AAD join Server 2025

Hi, Wondering if Server 2025 can be AAD joined. this would help some businesses that have their laptops joined as well as would also like to have the option to join their Server for their line o...

General

management

security

Brentfor
Sep 16, 2025
Hi Karl,

We are making incremental progress in that direction. Please take a look at this documentation for enabling Entra join and sign-in on Arc-enabled Windows Servers located anywhere. This has GA'd for WS2025.

Sign in to a Windows virtual machine in Azure by using Microsoft Entra ID - Microsoft Entra ID | Microsoft Learn

Note that the Arc-enabled Server cannot be joined to AD or HAADJ (or Entra Domain Services).

Thanks,
Brent

Karl-WE

MVP

Mar 08, 2024

Brentfor you're welcome! thanks for asking

Some ideas:

- Joining Windows Server VMs running on-prem hypervisors / Azure Stack HCI to Entra AD

- Entra AD Services (now with new trust directions and migration possibilities

- Use Entra ID as identity instead of Kerberos / or in addition. Recently heard a 3rd party virtualization solution offers MFA for local admins, how cool is that.

- Thinking about local kerberos tickets coming to Windows 11, I suppose Windows Server, too, when DC is not in sight.

Imagine this with Windows Server using Entra, MFA / Conditional Access, PAM / PIM for Windows Server, eventually thinking about Entra Roles which would also automatically predefine PowerShell limited commandlets
- Manage Application Deployment (winget) and (Defender) Security Policies via Intune
- might be even feasible to combine this Azure Policy via Azure Arc

Brentfor

Microsoft

Mar 08, 2024

Karl-WE

Thank you!

Forum Discussion

AAD join Server 2025

Resources