Announcing General Availability of Azure AD-joined VMs support for Azure Virtual Desktop

Published Sep 15 2021 09:51 AM 23.8K Views
Microsoft

We're pleased to announce that you can now join your Azure Virtual Desktop virtual machines directly to Azure Active Directory (Azure AD) and connect to the virtual machine from any device with basic credentials. You’ll also be able to automatically enroll the virtual machines with Microsoft Endpoint Manager.

 

Azure portal showing the new Azure AD and Intune options for Azure Virtual Desktop host pools.Azure portal showing the new Azure AD and Intune options for Azure Virtual Desktop host pools.

 

This new configuration allows you to provide access to cloud-only users (created in Azure AD and not synchronized from an on-prem directory) which wasn't possible before. For certain scenarios, this will help eliminate the need for a domain controller, help reduce cost, and streamline your deployment. While this is a major milestone, it’s just the beginning of the journey towards full integration with Azure Active Directory. We will continue adding new capabilities such as support for FSLogix profiles, single sign-on, additional credential types like FIDO2, and Azure Files for cloud users.

 

To learn more, visit our documentation page.

26 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-2751083%22%20slang%3D%22en-US%22%3EAnnouncing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2751083%22%20slang%3D%22en-US%22%3E%3CP%3EWe're%20pleased%20to%20announce%20that%26nbsp%3Byou%20can%20now%26nbsp%3Bjoin%20your%20Azure%20Virtual%20Desktop%20virtual%20machines%20directly%20to%20Azure%20Active%20Directory%20(Azure%20AD)%20and%20connect%20to%20the%20virtual%20machine%20from%20any%20device%20with%20basic%20credentials.%20You%E2%80%99ll%20also%20be%20able%20to%20automatically%20enroll%20the%20virtual%20machines%20with%20Microsoft%20Endpoint%20Manager.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AADJ%20Portal%20UI%20with%20highlight.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F310446i1A04F36E3518C61E%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AADJ%20Portal%20UI%20with%20highlight.jpg%22%20alt%3D%22Azure%20portal%20showing%20the%20new%20Azure%20AD%20and%20Intune%20options%20for%20Azure%20Virtual%20Desktop%20host%20pools.%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EAzure%20portal%20showing%20the%20new%20Azure%20AD%20and%20Intune%20options%20for%20Azure%20Virtual%20Desktop%20host%20pools.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20new%20configuration%20allows%20you%20to%20provide%20access%20to%20cloud-only%20users%20(created%20in%20Azure%20AD%20and%20not%20synchronized%20from%20an%20on-prem%20directory)%20which%20wasn't%20possible%20before.%20For%20certain%20scenarios%2C%20this%20will%20help%20eliminate%20the%20need%20for%20a%20domain%20controller%2C%20help%20reduce%20cost%2C%20and%20streamline%20your%20deployment.%20While%20this%20is%20a%20major%20milestone%2C%20it%E2%80%99s%20just%20the%20beginning%20of%20the%20journey%20towards%20full%20integration%20with%20Azure%20Active%20Directory.%20We%20will%20continue%20adding%20new%20capabilities%20such%20as%20support%20for%20FSLogix%20profiles%2C%20single%20sign-on%2C%20additional%20credential%20types%20like%20FIDO2%2C%20and%20Azure%20Files%20for%20cloud%20users.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20learn%20more%2C%20visit%20our%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fvirtual-desktop%2Fdeploy-azure-ad-joined-vm%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Edocumentation%20page%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2751083%22%20slang%3D%22en-US%22%3E%3CP%3ELearn%20about%20how%20you%20can%20now%20deploy%20Azure%20AD-joined%20VMs%20in%20your%20host%20pools%20for%20Azure%20Virtual%20Desktop.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2751083%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EUpdates%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2753905%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2753905%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20super%20exciting!%20So%20much%20progress%20in%20such%20a%20short%20time.%20Thanks%20for%20all%20the%20hard%20work.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2754531%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2754531%22%20slang%3D%22en-US%22%3E%3CP%3EAzure%20knowns%20what%20the%20Business%20%26amp%3B%20Enterprise%20need%2C%20and%20they%20are%20working%20on%20it%2C%20can't%20wait%20!!!!