both onpremises and Azure VMs should be able to join domain from WAAD. User login acconts should connect with WAAD like liveID Accounts.
Currently WAAD is just a passive copy of on premises AD. Which gets information through DirSync. But neither can Azure VMs connect to that and join its VMs to that AD and also users with windows 8 cannot connect their login accounts to WAAD accounts like they can with liveID accounts. I suggest even end users laptops should as well connect to WAAD account so that machines can get the policy from WAAD. WAAD should increase the reachout of onpremises AD, instead of just being a passive copy
Let us dig into this and see what this would look like.