Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable Apple Mac binding with Azure AD Domain Services

    Azure AD Domain Services are great but the lack of support of Mac OS devices makes it really complicated to use. Providing a way to bind these devices with a cloud only AD solution would be great.

    189 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      24 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →

      Just to clarify, do you really mean Azure AD Domain Services or do you mean Azure Active Directory. Domain Services is a hosted service for Active Directory onprem, while Azure Active Directory is a net new identity service.

    • Azure Domain Services Support for LAPS

      Allow (or automatically install) LAPS within Azure Domain Services since this is the Microsoft supported standard for local administrator accounts.

      LAPS: https://technet.microsoft.com/en-us/library/security/3062591.aspx

      123 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        18 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
      • Azure AD Domain Services is forcing me to change passwords, even set password never expires

        Azure AD Domain Services is now forcing me to change passwords for every account, inclulding service accounts, in every 30 days, even I have set password never expires. Hopefully this will be fixed soon, this is preventing or at least making inconvenient to run SharePoint workloads integrated with Azure AD Domain Services.

        46 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          6 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
        • Support NPS/RADIUS for Azure AD Domain Services

          Add support for Microsoft NPS/RADIUS in Azure AD Domain Services

          34 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            7 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
          • Provide AAD-DS support for geo-dispersed deployments

            We are deploying IaaS and PaaS solutions which span multiple regions and geographies. We wish to leverage Azure AD Domain Services as the directory service for these solutions but are currently constrained by the single region requirement. Please provide the ability to enable AAD-DS in all subscriptions, Regions and VNet's associated with an Azure AD tenant.

            Geo-dispersed limitation:
            https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-comparison#geo-dispersed-deployments

            24 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              2 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
            • Fully support AzureAD Join with AzureADDS regarding Kerberos

              In a classic hybrid Scenario (ADDS DCs synched with AzureAD), AzureAD joined devices get a Kerberos Ticket form a DCs if a DC is reachable through the network.
              When doing the same thing using AzureAD and AzureAD Domain Services, AzureAD joined Devices never get a Kerberos Ticket from AzureAD Domain Services since this is currently not supported. (Case 116070414368551)
              Regarding AzureAD Join, it would be very useful if AzureAD Domain Services would behave similar like classical ADDS DCs and deliver Kerberos Tickets to AzureAD Joined devices.

              23 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
              • Span AADDS domain across multi regions

                Span the same AADDS domain to multi regions - currently only possible with vnet pairing and VPN gateways. Would also add redundancy to the domain if say a region were to go down or the AADDS service were to stop within a region.

                20 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  3 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                • domain services

                  Upgrade the Azure AD Domain Services Domain Controllers to be Windows Server 2016 instead of Windows Server 2012 R2.

                  We've switched to having our domain be AAD Domain Services and connected to our Office 365 domain and we'd like to enable Windows Hello for Business, but until those domain controllers are upgraded we can't utilize it. This makes the nice fingerprint scanners on our new machines useless.

                  19 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                  • Azure Active Directory Domain Services - More Pricing Tiers

                    Can we have more pricing tiers? I run a small consultancy business with 1 user and enabling AADDS will cost in excess of £90 a month, even though I won't have anything like the 25000 objects minimum tier cap. However AADDS is useful for demonstrating to SME clients how they can go cloud only so it would make sense to provide an entry level price point, for example max 2500 objects to suit the smaller scenarios.

                    19 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      5 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                    • Allow B2B users to logon to VMs using Azure AD domain services

                      Currently B2B users cannot login to a Azure AD Domain Services joined virtual machine. In this scenario we do not have AAD Connect, only Azure AD directory with domain services running. We can join the VMs to the AAD DS domain and sign on with member accounts but cannot sign in with B2B guest accounts.

                      18 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        4 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                      • 18 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                        • Add permission to create DFS namespace in Azure AD Services

                          I'm using Azure Active Directory Domain services and would like to have ability to create DFS namespace in AD.

                          16 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                          • AADDS: Allow pausing of Domain Services

                            On a demo or MSDN subscription I would like to pause Domain Services like I can pause an AD VM. That will save me costs on a demo or development focused Azure subscription. Otherwise, AAD Domain Services uses a significant portion of the $100/month MSDN credit.

                            14 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                            • DirectAccess as a Service

                              With domain services now providing Kerberos authentication, etc etc, it would be great to be able to deploy DirectAccess in Azure as a service. This would allow for removal of all on prem/iaas components currently required to take advantage of AD based windows management (gpos, etc).

                              13 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                              • AADDS: Integrate Domain Controller Security Logs With Azure Log Analytics

                                A major security shortcoming of AADDS is that you don't have access to the security logs on domain controllers.

                                This is critical for the security posture of many organizations.

                                It would be ideal to be able to feed the security logs of AADDS domain controllers in to Azure Log Analytics.

                                11 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                                • proxyaddresses

                                  Make the ProxyAddresses attribute available through LDAPS when using Managed Domain

                                  Many Anti-Spam applications (ex: Zero Spam) need to connect via LDAPS to list users, and get their email address(es) but only the mail attribute is available...

                                  Since LDAPS managed domain is using our Azure AD , and AzureAD already has this attributes ( synched from our onPremise AD) I don't understand why it is not available through LDAPS

                                  11 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Azure MFA / Remote Desktop ARM VM / Domain Joined to Azure AD Domain Services

                                    I don't find any Information about if it’s possible to secure an ARM VM which is joined to a Azure AD Domain Services "Domain" with Azure MFA without the need of the installation of an extra VM with an Installation of "Azure Multi-Factor Authentication Server" please provide a Solution for this because not for all customers Azure RemoteApp or XenApp Express are a solution.

                                    Sometimes a self-installed and self-managed Remote Desktop VM is the better way for us, but we want to spare the costs for an extra Domain Controller VM. So Azure AD Domain Services are really cool! But…

                                    11 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                                    • enterprise certificate authority (ca)

                                      Allow for creating Enterprise CA

                                      11 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                                      • AADDS: Remove username collision limitation

                                        If you have joe@mydomainusa.com and a different user that's joe@mydomaincanada.com all in the same AAD, when you enable Domain Services, only one user will function since only one user gets MYDOMAIN\joe as its username. Please remove this limitation

                                        11 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                                        • DHCP as a Service

                                          Clients run local to sites servers with DHCP enabled and then run helpers on their network to allow DHCP to service those remote office.

                                          Allow DHCP to be ran on servers in Azure, or run it as a service, that will allow Azure based management of all DHCP services across a company.

                                          10 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5
                                          • Don't see your idea?

                                          Feedback and Knowledge Base