Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable Apple Mac binding with Azure AD Domain Services

    Azure AD Domain Services are great but the lack of support of Mac OS devices makes it really complicated to use. Providing a way to bind these devices with a cloud only AD solution would be great.

    162 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      22 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
    • Make Azure AD Domain Services available in CSP subscription

      Currently Azure Active Directory Domain Services are not available for CSP subscriptions. Firstly because you can't deploy classic VNets in CSP subscriptions and this service is required to setup AADDS. Secondly because AAD is not available for CSP subscriptions to manage from Classic Portal and according to https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-faqs there is no Powershell cmdlet to turn on AADDS. This means you can't use AAD features like Kerberos authentication in CSP offerings.

      134 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        25 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
      • Azure Domain Services Support for LAPS

        Allow (or automatically install) LAPS within Azure Domain Services since this is the Microsoft supported standard for local administrator accounts.

        LAPS: https://technet.microsoft.com/en-us/library/security/3062591.aspx

        102 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          7 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
        • Azure AD Domain Services is forcing me to change passwords, even set password never expires

          Azure AD Domain Services is now forcing me to change passwords for every account, inclulding service accounts, in every 30 days, even I have set password never expires. Hopefully this will be fixed soon, this is preventing or at least making inconvenient to run SharePoint workloads integrated with Azure AD Domain Services.

          45 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            5 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
          • Fully support AzureAD Join with AzureADDS regarding Kerberos

            In a classic hybrid Scenario (ADDS DCs synched with AzureAD), AzureAD joined devices get a Kerberos Ticket form a DCs if a DC is reachable through the network.
            When doing the same thing using AzureAD and AzureAD Domain Services, AzureAD joined Devices never get a Kerberos Ticket from AzureAD Domain Services since this is currently not supported. (Case 116070414368551)
            Regarding AzureAD Join, it would be very useful if AzureAD Domain Services would behave similar like classical ADDS DCs and deliver Kerberos Tickets to AzureAD Joined devices.

            23 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
            • domain services

              Upgrade the Azure AD Domain Services Domain Controllers to be Windows Server 2016 instead of Windows Server 2012 R2.

              We've switched to having our domain be AAD Domain Services and connected to our Office 365 domain and we'd like to enable Windows Hello for Business, but until those domain controllers are upgraded we can't utilize it. This makes the nice fingerprint scanners on our new machines useless.

              18 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
              • Azure Active Directory Domain Services - More Pricing Tiers

                Can we have more pricing tiers? I run a small consultancy business with 1 user and enabling AADDS will cost in excess of £90 a month, even though I won't have anything like the 25000 objects minimum tier cap. However AADDS is useful for demonstrating to SME clients how they can go cloud only so it would make sense to provide an entry level price point, for example max 2500 objects to suit the smaller scenarios.

                18 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  4 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                • 18 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                  • Span AADDS domain across multi regions

                    Span the same AADDS domain to multi regions - currently only possible with vnet pairing and VPN gateways. Would also add redundancy to the domain if say a region were to go down or the AADDS service were to stop within a region.

                    16 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      3 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                    • Add permission to create DFS namespace in Azure AD Services

                      I'm using Azure Active Directory Domain services and would like to have ability to create DFS namespace in AD.

                      16 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                      • Support NPS/RADIUS for Azure AD Domain Services

                        Add support for Microsoft NPS/RADIUS in Azure AD Domain Services

                        15 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          3 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                        • Provide AAD-DS support for geo-dispersed deployments

                          We are deploying IaaS and PaaS solutions which span multiple regions and geographies. We wish to leverage Azure AD Domain Services as the directory service for these solutions but are currently constrained by the single region requirement. Please provide the ability to enable AAD-DS in all subscriptions, Regions and VNet's associated with an Azure AD tenant.

                          Geo-dispersed limitation:
                          https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-comparison#geo-dispersed-deployments

                          12 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            2 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                          • DirectAccess as a Service

                            With domain services now providing Kerberos authentication, etc etc, it would be great to be able to deploy DirectAccess in Azure as a service. This would allow for removal of all on prem/iaas components currently required to take advantage of AD based windows management (gpos, etc).

                            12 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                            • Azure MFA / Remote Desktop ARM VM / Domain Joined to Azure AD Domain Services

                              I don't find any Information about if it’s possible to secure an ARM VM which is joined to a Azure AD Domain Services "Domain" with Azure MFA without the need of the installation of an extra VM with an Installation of "Azure Multi-Factor Authentication Server" please provide a Solution for this because not for all customers Azure RemoteApp or XenApp Express are a solution.

                              Sometimes a self-installed and self-managed Remote Desktop VM is the better way for us, but we want to spare the costs for an extra Domain Controller VM. So Azure AD Domain Services are really cool! But…

                              11 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                              • AADDS: Allow pausing of Domain Services

                                On a demo or MSDN subscription I would like to pause Domain Services like I can pause an AD VM. That will save me costs on a demo or development focused Azure subscription. Otherwise, AAD Domain Services uses a significant portion of the $100/month MSDN credit.

                                11 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                                • AADDS: Remove username collision limitation

                                  If you have joe@mydomainusa.com and a different user that's joe@mydomaincanada.com all in the same AAD, when you enable Domain Services, only one user will function since only one user gets MYDOMAIN\joe as its username. Please remove this limitation

                                  11 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                                  • enterprise certificate authority (ca)

                                    Allow for creating Enterprise CA

                                    10 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Allow Azure AD Domain services in multiple virtual networks

                                      Right now AADDS is only available for one virtual network. In our organization we have split applications up with each application having its own VNET.

                                      Some of these don't support SAML or OAuth2 as an authentication mechanism and only LDAP. It really sucks to have a virtual network gateway set up just for LDAP authentication.

                                      Please allow multiple VNETs to use AADDS.

                                      9 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        2 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                                      • AADDS: Link to preview portal/RM created vnet

                                        There doesn't appear to be a way to link aad domain services to a vnet created in the preview portal /azure RM; why not?? All our vnets are ARM based!

                                        9 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                                        • replace on-premises based AD with AADDS

                                          I read through with great interest the AADDS public preview use cases and documentation. It looks nice but for a very limited set of use cases. I do like the pricing.

                                          I would like to replace existing non-AD LDAP servers with AADDS and have both on-prem and cloud based apps do authentication from one common source. Turns out this isn't possible at all.

                                          I would like to have encryption for all requests to the AADDS, always.

                                          Additionally I would like to add attributes to the schema, if at all possible.

                                          I would like to AADDS join all windows devices to…

                                          9 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4
                                          • Don't see your idea?

                                          Feedback and Knowledge Base