Hello!

I just ran through ARM deployment of WVD and I think there has been a difference in technical account implementation. Previously V1.0 release it was enough for local UPN to match Azure AD, without specifically requiring AD Connect Sync between RDS domain and AAD tenant. I am managing a handful of AAD only (Cloud-first) deployments and exploring configuration options from  there on.

I have created AD domain with the same UPN as my AAD tenant, added myself to the WVD apps, but I'm getting errors: 

I have went to RDOperation TSF log files and converted them,  C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Monitoring\Tables , 

and found the error stack: 

Microsoft.RDInfra.Shared.Common.RestError.RestException: Could not resolve UPN from SID ---> Microsoft.RDInfra.Shared.Common.RestError.InnerRestException: Could not resolve UPN from SID ---> Microsoft.RDInfra.Shared.Common.RestError.InnerRestException: No mapping between account names and security IDs was done

Would that mean now that On-premises SID is queried against Azure AD in this configuration? If these are not synced, they won't match. Is AAD Connect now a hard requirement? "Manual syncing" of UPNs and passwords no longer seem to work as discussed previously:

https://techcommunity.microsoft.com/t5/Windows-Virtual-Desktop/AD-Sync-not-strictly-required/m-p/873...

CCing @michawets 

 as you have helped me before with this :)