Forum Discussion
Requirement to have an on-prem AD
HandA
on-prem AD is not required.
AD requirements:
Option 1: Domain controller that is synchronized with Azure Active Directory. The domain controller can be on-prem or in cloud. To synchronize with Azure Active Directory install Azure Active Directory Connect.
Option 2: Azure AD Domain Services domain in Azure (automatically synced with Azure Active Directory)
MicrosoftHybrid-join means joining the machine to Active Directory, and then having those device objects synced with Azure AD Connect to Azure AD (with writeback). One of a few ways of accomplishing this is joining the machine to a domain created in Azure Active Directory Domain Services (AAD-DS) - as that is Active Directory as a service, which is automatically synced to an Azure AD that you configure when you set up AAD-DS.
Note: Azure Active Directory (Azure AD) is not the same thing as Azure Active Directory Domain Services (https://azure.microsoft.com/en-us/services/active-directory-ds/).
While it is possible to join Windows 10 machines directly to Azure AD, and there are many great reasons to do that rather than joining or hybrid-joining with an Active Directory domain (particularly in a modern management environment), it is not supported for Windows Virtual Desktop. The Windows Virtual Desktop service specifically requires that the machine is joined to an Active Directory Domain.
Mike AmoxI have just started working with Azure AD and now WVD. The future plans are WVD for a large percentage of our users. Right now i can't get the WVD to connect to AD. We have a hybrid AD with AD connect, but I don't have a DC in Azure or AAD DS currently. From what I have been reading I will have to set one of those up for WVD to join the domain. Correct? Or an Azure VPN to on-prem network. Ultimate goal is 100% cloud in the near future.
Our environment is just like yours. All Windows autopilot AAD joined and managed through Intune.
We just want to use the WVD to make a secure remote desktop environment available for colleagues that want t o use there own MAC Books or Chrome Books. Actually we can doe that using Intune compliancy policies but that is not the way that we are thinking about.
We want to get same user experience on all client platforms. WVD is the way we want to go but without on-prem dependency or extra online AADS services.
Lets hope that MS is really working on that -;Thank you for your reply, but my understanding is that Azure AD Domain Services is essentially a traditional AD Domain as a service running in Azure. We do not have, nor do we need that for our 100% cloud environment. All our machines are deployed using Windows Autopilot and managed by Intune. Machines are Azure AD Joined, which is different from joining a domain, whether on-prem, using Azure AD Domain Services, or hybrid.
On 4/9/19, Mr. Montoya posted that what I'm looking for was on the backlog and referred to it as "100% cloud" and followed up on 12/4/19 that they were still investigating. I am looking for an update on this functionality.
- Azure Ad Domain services works fine
It has been over a year since you posted that Azure AD Join for WVD was on the backlog. As an organization that has completely eliminated our infrastructure and migrated to 100% Azure and Office 365, not having this option is a major barrier to implementing virtual desktops. Is there a way to track this feature or understand where it is on the priority list?
Thanks,
John
- Christian_Montoya
Roger_Cox : That is correct, you will either need to create an instance of Azure AD Domain Services or create a VPN/ExpressRoute to the on-prem network.
We have gotten similar feedback of being "100% cloud" and we have an item in our backlog to support Azure AD Join VMs.
