Best Identity Strategy for Deploying Windows Virtual Desktop‎

%3CLINGO-SUB%20id%3D%22lingo-sub-1456467%22%20slang%3D%22en-US%22%3EBest%20Identity%20Strategy%20for%20Deploying%20Windows%20Virtual%20Desktop%E2%80%8E%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1456467%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22overflowWrapBreakWord-967%22%3EHello%20Team%2C%20We%20are%20looking%20at%20deploying%20Windows%20Virtual%20Desktop%2C%20We%20have%20a%20local%20Active%20directory%20and%20we%20used%20AD%20Connect%20to%20synchronize%20our%20users%20identities%20to%20Azure.%20Now%2C%20we%20are%20looking%20at%20the%20best%20Identity%20strategy%20for%20us%20to%20be%20able%20to%20join%20the%20hostpool%20VMs%20to%20azure.%20I%20just%20need%20a%20little%20advice%20on%20the%20best%20strategy%20for%20integrating%20our%20on-premises%20domain%20with%20Azure%20for%20the%20WVD%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1456832%22%20slang%3D%22en-US%22%3ERe%3A%20Best%20Identity%20Strategy%20for%20Deploying%20Windows%20Virtual%20Desktop%E2%80%8E%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1456832%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20not%20sure%20if%20they%20support%20joining%20the%20VMs%20to%20Azure%20yet.%26nbsp%3B%20We%20have%20them%20join%20our%20AD%20domain%20so%20the%20users%20sign%20on%20using%20their%20AD%20credentials%20and%20have%20access%20to%20all%20of%20the%20resources%20in%20the%20domain.%26nbsp%3B%20It%20works%20well.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1456854%22%20slang%3D%22en-US%22%3ERe%3A%20Best%20Identity%20Strategy%20for%20Deploying%20Windows%20Virtual%20Desktop%E2%80%8E%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1456854%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F695356%22%20target%3D%22_blank%22%3E%40Robert_Greenlee%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20so%20much%20for%20your%20response.%3C%2FP%3E%3CP%3EI'm%20aware%20that%20we%20can%20deploy%20ADDS%20in%20azure%2C%20spin%20up%20a%20VM%20in%20azure%20and%20promote%20it%20to%20a%20DC%20for%20administrative%20use.%3C%2FP%3E%3CP%3EBut%20which%20other%20way%20do%20you%20think%20we%20can%20use%20to%20connect%20our%20local%20AD%20with%20Azure%20so%20as%20to%20deploy%20WVD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20in%20advance.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1460268%22%20slang%3D%22en-US%22%3ERe%3A%20Best%20Identity%20Strategy%20for%20Deploying%20Windows%20Virtual%20Desktop%E2%80%8E%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1460268%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F600707%22%20target%3D%22_blank%22%3E%40dammyfaruq1994%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESome%20form%20of%20ipsec%20tunnel%20from%20azure%20to%20your%20on-prem%20resources%20will%20do%20the%20trick%20to%20join%20them%20to%20your%20local%20domain%20via%20your%20on-prem%20DCs.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvpn-gateway%2Fvpn-gateway-howto-site-to-site-resource-manager-portal%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvpn-gateway%2Fvpn-gateway-howto-site-to-site-resource-manager-portal%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOnce%20you%20have%20that%20in%20place%20you%20can%20eventually%20place%20DCs%20in%20Azure%20for%20possibly%20lower%20latency%20and%20better%20performance.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1460415%22%20slang%3D%22en-US%22%3ERe%3A%20Best%20Identity%20Strategy%20for%20Deploying%20Windows%20Virtual%20Desktop%E2%80%8E%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1460415%22%20slang%3D%22en-US%22%3EHi%20Murphy%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%20so%20much%20for%20this%3C%2FLINGO-BODY%3E
New Contributor

Hello Team, We are looking at deploying Windows Virtual Desktop, We have a local Active directory and we used AD Connect to synchronize our users identities to Azure. Now, we are looking at the best Identity strategy for us to be able to join the hostpool VMs to azure. I just need a little advice on the best strategy for integrating our on-premises domain with Azure for the WVD

4 Replies

I'm not sure if they support joining the VMs to Azure yet.  We have them join our AD domain so the users sign on using their AD credentials and have access to all of the resources in the domain.  It works well.

@Robert_Greenlee 

Thanks so much for your response.

I'm aware that we can deploy ADDS in azure, spin up a VM in azure and promote it to a DC for administrative use.

But which other way do you think we can use to connect our local AD with Azure so as to deploy WVD.

 

Thank you in advance.

@dammyfaruq1994 

 

Some form of ipsec tunnel from azure to your on-prem resources will do the trick to join them to your local domain via your on-prem DCs.

 

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-p...

 

Once you have that in place you can eventually place DCs in Azure for possibly lower latency and better performance.

Hi Murphy

Thanks so much for this