vote to help us prioritize


    Ravi

  18. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  19. Azure AD Joined Machines To Get MFA Prompts at Signin

    When an MFA protected user logs into windows 10 azure ad joined device. It just lets them in with their username and password. Can a system please be put in place which also prompts for MFA BEFORE letting them into windows, not by a small notification in the bottom to ask for it...

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →

    You can use Windows Hello for Business, that requires MFA to be setup and that can be used to authenticate to Windows as a strong hardware protected credential. In addition, you can also enable multifactor unlock with Windows hello that requires 2 different factors to be present for user to authenticate – https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock

    Hope this helps

  20. Azure AD Join computer without gaining local admin access

    We really need a settings option in the Azure AD portal managing the local device permission level upon Azure AD Join for users and groups.

    To get remotely close to this today we have to Azure AD join and Intune enroll with a specific Account that we only grant permission to join and it becomes the Admin as users there after does not...

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base