WVD with just Azure AD

Copper Contributor
Is WVD without the need for a non-Azure AD on the roadmap?
10 Replies

Yes, why do we need AD?  This is a cloud solution and perfect for SMBs.  I have been waiting for this service to come in Public Preview since we did not make it in the private one and got my email yesterday morning. Super excited, couldn't sign in fast enough to fire it up and test it out as we have had talks with customers about it.  Followed the documentation and then went to create my pool and my excitement just drained away when an AD UPN and vnet was required to continue.  What a let down.  Just like the let down of the new security and compliance offers that are only available if you have M365 E3. Is anyone at Microsoft paying attention to SMBs?  These products are a huge sell for them and for the first time they are not overpriced.

@Paranoid69 : Thank you for your feedback. That is the current requirement. We will be introducing shortly a UserVoice forum to collect feedback like this where community can share their votes.

 

Hi all,

 

What is prerequisite for WVD. Azure AD or Azure AD DS?

I didn't find information anywhere.

 

Regards,

@Vladimir Stefanovic : The requirement is:

- an Azure Active Directory 

- a Windows Server Active Directory that is in sync with it, which can be...

  -- Windows Server Active Directory running on VMs, and synchronized to Azure AD with Azure AD Connect

  -- Windows Server Active Directory running on VMs and federated to Azure AD

  -- Azure AD Domain Services (which stands up a Windows Server Active Directory for you and lets you domain-join the machines)

@Christian_Montoya 

 

Thanks,

 

So, for cloud only companies, Azure AD DS in combination with Azure AD will be enough, if I understood well?

 

Regards,

@Vladimir Stefanovic : Yes, exactly.

@Christian_Montoya 

 

Thanks. One question more.

If I have on-premise AD, do I need to configure only directory sync with AD Connect, or I need to enable Azure AD DS as well?

 

Regards,

@Vladimir Stefanovic 

The Host VMs need to be able to join a Windows domain. So you either need hybrid domain join setup for on prem or AAD DS setup for the machines to connect to.

As I understand it.

@Vladimir Stefanovic : Confirming @Radfords-Kirk in that either approach to domain join the VMs works. You do not need to spin up Azure AD Domain Services if you're already in a hybrid mode with Azure such that your virtual network already has line-of-site to your Domain Controller.

we've been through this with a customer. they started up with classic on-prem AD w/AAD sync to Office365/Azure AD.

 

after a sync we broke this connection and made all users 'cloud only'.

then deployed Azure AD DS and created the 'application host group' with 2 Win10 w/o365

customer have now been running on this for 3 weeks.

 

and no its not as easy as it sounds in my description :p and we still have issues with outlook and signing even tough i think we got a break yesterday night. so overall it looks good.

 

remember that AAD --> AAD DS is oneway sync and your DC's are managed by engineers in US so you cant logon to them and cant access shares/sysvol and such. You cant move users out of the AADCusers group (e.g. no OU segmentation) and have to put all GPO's in one OU and use security filtering...