Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

We have a new log in experience integrated with Azure AD, and we strongly recommend you log in with your Azure AD (Office 365) account. If your UserVoice account is the same email address as your Azure AD account, your previous activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Machine Rename - Azure AD

    Win10 machines joined to azure AD - if they get renamed this isn't reflected in Azure AD or Intune.

    218 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      45 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →

      Just to provide an update. It will be available in the next version of Win10, and will be available for Insiders starting next month. Note that the change we’re doing only applies to unmanaged devices, as Intune is the authority for managed devices.

    • Support Azure AD domain join for Windows Server 2016

      Microsoft should strongly consider implementing support for Azure AD join in future builds of Windows Server 2016. I how a couple of customers that have nearly finished the transition to all cloud and is left with a couple of servers due to legacy software. They are currently left with the option to deploy Azure AD Domain Services for supporting a couple (2-5) servers.

      https://windowsserver.uservoice.com/forums/295047-general-feedback/suggestions/32995450-support-azure-ad-domain-join-for-windows-server-20

      121 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        12 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →

        Thanks for the feedback. We’re reviewing feasibility for this feature. No timelines yet, but this is on our roadmap.

        Please share any additional feedback on this suggestion for us to review


        Ravi

      • Utilize AAD Security Groups for Device "Additional Local Administrators" support

        Emulating the Intune Roles method with Assignments, Members and Scopes would be ideal. Also the ability to disable Global Admin access (limit to groups/scopes added).

        76 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          8 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
        • Delegate permissions to remove devices

          The user role User administrator is not able to remove users registered device objekts in Azure AD. I think that roles should be granted that permisson.
          Or create an addiotional role that have the permission to remove device objects in Azure AD.

          59 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            17 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
          • All Powershell/BASH/script Azure AD join

            For converting BOYD to Azure AD in the field w/o user intervention, we need a way for elevated accounts to be able to perform an Azure AD join of devices via script.... come on, this is the basics...

            Think of it as MDM self-enrollment... if not that, then give us a one-click way for users to self-enroll the device.

            43 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              6 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →

              Thanks for the feedback on this. There are several ways to do Azure AD join (OOBE, bulk enrollment and Autopilot) which provide a richer experience to join devices to Azure AD. We’re continuously working to enhance those, so currently this is unplanned for the near future. Please continue to vote to help us prioritize


              Ravi

            • AzureAD Joined Device: Do not automatically add Global Admin to LocalAdmin Groups

              Whenever a Client Joins AzureAD, All Global Admins are automatically added as LocalAdmin on the Client joined AzuerAD. This is the default behavior of AzureAD Join – and cannot be altered currently.
              From my Point of view Global Admins are similar sensitive for the AzureAD like Domain Admins are on-premises in ADDS. On-premises a lot of effort has been taken to separate Endpoint Admins from ADDS Admins -> PtH Mitigation and other security best practices. Now AzureAD mixes up highly privileged Identity (Global Admins) and Endpoint Admins.
              Therefore we need a Switch in AzureAD to change AzureADs Default behavior and…

              33 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                2 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
              • Azure AD Join - Password Change At Logon

                When a users password expires or has been set to change at next logon, they are unable to logon on Azure AD Joined Machines, there is no 'password must be changed' dialog as there is with Local AD. Can this please be added?

                15 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
                • dsregcmd.exe with help

                  The command dsregcmd.exe should have /help switch to show all viable option of this command with usage examples.

                  13 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    8 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
                  • AzureAD join give user Admin access- needs to restrict

                    By Default AzureAD join gives user Admin access can we restrict this? This is a huge security risk.

                    13 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      2 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
                    • Auto-configure Mail / Outlook / OneDrive / Calendar apps

                      When we join computers using AD Join, existing apps (Outlook, OneDrive) should SSO to our Office 365 account -- or at least auto-complete the working user's email.

                      12 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
                      • Fix Windows 10 AAD Join not allowing user to share local resources

                        When a machine is only joined to AAD then these credentials are not allowed to be exposed to sharing local resources on workstations.

                        For example, if one machine wants to access a share on another machine we need to be able to use the AAD credentials between the machines as an authenticator.. however, these credentials do not present themselves to the local machines.

                        Somehow, we need to be able to take a local share, assign it to an AAD Group then be allowed to add/remove AAD users to and from that group so that local resources can be authenticated with…

                        10 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
                        • Support group exemption for Azure AD Join MFA requirement

                          Please add a feature that allows IT-Pros (Azure AD Admins) to define a exemption group for people performing Azure AD join. Not every user in a company uses Autopilot for setting up his/her own device or performs the Azure AD Join. Normally this is handled by the IT department. It would be nice if one could use a bypass group during Azure AD join for these users.

                          8 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            2 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
                          • Fully migrate to Azure Active directory

                            Currently there is no way to fully migrate an on-prem Active Directory domain to Azure. If there was an option to do so, I would gladly get rid of most of my server infrastructure and have it hosted in Azure.

                            Being a mid-sized company, most hybrid architectures are geared towards large sized corporations, and so add complexity to environments that make it prohibitive to take fully advantage of Azure Services.

                            Small and mid-sized companies need the same level of security, configuration capabilities, management and monitoring as large corporations, we just don't have the same resources to implement technologies like ADFS…

                            8 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              2 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
                            • Eliminate the 15 device CAP on Azure enrollment by a single O365 admin account

                              There is a 15 device CAP on Azure enrollment by a single O365 admin account. There is a program through Intune that allows up to 1000 devices in a corporate network, but there's a fair gap between 15 devices and an environment large enough to support an Intune account.

                              Let's say you've been using admin@contoso.com as your global admin account and adding computers to the Azure AD account. Currently, after enrolling 15 devices you have to create another, unlicensed Global Admin Account, such as admin2@contoso.com. Use that to add additional computers until you use up another 15 devices, then…

                              6 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
                              • Allow disabling Windows Hello without InTune subscription

                                If you've got an Office 365 subscription, you get AzureAD for free. You can domain-join machines to your AzureAD, and your users get the magic of Single Sign-On.

                                However, the default configuration is to force them to setup a PIN in "Windows Hello for Business". You can't disable this setting without an Intune or AzureAD Premium subscription.

                                5 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
                                • Create a way to block automatically Azure join only some of domain join computers (servers).

                                  Create a way to block automatically Azure join only of some domain join computers (servers). Even if you set the GPO "Software\Policies\Microsoft\Windows\WorkplaceJoin\”autoWorkplaceJoin” to disable computers with Windows 10 or Windows Server 2016 are still joined automatically at user login.

                                  5 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Azure AD Joined Machines To Get MFA Prompts at Signin

                                    When an MFA protected user logs into windows 10 azure ad joined device. It just lets them in with their username and password. Can a system please be put in place which also prompts for MFA BEFORE letting them into windows, not by a small notification in the bottom to ask for it...

                                    4 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
                                    • 4 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Azure AD device version

                                        The version that is showing under devices, is not upgraded after device version upgrade.
                                        For example, Windows 10 1703 that was updated to 1709.

                                        3 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Better documentation and notification on errors

                                          Please add more detailed information on errors and better documentation. There is not much detailed information in Event Viewer about this errors

                                          3 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1
                                          • Don't see your idea?

                                          Feedback and Knowledge Base