Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
-
Enable Apple Mac binding with Azure AD Domain Services
Azure AD Domain Services are great but the lack of support of Mac OS devices makes it really complicated to use. Providing a way to bind these devices with a cloud only AD solution would be great.
189 votesJust to clarify, do you really mean Azure AD Domain Services or do you mean Azure Active Directory. Domain Services is a hosted service for Active Directory onprem, while Azure Active Directory is a net new identity service.
-
Azure Domain Services Support for LAPS
Allow (or automatically install) LAPS within Azure Domain Services since this is the Microsoft supported standard for local administrator accounts.
LAPS: https://technet.microsoft.com/en-us/library/security/3062591.aspx
123 votesDo you really want this for Azure Active Directory Domain Services or is this for Azure Active Directory joined windows 10 machines. If so, we are looking into it.
-
Azure AD Domain Services is forcing me to change passwords, even set password never expires
Azure AD Domain Services is now forcing me to change passwords for every account, inclulding service accounts, in every 30 days, even I have set password never expires. Hopefully this will be fixed soon, this is preventing or at least making inconvenient to run SharePoint workloads integrated with Azure AD Domain Services.
46 votes -
Support NPS/RADIUS for Azure AD Domain Services
Add support for Microsoft NPS/RADIUS in Azure AD Domain Services
34 votes -
Provide AAD-DS support for geo-dispersed deployments
We are deploying IaaS and PaaS solutions which span multiple regions and geographies. We wish to leverage Azure AD Domain Services as the directory service for these solutions but are currently constrained by the single region requirement. Please provide the ability to enable AAD-DS in all subscriptions, Regions and VNet's associated with an Azure AD tenant.
Geo-dispersed limitation:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-comparison#geo-dispersed-deployments24 votes -
Fully support AzureAD Join with AzureADDS regarding Kerberos
In a classic hybrid Scenario (ADDS DCs synched with AzureAD), AzureAD joined devices get a Kerberos Ticket form a DCs if a DC is reachable through the network.
When doing the same thing using AzureAD and AzureAD Domain Services, AzureAD joined Devices never get a Kerberos Ticket from AzureAD Domain Services since this is currently not supported. (Case 116070414368551)
Regarding AzureAD Join, it would be very useful if AzureAD Domain Services would behave similar like classical ADDS DCs and deliver Kerberos Tickets to AzureAD Joined devices.23 votes -
Span AADDS domain across multi regions
Span the same AADDS domain to multi regions - currently only possible with vnet pairing and VPN gateways. Would also add redundancy to the domain if say a region were to go down or the AADDS service were to stop within a region.
20 votes -
domain services
Upgrade the Azure AD Domain Services Domain Controllers to be Windows Server 2016 instead of Windows Server 2012 R2.
We've switched to having our domain be AAD Domain Services and connected to our Office 365 domain and we'd like to enable Windows Hello for Business, but until those domain controllers are upgraded we can't utilize it. This makes the nice fingerprint scanners on our new machines useless.
19 votes -
Azure Active Directory Domain Services - More Pricing Tiers
Can we have more pricing tiers? I run a small consultancy business with 1 user and enabling AADDS will cost in excess of £90 a month, even though I won't have anything like the 25000 objects minimum tier cap. However AADDS is useful for demonstrating to SME clients how they can go cloud only so it would make sense to provide an entry level price point, for example max 2500 objects to suit the smaller scenarios.
19 votes -
Allow B2B users to logon to VMs using Azure AD domain services
Currently B2B users cannot login to a Azure AD Domain Services joined virtual machine. In this scenario we do not have AAD Connect, only Azure AD directory with domain services running. We can join the VMs to the AAD DS domain and sign on with member accounts but cannot sign in with B2B guest accounts.
18 votes -
18 votes
-
Add permission to create DFS namespace in Azure AD Services
I'm using Azure Active Directory Domain services and would like to have ability to create DFS namespace in AD.
16 votes -
AADDS: Allow pausing of Domain Services
On a demo or MSDN subscription I would like to pause Domain Services like I can pause an AD VM. That will save me costs on a demo or development focused Azure subscription. Otherwise, AAD Domain Services uses a significant portion of the $100/month MSDN credit.
14 votes -
DirectAccess as a Service
With domain services now providing Kerberos authentication, etc etc, it would be great to be able to deploy DirectAccess in Azure as a service. This would allow for removal of all on prem/iaas components currently required to take advantage of AD based windows management (gpos, etc).
13 votes -
AADDS: Integrate Domain Controller Security Logs With Azure Log Analytics
A major security shortcoming of AADDS is that you don't have access to the security logs on domain controllers.
This is critical for the security posture of many organizations.
It would be ideal to be able to feed the security logs of AADDS domain controllers in to Azure Log Analytics.
11 votes -
proxyaddresses
Make the ProxyAddresses attribute available through LDAPS when using Managed Domain
Many Anti-Spam applications (ex: Zero Spam) need to connect via LDAPS to list users, and get their email address(es) but only the mail attribute is available...
Since LDAPS managed domain is using our Azure AD , and AzureAD already has this attributes ( synched from our onPremise AD) I don't understand why it is not available through LDAPS
11 votes -
Azure MFA / Remote Desktop ARM VM / Domain Joined to Azure AD Domain Services
I don't find any Information about if it’s possible to secure an ARM VM which is joined to a Azure AD Domain Services "Domain" with Azure MFA without the need of the installation of an extra VM with an Installation of "Azure Multi-Factor Authentication Server" please provide a Solution for this because not for all customers Azure RemoteApp or XenApp Express are a solution.
Sometimes a self-installed and self-managed Remote Desktop VM is the better way for us, but we want to spare the costs for an extra Domain Controller VM. So Azure AD Domain Services are really cool! But…
11 votes -
enterprise certificate authority (ca)
Allow for creating Enterprise CA
11 votes -
AADDS: Remove username collision limitation
If you have joe@mydomainusa.com and a different user that's joe@mydomaincanada.com all in the same AAD, when you enable Domain Services, only one user will function since only one user gets MYDOMAIN\joe as its username. Please remove this limitation
11 votes -
DHCP as a Service
Clients run local to sites servers with DHCP enabled and then run helpers on their network to allow DHCP to service those remote office.
Allow DHCP to be ran on servers in Azure, or run it as a service, that will allow Azure based management of all DHCP services across a company.
10 votes
- Don't see your idea?