Does Windows365 Enterprise Require AAD Connect?

%3CLINGO-SUB%20id%3D%22lingo-sub-2612767%22%20slang%3D%22en-US%22%3EDoes%20Windows365%20Enterprise%20Require%20AAD%20Connect%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2612767%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20folks%2C%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20trying%20to%20provision%20one%20of%20these%20devices.%26nbsp%3B%20My%20business%20is%20pretty%20much%20100%25%20virtual.%26nbsp%3B%20I%20don't%20have%20or%20need%20local%20server.%26nbsp%3B%20But%20I've%20hit%20a%20wall%20trying%20to%20provision%20my%20%22Cloud%20PC%22%20when%20the%20device%20fails%20to%20connect%20to%20because%20%22hybrid%20Azure%20AD%20connectivity%20check%20failed.%22%26nbsp%3B%20And%20that%20I%20should%20%22make%20sure%20that%20Azure%20AD%20Connect%20is%20working%20and%20syncing.%22%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20know%20that%20AADC%20is%20for%20connecting%20and%20syncing%20an%20on-prem%20AD%20to%20Azure%20AD%20services.%26nbsp%3B%20But%2C%20if%20I%20don't%20have%20a%20local%20on-prem%20AD%2C%20given%20that%20my%20environment%20is%20virtual%2C%20what%20do%20I%20do%3F%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2612858%22%20slang%3D%22en-US%22%3ERe%3A%20Does%20Windows365%20Enterprise%20Require%20AAD%20Connect%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2612858%22%20slang%3D%22en-US%22%3EHave%20you%20considered%20deploying%20a%20DC%20on%20an%20Azure%20vm%20and%20then%20integrating%20with%20Azure%20AD%20via%20AD%20Connect%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2612999%22%20slang%3D%22en-US%22%3ERe%3A%20Does%20Windows365%20Enterprise%20Require%20AAD%20Connect%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2612999%22%20slang%3D%22en-US%22%3EYes%2C%20Enterprise%20option%20of%20Win365%20requires%20a%20Active%20Directory%20domain%20the%20Cloud%20PC's%20will%20be%20AD%20joined.%20The%20Business%20option%20does%20not%20require%20AD%20and%20the%20Cloud%20PC's%20are%20Azure%20AD%20joined%2C%20this%20also%20allows%20the%20use%20of%20cloud%20only%20users%20and%20or%20synchronized%20users%20from%20AD%20are%20also%20allowed%2Fpossible.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2616062%22%20slang%3D%22en-US%22%3ERe%3A%20Does%20Windows365%20Enterprise%20Require%20AAD%20Connect%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2616062%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164188%22%20target%3D%22_blank%22%3E%40Eric%20Orman%3C%2FA%3E%26nbsp%3BThanks%20for%20the%20quick%20reply%2C%20but%20my%20business%20works%20a%20lot%20with%20healthcare%20businesses.%26nbsp%3B%20I%20need%20to%20show%20proof%20of%20HIPAA%20and%20cybersec%20compliance.%26nbsp%3B%20Moving%20to%20Business%20doesn't%20seem%20give%20me%20that%20capability.%26nbsp%3B%20I%20lose%20Intune%20device%20management%20and%20significant%20cybersec%20control.%20From%20my%20interpretation%2C%20Business%20also%20reduces%20the%20value%20my%20Win10%20Enterprise%20and%20M365%20E5%20licenses.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20MSFT%20can%20set%20up%20these%20cloud%20PCs%20without%20AADC%20on%20the%20Business%20tier%2C%20why%20have%20they%20restricted%20this%20capability%20on%20the%20Enterprise%20tier%3F%26nbsp%3B%20It%20seems%20counterintuitive%20to%20have%20less%20functionality.%26nbsp%3B%20I%20hope%20they%20are%20reading%20these%20comments%20and%20will%20address%20this%20soon.%26nbsp%3B%20I%20can't%20continue%20to%20test%20viability%20of%20this%20program%20until%20it's%20fixed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2616128%22%20slang%3D%22en-US%22%3ERe%3A%20Does%20Windows365%20Enterprise%20Require%20AAD%20Connect%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2616128%22%20slang%3D%22en-US%22%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F537224%22%20target%3D%22_blank%22%3E%40rtccoupe%3C%2FA%3E%2C%20an%20interesting%20idea%2C%20and%20I%20also%20thought%20about%20that%20before%20posting.%20I%20already%20have%20a%20domain%2C%20vNet%2C%20and%20AD%20in%20Azure.%20To%20build%20a%20DC%20seemed%20unnecessary%20expense%20just%20to%20make%20this%20cloud%20PC%20concept%20work.%20And%20rather%20than%20building%20a%20work-around%2C%20I'd%20prefer%20that%20they%20fix%20the%20problem.%20As%20was%20noted%20in%20other%20response%20to%20my%20post%2C%20AADC%20is%20not%20required%20in%20Business%20tier%2C%20so%20why%20is%20it%20not%20an%20option%20for%20the%20Enterprise%20tier%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2616349%22%20slang%3D%22en-US%22%3ERe%3A%20Does%20Windows365%20Enterprise%20Require%20AAD%20Connect%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2616349%22%20slang%3D%22en-US%22%3ESupport%20for%20AADJ%20within%20the%20Enterprise%20method%20is%20on%20roadmap.%20Stay%20tuned.%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi folks, 

