Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure Domain Services Support for LAPS

    Allow (or automatically install) LAPS within Azure Domain Services since this is the Microsoft supported standard for local administrator accounts.

    LAPS: https://technet.microsoft.com/en-us/library/security/3062591.aspx

    235 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    43 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  2. Address VDI and M365 licensing

    Hello everyone, this is a requested change for the components of Azure AD machine join. The use case here is for clients to upgrade their existing Windows PC (7,8,10) to Windows 10 enterprise. Our customer base uses VMware's Horizon view for VDI. VMware's official supported license is KMS. Our clients would love to transition to a cloud based licensing model, but the Windows 10 E3 license does not work with the cloning technology for a couple of reasons.

    Horizon Cloning options & pool types:
    • Manual - VM is not built in Horizon, only brokered through it.
    • Full Clone…

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  3. Hybrid Joined Devices support with FIDO2

    I realise the support for FIDO2 logins with Azure AD was only just released recently, but what timeline is there for support for hybrid joined devices login?

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure AD Join for MacOS

    We only have option for MacOS to register to Azure AD.
    Customer needs to logon to MacOS by using Azure AD user, so they would like us to add functions for MacOS to Join to Azure AD.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  5. Migrate User and Computer to Azure AD

    Microsoft needs to provide a command-line option or built-in feature that allows the ability to migrate existing AD user and computer objects to Azure AD.

    * Hybrid join does not stay AAD joined if you remove from AD.
    * Bulk enrollment only works for OOBE (new device0 and not existing devices.
    * USMT does not support AAD accounts, requires profile to be manually logged on first to create Windows Profile. There is no way to get the AAD user SID to try and pre-create profile for USMT.

    There either needs to be a tool or built-in mechanism to "switch" from…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable Seamless sign on for cloud only tenants (without AADC)

    Enable cloud only accounts with AAD Joined machines to leverage seamless sign on. Not all tenants are using on premises AD.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow Windows Hello to be optional

    We're provisioning laptops in Intune for Students. Some of them, not all, wish to use Windows Hello so that they can make use of their fingerprint scanner.

    If we allow this in Intune then the Windows Hello enforcement is taken from Azure and everyone has to use Windows Hello. If we disable it in Intune, then no-one can use it.

    There's no happy medium. We can't make students use it, as some of them will find that very confusing, but disabling it also makes for some very unhappy faces. When really we don't mind if they want to use it…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  8. don't want to be added to the users performing the Azure AD join to local administrators group

    Some members are added to local administrators group when users perform Azure AD join.

    - The Azure AD global administrator role
    - The Azure AD device administrator role
    - The user performing the Azure AD join

    https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin

    But I don't want to add the users performing the Azure AD join to local administrators group.
    Currently we can't restrict this behavior.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  9. Integrate dsregcmd cleanup tool into Windows 10 so errors in registration will be cleared in automated way

    Attached tooling has been sent to us by Microsoft support team to clear the dsregcmd join of Windows 10 devices. However, I'd like to see this tool integrated into Windows 10, instead of us having to deploy this tool manually on about 5% of all devices (about 100 users in our environment).

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  10. Need an easy way to Domain joined PCs to AzureAD Joined ONLY PCs.

    Need an easy way to AzureAD Join users on Domain joined machines. Currently in order to switch a user to AzureAD Join you have break their local domain account. This means the user loses their settings and profile. This is too disruptive to our end users at Corporate. We even enabled Hybrid Azure AD Join thinking it would allow us to connect to Azure AD and then disconnect the domain and allow the user's profile to stay intact. MSFT informed me that it doesn't work this way.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  11. Prevent Other Users from Logging into Azure AD Joined Computer

    When a computer is joined to Azure AD any user can log into it and use it. We need a way to prevent this from happening, limiting machines to only certain users or groups.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  12. AzureAD cannot support AWS China region

    I want to use SAML-based accessing to manage AWS China account, but provision configuration cannot support to take the connection to AWS China account. It will connect to AWS Global by default, and I can't choose a region.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  14. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  15. Let's do it automatic instead

    Manual join a VM to a domain and manual disjoin domain to a domain before removing/deleting the VM is too much . Giving the current state of the art , it should be possible to do it in the console when creating the VM or removing it. It will resolve orphans.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  16. Passwordless Sign in for Azure Active Diretory using Fido 2 security Keys

    As the machines are joined to local domain I am not able to join the machines to Azure AD to implement this service. Can you guys guide me the way how to Join the machines which are joined to local domain without changing the domain

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  17. Passwordless Sign in for Azure Active Diretory using Fido 2 security Keys

    As the machines are joined to local domain I am not able to join the machines to Azure AD to implement this service. Can you guys guide me the way how to Join the machines which are joined to local domain without changing the ndomain

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add Angola to the list of countries for creation of tenant

    While trying to create my Azure AD/Tenant, I have noticed that my location (Angola) is not available in the list of countries or regions. It is clear that I cannot choose a random country/region now because I won't be able to alter it later, therefore, could you please add this country to the list?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  19. Do we have a powershell method to activate Azure Resource roles ( not Azure AD roles )

    Do we have a powershell method to activate Azure Resource roles ( not Azure AD roles )

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
  20. automate disjoin

    With a mass deployment to be able to use Intune MDM management, our devices needs to be joined and registered correctly. However, most of our devices are in "Pending" state and we would like the ability to do a bulk disjoin, remove the email account under Access work or school settings, and then be able to re-register the device successfully to be later enrolled in Intune MDM management.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Join  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base