Would it be advisable to deploy Domain Controllers in Azure to offer Microsoft Certificate Services to authenticate users on my Azure P2S VPNs? We are talking about 50 users. I know I can issue self signed certificates, but this is for an Enterprise grade client so I want to ensure all is kosher. I looked and I couldn’t see if Azure Active Directory offers Microsoft Certificate Services. I’d rather not deploy two Domain controllers if I don’t have to. Any ideas?