Forum Discussion

MathieuVandenHautte's avatar
MathieuVandenHautte
Iron Contributor
Jul 11, 2024

Re: DNS configuration in Azure With an Azure DC VM

Hi Sim

I recommend using in Azure:
- One (or two) domain controllers (with the DNS server role)
- Multiple Azure Virtual Desktop session hosts, joined to the ADDS domain
- Azure Files
- A Network Virtual Appliance, acting as a VPN server (IPsec) and firewall

On premises, I recommend using a security appliance, acting as a:

- VPN server (IPsec)
- DNS server (resolver and forwarder)
- DHCP server

2 Replies

  • simondury's avatar
    simondury
    Copper Contributor
    Jul 11, 2024

    Thank you MathieuVandenHautte 

     

    It seems the best approach.

    I was thinking that use DNS role on DC will be to old school in Azure.

     

    So the AVD SH can be in hybrid with Entra ID to manage some aspects with Intune?

     

    Do you recommend to join Azure files (for enterprise datas like Word, Excel, not fslogix) into ADDS or use Microsoft Entra Kerberos?

     

    Thank you for your help.

     

     

     

     

    • MathieuVandenHautte's avatar
      MathieuVandenHautte
      Iron Contributor
      Jul 11, 2024

      Hi simondury

      In most cases, you don't need Intune and classic GPO's will still do the trick.
      Regarding shared data, most of the time I use Azure files using AD DS and sometimes even a classic fileserver (Azure VM).
      If you go the classic fileserver road, you might also want to manage your users profile containers (FSlogix) there.

Resources