![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 66%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA2%3C/text%3E%3C/svg%3E)
2,343 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Yes, you can set up Azure Active Directory Domain Services (Azure AD DS) in a 100% Azure cloud (cloud-only) infrastructure**.** See: Azure AD DS for Cloud-Only Organizations
With Azure AD DS, all of the domain service components would be maintained for you by Microsoft. As detailed in Azure AD DS and self-managed AD DS:
With Azure AD DS, the core service components are deployed and maintained for you by Microsoft as a managed domain experience. You don't deploy, manage, patch, and secure the AD DS infrastructure for components like the VMs, Windows Server OS, or domain controllers (DCs).
If you are looking to configure a cloud-only environment, your two options are: 1. Configure Azure AD Domain Services in an Azure AD tenant that doesn't have an on-premises identity source. In this scenario, the user accounts and group memberships would be created and managed directly in Azure AD. 2. Run a standalone self-managed cloud-only AD DS wherein you configure Azure VMs as domain controllers.
One thing to note is that Azure AD DS has some limitations and provides a smaller subset of features to traditional self-managed AD DS environment. Some of these limitations are noted here and include the fact that there will be no AD forests, domain, sites, and replication links to design and maintain. The benefit of using Azure AD DS though is that you will get the advantage of domain join, group policy, LDAP, and Kerberos/NTLM authentication, but you won't need to deploy, manage, and patch domain controllers in the cloud.
References:
[Azure AD DS for Cloud-Only Organizations]
Tutorial: Create and configure an Azure Active Directory Domain Services managed domain
Youtube: Azure Active Directory Domain Services Overview
If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions.