Ability to connect Azure Active Directory Account to Windows 8/10 Account
For small deployments (without ADDS/ADFS on-premises) it would be very useful if user could login Windows with a WAAD Account. That means: same user experience with WAAD Account as todays experience with public Microsoft (Live) ID.
Azure AD Domain Join for WIndows 10 is released.
Windows 7 and Windows 8 as well as iOS and Android can leverage Device Registration: https://azure.microsoft.com/en-us/documentation/articles/active-directory-conditional-access-device-registration-overview/
/ Brjann Brekkan
Gary Henderson commented
I strongly support this. Rather than having separate local user accounts to login to the computer, users should be able to connect their computers to Azure AD Domain Services and Azure AD Domain Services users accounts should be used to login to computers.
This would save the trouble of remembering two IDs and two passwords and this SSO would enhance user experience.
Pirmin Felber commented
Thanks for implementing this. From my point of view this idea can be put on Status done.
Gary Henderson commented
Here's a blog post describing how to get started with Azure AD join in Windows 10:
Isn't this already a thing? If you go to your Azure AD and enable device enrollment, you can join a win10 machine to the domain.
Ahmed Eltawil commented
Thanks for considering this suggestion. But will it still rely on an on premise AD?
Now that Windows 10 logs on either to a Microsoft Account, Organizational/Work Account or Local Account as default on Startup this post addresses the Organizational/Work Account of that login.
The machine joins the WAAD and is listed under the User Name in the AD under Devices.
It would be great to see the WAAD expand functionally a bit to match some of the basic functionality of an On-Premise AD, for simple Permissions, Security Groups, and GPO's so we can manage those connected workstation and users at a basic level for access and/default configurations.
Direct Connect Agent Azure Active Directory.
We would like to be able to join computers to Azure AD, just for basic user auth. Hopefully GPO's in the future also.
We think Microsoft should build a Per-Agent-Per-Month option, they already have the technology with Direct Connect, however users need Enterprise licenses.
This way we can decommission on-prem AD and have one identity online for all Microsoft systems and services.
Stuart Morris commented
Please implement this! I have just run into this use-case so the sooner the better! (Specifically with not being able to use Intune with a Microsoft Account). For the small cloud-only deployment, it's not worth hosting ADFS in Azure..
Jeff Evans commented
Making the move to a purely cloud based infrastructure means that this is a must have for us. Having to setup an ADDS in the cloud to basically replicate what WAAD already contains is just way too heavy.
Please allow direct WAAD access for Windows user accounts/authentication, contacts, groups etc.. so that we can bypass AD altogether.
Jared Pickerell - Troy USD 429 commented
Where this would be very beneficial is to be able to use our WAAD/Office 365/Organizational Account (all the same thing) for the Microsoft Store and office.microsoft.com (also Onenote mobile apps that require to first log into a Microsoft Account)! Microsoft's requirement of only allowing Windows 8 to link to a personal "Microsoft Account" and not WAAD/O365 is causing huge problems for educational institutions and businesses wanting to deploy Windows 8 and fully utilize all online services in a managed manner.
Tom Van Gramberen commented
For sure a great idea for SMB's moving to Office365.
I actually have a live case where we are discussing if an ADDS deployment is useful. This could be an alternative.
Raine Widjeskog commented
Working as an external service provider for SMB IT infrastructure, i think this might be a great function
I can't upvote this enough. Best idea on the board.
Johan Eliasson commented
This would be very much appreciated.