I'm trying to provision one of these devices.  My business is pretty much 100% virtual.  I don't have or need local server.  But I've hit a wall trying to provision my "Cloud PC" when the device fails to connect to because "hybrid Azure AD connectivity check failed."  And that I should "make sure that Azure AD Connect is working and syncing." 

 

I know that AADC is for connecting and syncing an on-prem AD to Azure AD services.  But, if I don't have a local on-prem AD, given that my environment is virtual, what do I do?  

12 Replies
Have you considered deploying a DC on an Azure vm and then integrating with Azure AD via AD Connect?
Yes, Enterprise option of Win365 requires a Active Directory domain the Cloud PC's will be AD joined. The Business option does not require AD and the Cloud PC's are Azure AD joined, this also allows the use of cloud only users and or synchronized users from AD are also allowed/possible.

@Eric Orman Thanks for the quick reply, but my business works a lot with healthcare businesses.  I need to show proof of HIPAA and cybersec compliance.  Moving to Business doesn't seem give me that capability.  I lose Intune device management and significant cybersec control. From my interpretation, Business also reduces the value my Win10 Enterprise and M365 E5 licenses.  

 

If MSFT can set up these cloud PCs without AADC on the Business tier, why have they restricted this capability on the Enterprise tier?  It seems counterintuitive to have less functionality.  I hope they are reading these comments and will address this soon.  I can't continue to test viability of this program until it's fixed.

 

 

Hi @rtccoupe, an interesting idea, and I also thought about that before posting. I already have a domain, vNet, and AD in Azure. To build a DC seemed unnecessary expense just to make this cloud PC concept work. And rather than building a work-around, I'd prefer that they fix the problem. As was noted in other response to my post, AADC is not required in Business tier, so why is it not an option for the Enterprise tier?
Support for AADJ within the Enterprise method is on roadmap. Stay tuned.
Thanks @Eric Orman. Is there a specific mail list I should subscribe to watch for these updates?
We are publishing the roadmap later this week or early next week, it will be in our technical doc library alongside all our other docs in a doc called "in development", very similar to how MEM communicates their roadmap. We will also publish notifications to Message Center when we update our "in development" doc.
Hi,
Good day! One of the pre-requisites to download AD Connect is that Azure AD Connect must be installed on a domain-joined Windows Server 2016 or later. What if we don't have Windows server 2016 or later, do we have other options to have this working? Or the only option is to change the license? Appreciate your response.
We published our "in development" article that enumerates we are working on AADJ support for Enterprise option of Windows 365, here is direct link https://aka.ms/w365roadmap

@imariaguila - Are you able to run a Windows Server 2016 (or later) machine in your environment? My understanding is that the domain controllers don't need to run Windows Server 2016, only the server or servers (for redundancy) that you install Azure AD Connect on must.

 

Is that still a limiting factor for you?

I know this is a few weeks old but the Business version does show in MEM and can be managed, from what I can see the Enterprise version is only if you want to directly connect your CloudPC to your Azure Infrastructure and custom images. you don't say you want to do this in your post so business may still be the option to go for

Hi @Tom Davison, business version has less cybersecurity controls and less Intune capability.  I need a highly secure, SOC2-like capability. It's why I moved everything but desktops to the cloud. And why I was attracted to virtualizing my desktops to the cloud, too.  Unfortunately, "Business" edition doesn't support those needs.