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3E%3CSPAN%3Esupport%20for%20FSLogix%20profiles%2C%20single%20sign-on%2C%20additional%20credential%20types%20like%20FIDO2%2C%20and%20Azure%20Files%20for%20cloud%20users%3C%2FSPAN%3E%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%3CSPAN%3EThanks%20Azure%20Teams%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2756304%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2756304%22%20slang%3D%22en-US%22%3E%3CP%3EFinally!%20Does%20this%20mean%20that%20customers%20can%20retire%20Azure%20AD%20DS%20if%20you%20are%20fully%20cloud%3F%20We%20only%20had%20this%20running%20in%20Azure%20because%20it%20was%20required%20for%20virtual%20desktop.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2758544%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2758544%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1065338%22%20target%3D%22_blank%22%3E%40LukeAltanet%3C%2FA%3E%26nbsp%3BDepending%20on%20your%20scenario%2C%20you%20should%20be%20able%20to%20retire%20Azure%20AD%20DS.%20The%20primary%20scenario%20would%20be%20for%20personal%20desktops%20where%20all%20applications%20use%20Azure%20AD%20auth%20or%20other%20IDP%20not%20requiring%20Kerberos%20or%20a%20domain%20controller.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2761403%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2761403%22%20slang%3D%22en-US%22%3E%3CP%3EReally%3F%20This%20is%20only%20for%20AVD%20host%20groups%3F%20What%20about%20other%20customers%20who%20want%20to%20automatically%20join%20VMs%20to%20their%20AAD%20and%20Intune%20environment%3F%20The%20AAD%20extension%20is%20a%20manual%20tick%20box%20and%20doesn't%20propagate%20to%20any%20other%20VMs%20that%20you%20may%20clone%20off%20of%20the%20original.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2768754%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2768754%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20exciting%20news%2C%20thank%20you!!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1032461%22%20target%3D%22_blank%22%3E%40michaelk4tech%3C%2FA%3E%26nbsp%3BI%20don't%20follow%20you%20taking%20about%20Azure%20Virtual%20Desktop%20or%20something%20else%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2768759%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2768759%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F217952%22%20target%3D%22_blank%22%3E%40David%20Belanger%3C%2FA%3E%26nbsp%3BThe%20title%20does%20make%20it%20sound%20like%20this%20feature%20is%20available%20for%20all%20VMs%20not%20just%20Azure%20Virtual%20Desktop%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2768789%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2768789%22%20slang%3D%22en-US%22%3E%3CP%3EThat%20is%20correct%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F217952%22%20target%3D%22_blank%22%3E%40David%20Belanger%3C%2FA%3E%26nbsp%3Bthis%20is%20only%20for%20AVD%20and%20those%20that%20choose%20to%20run%20that%20solution.%20Any%20other%20customer%20wanting%20to%20join%20VMs%20directly%20to%20AAD%20currently%20not%20being%20discussed.%20I%20am%2C%20by%20the%20way%2C%20working%20on%20such%20an%20engagement%20for%20a%20large%20financial%20institution%20that%20refuses%20to%20use%20AVD.%20So%20I'm%20investigating%20the%20ability%20to%20join%20VMs%20to%20AAD.%20It's%20challenging%20for%20sure%20and%20demonstrates%20that%20MS%20is%20only%20interested%20in%20developing%20for%20their%20pet%20solution.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2771940%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2771940%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20working%20on%20updating%20the%20title%20of%20the%20blog%20post%20to%20ensure%20it's%20clear%20that%20it's%20for%20Azure%20Virtual%20Desktop.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1032461%22%20target%3D%22_blank%22%3E%40michaelk4tech%3C%2FA%3E%26nbsp%3Bthe%20ability%20to%20join%20Azure%20VMs%20to%20Azure%20AD%20during%20the%20deployment%20outside%20Azure%20Virtual%20Desktop%20is%20already%20available%20in%20the%20portal%20but%20as%20you%20mention%2C%20it%20doesn't%20support%20Intune%20enrollment%20today.%20I'll%20pass%20along%20the%20request%20for%20it.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Fhowto-vm-sign-in-azure-ad-windows%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESign%20in%20to%20Windows%20virtual%20machine%20in%20Azure%20using%20Azure%20Active%20Directory%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2776882%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%20for%20Azure%20Virtual%20Desktop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2776882%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3ESuper%20cool%20and%20exciting!