Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Support NPS/RADIUS for Azure AD Domain Services
Add support for Microsoft NPS/RADIUS in Azure AD Domain Services
231 votes -
Span AADDS domain across multi regions
Span the same AADDS domain to multi regions - currently only possible with vnet pairing and VPN gateways. Would also add redundancy to the domain if say a region were to go down or the AADDS service were to stop within a region.
53 votesEngineering has begun work on this.
-
Azure Active Directory Domain Services - More Pricing Tiers
Can we have more pricing tiers? I run a small consultancy business with 1 user and enabling AADDS will cost in excess of £90 a month, even though I won't have anything like the 25000 objects minimum tier cap. However AADDS is useful for demonstrating to SME clients how they can go cloud only so it would make sense to provide an entry level price point, for example max 2500 objects to suit the smaller scenarios.
38 votes -
Allow B2B users to logon to VMs using Azure AD domain services
Currently B2B users cannot login to a Azure AD Domain Services joined virtual machine. In this scenario we do not have AAD Connect, only Azure AD directory with domain services running. We can join the VMs to the AAD DS domain and sign on with member accounts but cannot sign in with B2B guest accounts.
32 votes -
domain services
Upgrade the Azure AD Domain Services Domain Controllers to be Windows Server 2016 instead of Windows Server 2012 R2.
We've switched to having our domain be AAD Domain Services and connected to our Office 365 domain and we'd like to enable Windows Hello for Business, but until those domain controllers are upgraded we can't utilize it. This makes the nice fingerprint scanners on our new machines useless.
22 votes -
AADDS: Allow pausing of Domain Services
On a demo or MSDN subscription I would like to pause Domain Services like I can pause an AD VM. That will save me costs on a demo or development focused Azure subscription. Otherwise, AAD Domain Services uses a significant portion of the $100/month MSDN credit.
22 votes -
migrate Azure Active Directory Domain Services from classic to resource manager
Is there a way yet to migrate AADDS from Classic to RM? We need to get off of Classic.
21 votes -
Add more attributes to AADDS
Expand the attributes that are syncd with AADDS and available via LDAPS. The one I'm specifically interested in at the moment is the Manager attribute, but others are important too.
18 votes -
enterprise certificate authority (ca)
Allow for creating Enterprise CA
18 votes -
AADDS: Integrate Domain Controller Security Logs With Azure Log Analytics
A major security shortcoming of AADDS is that you don't have access to the security logs on domain controllers.
This is critical for the security posture of many organizations.
It would be ideal to be able to feed the security logs of AADDS domain controllers in to Azure Log Analytics.
17 votes -
Bring Domain Services to Uk West and UK South
Hi There,
We are currently evaluating the use of Domain Services. For GDPR we'd need to have all our Infrastructure in the UK.
Do you have a timeline for introduction of Domain Services in the UK region.
15 votes -
proxyaddresses
Make the ProxyAddresses attribute available through LDAPS when using Managed Domain
Many Anti-Spam applications (ex: Zero Spam) need to connect via LDAPS to list users, and get their email address(es) but only the mail attribute is available...
Since LDAPS managed domain is using our Azure AD , and AzureAD already has this attributes ( synched from our onPremise AD) I don't understand why it is not available through LDAPS
15 votes -
Azure Active Domain Services Synchronisation Report
Currently, it is not possible to get accurate information from AADDS about what and when attributes are synchronised from Azure AD to Azure ADDS. It would be most helpful if customers could query on a per user or per directory basis to find out what attributes were synced and at what time (including password changes)
13 votes -
Azure MFA / Remote Desktop ARM VM / Domain Joined to Azure AD Domain Services
I don't find any Information about if it’s possible to secure an ARM VM which is joined to a Azure AD Domain Services "Domain" with Azure MFA without the need of the installation of an extra VM with an Installation of "Azure Multi-Factor Authentication Server" please provide a Solution for this because not for all customers Azure RemoteApp or XenApp Express are a solution.
Sometimes a self-installed and self-managed Remote Desktop VM is the better way for us, but we want to spare the costs for an extra Domain Controller VM. So Azure AD Domain Services are really cool! But…
12 votes -
replace on-premises based AD with AADDS
I read through with great interest the AADDS public preview use cases and documentation. It looks nice but for a very limited set of use cases. I do like the pricing.
I would like to replace existing non-AD LDAP servers with AADDS and have both on-prem and cloud based apps do authentication from one common source. Turns out this isn't possible at all.
I would like to have encryption for all requests to the AADDS, always.
Additionally I would like to add attributes to the schema, if at all possible.
I would like to AADDS join all windows devices to…
11 votes -
AADDS: Remove username collision limitation
If you have joe@mydomainusa.com and a different user that's joe@mydomaincanada.com all in the same AAD, when you enable Domain Services, only one user will function since only one user gets MYDOMAIN\joe as its username. Please remove this limitation
11 votes -
employeeid, employeetype, extensionAttributes and such should be syncable to AAD Domain Services
default attributes in a 2008 R2 schema or higher should be available in AAD DS, especially if these are already synced to AAD e.g. employeeid, employeetype, but also extensionAttributes
10 votes -
AADDS: Link to preview portal/RM created vnet
There doesn't appear to be a way to link aad domain services to a vnet created in the preview portal /azure RM; why not?? All our vnets are ARM based!
9 votes -
Rename Domain - (ADDS) Active Directory Domain Services
Allow renaming the Domain set in ADDS
7 votes -
Add 2FA/MFA support to Azure AD Domain Services
We have 2FA/MFA setup for Azure AD, and this protects any of our applications that support SAML. However, we have some applications (e.g. VPN server) that do not support SAML, and for those we use Azure AD and LDAPS. Unfortunately, this bypasses the MFA requirement, so anything with LDAPS is less secure.
It would be very helpful if Azure AD Domain Services has some kind of one-click integration with Azure MFA so we could protect these applications as well.
7 votes
- Don't see your idea?