Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
-
Enable Apple Mac binding with Azure AD Domain Services
Azure AD Domain Services are great but the lack of support of Mac OS devices makes it really complicated to use. Providing a way to bind these devices with a cloud only AD solution would be great.
206 votesJust to clarify, do you really mean Azure AD Domain Services or do you mean Azure Active Directory. Domain Services is a hosted service for Active Directory onprem, while Azure Active Directory is a net new identity service.
-
Support NPS/RADIUS for Azure AD Domain Services
Add support for Microsoft NPS/RADIUS in Azure AD Domain Services
81 votes -
Azure AD Domain Services is forcing me to change passwords, even set password never expires
Azure AD Domain Services is now forcing me to change passwords for every account, inclulding service accounts, in every 30 days, even I have set password never expires. Hopefully this will be fixed soon, this is preventing or at least making inconvenient to run SharePoint workloads integrated with Azure AD Domain Services.
48 votes -
Provide AAD-DS support for geo-dispersed deployments
We are deploying IaaS and PaaS solutions which span multiple regions and geographies. We wish to leverage Azure AD Domain Services as the directory service for these solutions but are currently constrained by the single region requirement. Please provide the ability to enable AAD-DS in all subscriptions, Regions and VNet's associated with an Azure AD tenant.
Geo-dispersed limitation:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-comparison#geo-dispersed-deployments28 votes -
Span AADDS domain across multi regions
Span the same AADDS domain to multi regions - currently only possible with vnet pairing and VPN gateways. Would also add redundancy to the domain if say a region were to go down or the AADDS service were to stop within a region.
26 votes -
Fully support AzureAD Join with AzureADDS regarding Kerberos
In a classic hybrid Scenario (ADDS DCs synched with AzureAD), AzureAD joined devices get a Kerberos Ticket form a DCs if a DC is reachable through the network.
When doing the same thing using AzureAD and AzureAD Domain Services, AzureAD joined Devices never get a Kerberos Ticket from AzureAD Domain Services since this is currently not supported. (Case 116070414368551)
Regarding AzureAD Join, it would be very useful if AzureAD Domain Services would behave similar like classical ADDS DCs and deliver Kerberos Tickets to AzureAD Joined devices.24 votes -
Allow B2B users to logon to VMs using Azure AD domain services
Currently B2B users cannot login to a Azure AD Domain Services joined virtual machine. In this scenario we do not have AAD Connect, only Azure AD directory with domain services running. We can join the VMs to the AAD DS domain and sign on with member accounts but cannot sign in with B2B guest accounts.
23 votes -
Azure Active Directory Domain Services - More Pricing Tiers
Can we have more pricing tiers? I run a small consultancy business with 1 user and enabling AADDS will cost in excess of £90 a month, even though I won't have anything like the 25000 objects minimum tier cap. However AADDS is useful for demonstrating to SME clients how they can go cloud only so it would make sense to provide an entry level price point, for example max 2500 objects to suit the smaller scenarios.
22 votes -
domain services
Upgrade the Azure AD Domain Services Domain Controllers to be Windows Server 2016 instead of Windows Server 2012 R2.
We've switched to having our domain be AAD Domain Services and connected to our Office 365 domain and we'd like to enable Windows Hello for Business, but until those domain controllers are upgraded we can't utilize it. This makes the nice fingerprint scanners on our new machines useless.
19 votes -
18 votes
-
Add permission to create DFS namespace in Azure AD Services
I'm using Azure Active Directory Domain services and would like to have ability to create DFS namespace in AD.
16 votes -
AADDS: Allow pausing of Domain Services
On a demo or MSDN subscription I would like to pause Domain Services like I can pause an AD VM. That will save me costs on a demo or development focused Azure subscription. Otherwise, AAD Domain Services uses a significant portion of the $100/month MSDN credit.
15 votes -
AADDS: Integrate Domain Controller Security Logs With Azure Log Analytics
A major security shortcoming of AADDS is that you don't have access to the security logs on domain controllers.
This is critical for the security posture of many organizations.
It would be ideal to be able to feed the security logs of AADDS domain controllers in to Azure Log Analytics.
13 votes -
enterprise certificate authority (ca)
Allow for creating Enterprise CA
13 votes -
DHCP as a Service
Clients run local to sites servers with DHCP enabled and then run helpers on their network to allow DHCP to service those remote office.
Allow DHCP to be ran on servers in Azure, or run it as a service, that will allow Azure based management of all DHCP services across a company.
12 votes -
Allow Azure AD Domain services in multiple virtual networks
Right now AADDS is only available for one virtual network. In our organization we have split applications up with each application having its own VNET.
Some of these don't support SAML or OAuth2 as an authentication mechanism and only LDAP. It really sucks to have a virtual network gateway set up just for LDAP authentication.
Please allow multiple VNETs to use AADDS.
12 votes -
Bring Domain Services to Uk West and UK South
Hi There,
We are currently evaluating the use of Domain Services. For GDPR we'd need to have all our Infrastructure in the UK.
Do you have a timeline for introduction of Domain Services in the UK region.
11 votes -
proxyaddresses
Make the ProxyAddresses attribute available through LDAPS when using Managed Domain
Many Anti-Spam applications (ex: Zero Spam) need to connect via LDAPS to list users, and get their email address(es) but only the mail attribute is available...
Since LDAPS managed domain is using our Azure AD , and AzureAD already has this attributes ( synched from our onPremise AD) I don't understand why it is not available through LDAPS
11 votes -
Azure MFA / Remote Desktop ARM VM / Domain Joined to Azure AD Domain Services
I don't find any Information about if it’s possible to secure an ARM VM which is joined to a Azure AD Domain Services "Domain" with Azure MFA without the need of the installation of an extra VM with an Installation of "Azure Multi-Factor Authentication Server" please provide a Solution for this because not for all customers Azure RemoteApp or XenApp Express are a solution.
Sometimes a self-installed and self-managed Remote Desktop VM is the better way for us, but we want to spare the costs for an extra Domain Controller VM. So Azure AD Domain Services are really cool! But…
11 votes -
AADDS: Remove username collision limitation
If you have joe@mydomainusa.com and a different user that's joe@mydomaincanada.com all in the same AAD, when you enable Domain Services, only one user will function since only one user gets MYDOMAIN\joe as its username. Please remove this limitation
11 votes
- Don't see your idea?