DirectAccess as a Service
With domain services now providing Kerberos authentication, etc etc, it would be great to be able to deploy DirectAccess in Azure as a service. This would allow for removal of all on prem/iaas components currently required to take advantage of AD based windows management (gpos, etc).
You can achieve this using a point-to-site VPN connection. See https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal for details. Also, keep in mind that Azure AD DS provides legacy protocol capabilities to enable you to lift and shift applications to Azure.
Mike Stephens, AAD DS PM