%20It%20was%20a%20much-awaited%20feature!%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2779223%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%20for%20Azure%20Virtual%20Desktop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2779223%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20huge.%20Way%20to%20go%20Azure%20AD%20team!!!.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2789003%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%20for%20Azure%20Virtual%20Desktop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2789003%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20Azure%20Files%20w%2Fkerberos%20authentication%20available%20now%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2892373%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%20for%20Azure%20Virtual%20Desktop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2892373%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F217952%22%20target%3D%22_blank%22%3E%40David%20Belanger%3C%2FA%3E%26nbsp%3B%2C%20does%20this%20also%20apply%20to%20Azure%20Government%20tenants%3F%26nbsp%3B%20I%20do%20not%20see%20it%20mentioned%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-desktop%2Fdeploy-azure-ad-joined-vm%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Edocumentation%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2982250%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%20for%20Azure%20Virtual%20Desktop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2982250%22%20slang%3D%22en-US%22%3E%3CP%3EOk%20so%20I'm%20testing%20this%20and%20getting%20logon%20attempt%20failed.%20We%20have%20MFA%20required%20for%20all%20users%20and%20I've%20exempted%20the%20Azure%20Windows%20VM%20Sign%20in%20app%20from%20this%20MFA%20policy%20as%20per%20MS%20documentation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20ideas%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2983360%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%20for%20Azure%20Virtual%20Desktop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2983360%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F442348%22%20target%3D%22_blank%22%3E%40gxbaity%3C%2FA%3E%26nbsp%3BNot%20yet%20but%20we're%20getting%20close.%20Hopefully%20get%20a%20preview%20out%20for%20Azure%20before%20end%20of%20year.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1197964%22%20target%3D%22_blank%22%3E%40RodneyS%3C%2FA%3E%26nbsp%3BYes%2C%20this%20is%20now%20available%20in%20Azure%20Gov.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2983365%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%20for%20Azure%20Virtual%20Desktop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2983365%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F710239%22%20target%3D%22_blank%22%3E%40CloudMcStuffins%3C%2FA%3E%26nbsp%3BCan%20you%20see%20if%20legacy%20per-user%20MFA%20has%20been%20disabled%20(%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-desktop%2Fdeploy-azure-ad-joined-vm%23enabling-mfa-for-azure-ad-joined-vms%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-desktop%2Fdeploy-azure-ad-joined-vm%23enabling-mfa-for-azure-ad-joined-vms%3C%2FA%3E%26nbsp%3B)%20and%20that%20the%20Virtual%20Machine%20User%20Login%20role%20is%20assigned%20on%20the%20VMs%20or%20Resource%20Group.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2985246%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20General%20Availability%20of%20Azure%20AD-joined%20VMs%20support%20for%20Azure%20Virtual%20Desktop%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2985246%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F217952%22%20target%3D%22_blank%22%3E%40David%20Belanger%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEverything%20is%20set%20right%20and%20the%20AZ%20VM%20login%20app%20is%20excluded%20from%20MFA.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EA%20coworker%20tried%20and%20was%20able%20to%20log%20in%20successfully.%20I%20thought%20at%20first%20this%20might%20have%20been%20a%20windows%20version%20issue%20as%20I%20was%20on%201909%20and%20he%20is%20on%2021H2%20but%20after%20upgrading%20my%20laptop%20it%20still%20won't%20connect.%20The%20version%20of%20Remote%20Desktop%20we're%20using%20is%201.2.2606.0.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20I'm%20confused%20for%20sure.%20Any%20suggestions%20would%20be%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Sep 21 2021 01:10 PM
Updated by: