Forum Discussion
AAD join Server 2025
Hi, Brent here from the Windows Server team. Can I ask you to elaborate a bit more on how you would use Entra ID device join on Windows Servers? When is it most painful to be missing this capability? Servers in the cloud, Servers at the edge, in your datacenter? Would you use this with traditional AD or no? Would this be most convenient for configuring and deploying, or troubleshooting, or other tasks? You mention accessing corporate resources from the Server, would to know more about this. Thanks!
Brentfor you're welcome! thanks for asking
Some ideas:
- Joining Windows Server VMs running on-prem hypervisors / Azure Stack HCI to Entra AD
- Entra AD Services (now with new trust directions and migration possibilities
- Use Entra ID as identity instead of Kerberos / or in addition. Recently heard a 3rd party virtualization solution offers MFA for local admins, how cool is that.
- Thinking about local kerberos tickets coming to Windows 11, I suppose Windows Server, too, when DC is not in sight.
Imagine this with Windows Server using Entra, MFA / Conditional Access, PAM / PIM for Windows Server, eventually thinking about Entra Roles which would also automatically predefine PowerShell limited commandlets
- Manage Application Deployment (winget) and (Defender) Security Policies via Intune
- might be even feasible to combine this Azure Policy via Azure Arc
