Forum Discussion
AAD join Server 2025
Hi, Brent here from the Windows Server team. Can I ask you to elaborate a bit more on how you would use Entra ID device join on Windows Servers? When is it most painful to be missing this capability? Servers in the cloud, Servers at the edge, in your datacenter? Would you use this with traditional AD or no? Would this be most convenient for configuring and deploying, or troubleshooting, or other tasks? You mention accessing corporate resources from the Server, would to know more about this. Thanks!
Microsoft
Hi, Brent here from the Windows Server team. Can I ask you to elaborate a bit more on how you would use Entra ID device join on Windows Servers? When is it most painful to be missing this capability? Servers in the cloud, Servers at the edge, in your datacenter? Would you use this with traditional AD or no? Would this be most convenient for configuring and deploying, or troubleshooting, or other tasks? You mention accessing corporate resources from the Server, would to know more about this. Thanks!
I think most people want a hybrid solution for many types of applications. Such as NPS/RADIUS, Terminal server, MFA hybrid, file synchronization to SharePoint
- Brentfor
Brentfor you're welcome! thanks for asking
Some ideas:
- Joining Windows Server VMs running on-prem hypervisors / Azure Stack HCI to Entra AD- Entra AD Services (now with new trust directions and migration possibilities
- Use Entra ID as identity instead of Kerberos / or in addition. Recently heard a 3rd party virtualization solution offers MFA for local admins, how cool is that.
- Thinking about local kerberos tickets coming to Windows 11, I suppose Windows Server, too, when DC is not in sight.
Imagine this with Windows Server using Entra, MFA / Conditional Access, PAM / PIM for Windows Server, eventually thinking about Entra Roles which would also automatically predefine PowerShell limited commandlets
- Manage Application Deployment (winget) and (Defender) Security Policies via Intune
- might be even feasible to combine this Azure Policy via Azure Arc- Hi Brent. Not OP I want to add that AAD join and AAD login on Windows Server is a very much wanted feature in our organization. Our primary use case is for servers at the edge outside of Azure. The servers we have in Azure are already AAD joined by the Azure only option of AAD joining a Windows Server. It is most needed so we do not have to maintain additional usernames/passwords on these servers.
- Brentfor
workalotdave Thank you for the feedback. This makes sense. How many user accounts do you typically have to manage for Servers at the edge today? Have you tried Entra ID pass-through and/or AD federation services?
Brentfor Sorry for the delay. We have around 10 admins that administer edge boxes. We don't have a local domain and do not want to setup a Active Directory instance on azure just for this. If we provision boxes from azure they have AAD join / authentication built-in so it already exists but its not available to just download and use.
