Not being able to specify primary authentication method per relying party is something I run into all the time. Can you please fix this? More and more vendors support SAML-based authentication and ADFS but none of them have a way of requesting Certificate Authentication as a primary authentication method. I do not want to change this on a global level, because we have other relying parties which use WIA. I'm guessing you have everything you need for this already, please fix!

GPResult served us well when support was done manually on each client from the keyboard. What we need now is a cmdlet that we can use when remoting into a PC and get results that are applied to the PC, including polices that are not applied.

Add a CMDLET to Remove LAPS Password reset and read permissions. Currently there is only a cmdlet to add permission, but not to clean up.

My customer experienced several outage during ADFS Toke Signing and Token Decryption certificates automatically renewing. Thus , they really hope that Microsoft PG can add alert functionality , if AutoCertificateRollover is true , when those two certificates are issued automatically by system and before promoted to Primary Certificates , will send alerts

In Group Policy today we have "Import Settings" and "Restore From Backup" kind of options. Where in both make the GPO settings with complete Replace.
It would be good to provide "Append/Replace" option when we select "Import Settings". So that when there is a requirement of clubbing GPOs it would be very useful to make one GPO from many GPOs if we have Append option.
Else it would be difficult for administration if we go on adding one by one setting.

The active directory module is really useful, but a pain to install on a server/computer.
Current install instructions are these: https://blogs.technet.microsoft.com/ashleymcglone/2016/02/26/install-the-active-directory-powershell-module-on-windows-10/

I would love the possibility to just do:
Install-Module "ActiveDirectory" and have everything good to go.

Please consider open sourcing the ActiveDirectory PowerShell Module. While regarded as feature complete internally at MSFT, there is still much work that can be done to offer PowerShell users of all skill levels a more consistent experience by ensuring all Cmdlets in the ActiveDirectory Module accept pipeline input and parameter binding by property name and value. There is also tremendous value in providing PowerShell users with Cmdlets to determine which attributes in the Active Directory schema have been indexed as well as Cmdlets to extend the schema with the addition of other attributes.

When double-clicking on a search result in "Global Search", the item that opens is the previously selected item, not the one that is double-clicked.

Steps to reproduce: Open ADAC, enter a value in global search that will get more than one result, for example "domain". This will give a list of results, the top one will be selected. Double-click on any result that is not the selected one.

Result: The previously selected item opens
Expected result: The double-clicked item opens

When opening a user or group and looking at “Member of” or “Members” in ADAC only three items is visible in the view. I would like the ability to resize the view to include more than three items.

Please add support to use SQL Azure as DB. Would open up some easy HA scenario deployments for ADFS.

ADFS + Azure SQL Managed Instances Supportability

Add supportability for extend AD FS in Azure using Azure SQL Managed Instance to host the database.

I would like to share about something miracle,that i had seen before. The existing of the miracle object in as i wish for without using technology or any devices.

Replace ADCS NDES Role Service and Intune NDES Connector with ADCS Issuing CA Intune Connector software. Seems easier solution than having seperate server for NDES and needing to publish NDES endpoint to the web, just to issue Certs to the devices managed by Intune.

Can Microsoft create a single landing page for all their ADMX templates so admins can easily find the latest templates without scouring the web?

Currently ADFS only signs tokens with the primary token-signing certificate. This makes renewing the certificate difficult if an organization has many relying party trusts configured, as the swap has to be coordinated with multiple vendors.

Please allow the signing certificate to be configured on a per-relying party basis. This would allow each relying party to migrate to the new certificate on their own schedules, as opposed to a single "big bang" approach.

Please make the GPO object for "Turn off Microsoft consumer features" work on all skus not just Enterprise and Education. I am in education but we have been buying Pro skus as we did not know about this garbage limitation which makes no sense. Removing the XBOX app and other preloaded nonsense is necessary no matter the sku. If it can join a domain this should just work. Yes there are scripts to do this but given its supported in "some" skus this should not be necessary.

Tom