Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Support NPS/RADIUS for Azure AD Domain Services
Add support for Microsoft NPS/RADIUS in Azure AD Domain Services
376 votesUPDATE 01/06/2020
Multiple scenarios are still being investigated.
(We changed the status to because Started implied we were working on the feature and we did not want to represent it inaccurately. We are investigating and therefore, we are marking it under review. -
Span AADDS domain across multi regions
Span the same AADDS domain to multi regions - currently only possible with vnet pairing and VPN gateways. Would also add redundancy to the domain if say a region were to go down or the AADDS service were to stop within a region.
117 votesUPDATE 01/06/2020
Engineering remains in-progress.Engineering has begun work on this.
-
Allow B2B users to logon to VMs using Azure AD domain services
Currently B2B users cannot login to a Azure AD Domain Services joined virtual machine. In this scenario we do not have AAD Connect, only Azure AD directory with domain services running. We can join the VMs to the AAD DS domain and sign on with member accounts but cannot sign in with B2B guest accounts.
75 votes -
Azure Active Directory Domain Services - More Pricing Tiers
Can we have more pricing tiers? I run a small consultancy business with 1 user and enabling AADDS will cost in excess of £90 a month, even though I won't have anything like the 25000 objects minimum tier cap. However AADDS is useful for demonstrating to SME clients how they can go cloud only so it would make sense to provide an entry level price point, for example max 2500 objects to suit the smaller scenarios.
71 votes -
Add more attributes to AADDS
Expand the attributes that are syncd with AADDS and available via LDAPS. The one I'm specifically interested in at the moment is the Manager attribute, but others are important too.
55 votesHi all,
We’ve started work on adding the Manager, ProxyAddress, and employeeID attributes to AAD-DS. Thank you for your patience!
Erin Greenlee
Program Manager
IAM Core | Domain Services -
Use Seamless SSO in AADDS environments.
At the moment, having seamless SSO in Azure Active Directory Domain Services doesn't work. Logically, this feature should be automatic...
At the moment, you can join a machine to AADDS domain, and log in to it with Azure AD credentials. But users still need to sign in manually to Office.com, office apps, etc.
This is extremely important in a AADDS Windows Virtual Desktop scenario (where Microsoft Office is hosted as RemoteApps). To access Office, users will need to log in to WVD, then AGAIN into the remoteapp host itself, and AGAIN into the Microsoft Office apps - all with the…
30 votes -
domain services
Upgrade the Azure AD Domain Services Domain Controllers to be Windows Server 2016 instead of Windows Server 2012 R2.
We've switched to having our domain be AAD Domain Services and connected to our Office 365 domain and we'd like to enable Windows Hello for Business, but until those domain controllers are upgraded we can't utilize it. This makes the nice fingerprint scanners on our new machines useless.
26 votes -
enterprise certificate authority (ca)
Allow for creating Enterprise CA
25 votes -
Azure AD Domain Services Support for LAPS
We're lifting and shifting more and more servers and desktops from on-premise to Azure. We're protecting local admin passwords with LAPS https://www.microsoft.com/en-us/download/details.aspx?id=46899
Since one of the main use cases for Domain Services is lift and shift, support for LAPS would make this easier.
There's a similar suggestion here:
https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/13849404-azure-domain-services-support-for-laps but for Azure AD joined devices and not Domain Services.22 votes -
Manage AADDS DNS powershell
Currently, I am unable to find any documented methods for managing DNS in AADDS using PowerShell. If it is possible, can we get an article published that states specifically how to use PowerShell to manage DNS in AADDS? If it doesn't exist, can we get the functionality created? Using MMC is dated and limits our abilities to be automate.
21 votes -
proxyaddresses
Make the ProxyAddresses attribute available through LDAPS when using Managed Domain
Many Anti-Spam applications (ex: Zero Spam) need to connect via LDAPS to list users, and get their email address(es) but only the mail attribute is available...
Since LDAPS managed domain is using our Azure AD , and AzureAD already has this attributes ( synched from our onPremise AD) I don't understand why it is not available through LDAPS
17 votesHi all,
We’ve started work on adding the Manager, ProxyAddress, and employeeID attributes to AAD-DS. Thank you for your patience!
Erin Greenlee
Program Manager
IAM Core | Domain Services -
Move Azure AD Domain Services between subscriptions
Currently a lot of services/resources can be moved from one subscription to another. This way it's possible to move services to a CSP (by moving to their Azure Plan Subscriptions); or change CSP.
Unfortunately this is not possible with Azure AD Domain Services. That means that when this is created in a subscription under a CSP, there's a CSP lock-in. Of course this is very much undesirable for a customer.
Please allow for Azure AD Domain Services to be moved between subscriptions.
16 votes -
Azure Active Domain Services Synchronisation Report
Currently, it is not possible to get accurate information from AADDS about what and when attributes are synchronised from Azure AD to Azure ADDS. It would be most helpful if customers could query on a per user or per directory basis to find out what attributes were synced and at what time (including password changes)
16 votes -
Latency in sync between Azure ad and Managed domain
There is a delay in sync between Azure ad and domain services.
It will be great if we can reduce this sync delay.
Some times sync will not be up to date so need access to restart the sync between Azure ad and Managed domain.13 votes -
Support tags for Azure AD Domain Services
Considering adding support for Azure Tags in Azure AD Domain Services. Azure Ad Domain Services is nearly to only service that does not support tags in Azure.
@Erin
8 votes -
Azure Domain Services Allow DHCP Authorization
Could you grant AAD DC Administrators DHCP Authorization rights so we can setup a DHCP server on a non-domain server and still have it register with DNS / AD records?
Currently this is blocked.
8 votes -
AD and German Cloud
Provide Azure AD Domain Services for the German Cloud!!!!!
6 votes -
Implement Domains and Trusts from ADDS to on premise AD
After you have deployed ADDS you may want to complete a domain trust to an existing on premise domain, this is currently not possible but would be great if it was released as this is a blocker for organisations.
6 votes -
Azure File Share support Kerberos authentication for AD and AAD
I'd like to migrate our on premise File Server to Azure File Shares. Unfortunetaly Azure File Shares do not currently support Kerberos authentication with our on premise Active Directory or our Azure Active Directory.
In addition to this, we cannot mount Azure Files shares with ACLs enforced, even after we successfully deployed AAD-DS (Domain Services).
A summary of my requirement would be.
How can my users map an Azure File Share with equivalent funcionality and security they have when they map a Share on an premise File Server?5 votes -
Allow the creation of more than one Managed Domain on different subscription.
The idea of replacing our IaaS DC servers with managed domains is great, but how can we not create a second domain, if we have different subscriptions, i.e. different VNet and there is no communication between them??
5 votes
- Don't see your idea?