Azure Active Directory Domain Services Limitations

I work with Azure Active Directory (AAD) and enabled the Domain Services (AAD DS) feature to manage all my virtual machines and user-accounts. Domain Services is basically a Windows Domain Controller (in fact there are two of them), which provides Domain Join, LDAP and Authentication for your cloud hosted network and machines. As a result, all users in the AAD can login to the Windows machines by using their AAD-Account. From the documentation ( https://azure.microsoft.com/en-us/services/active-directory-ds/ ). Your domain controller as a service “Lift-and-shift” apps to Azure more easily than ever Use LDAP, Active Directory domain join, NTLM, and Kerberos authentication Rely on a managed, highly-available service Get started in minutes, pay as you go Develop and test with no identity worries Manage Azure virtual machines effectively using Group Policy I use the following setup, often referred as "cloud-only organizations" Known Limitations While