Microsoft Azure

Azure Virtual Desktop Now Comes with Azure AD-Joined VM Support

Microsoft announced September 22nd that Azure Virtual Desktop now supports Azure Active Directory (AD) joined virtual machines (VM). With this update you can now:

  • Join Azure Virtual Desktop VMs directly to Azure AD
  • Connect to VMs from any device with a username and password
  • And automatically enroll VMs with Microsoft Endpoint Manager (MEM)

Before the update, all VMs hosted by Azure Virtual Desktop needed to be joined to a Windows Server AD domain, whether it be a domain hosted in Azure AD Domain Services or a domain hosted by domain controllers running in virtual machines.

The new Azure AD support works with personal desktops that have local user profiles; pooled desktops used as a jump box, providing that data isn’t saved on the VM used as a jump box; and pooled desktops or apps where users don’t need to save data on the VM.

But before you start cheering, there are several limitations that Microsoft lays out in its documentation here, including:

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

  • Azure AD-joined VMs only supports local user profiles currently.
  • Azure AD-joined VMs can’t access Azure Files file shares for FSLogix or MSIX app attach. You’ll need Kerberos authentication to access either of these features.
  • The Windows Store client doesn’t currently support Azure AD-joined VMs.
  • Azure Virtual Desktop doesn’t currently support single sign-on for Azure AD-joined VMs.

Windows 365 vs Azure Virtual Desktop

Windows 365 Cloud PC provides a similar service to Azure Virtual Desktop but there are some key differences. Windows 365 is priced per user for a month, but Azure Virtual Desktop pricing is based on how much a VM is used. Windows 365 makes it simpler for organizations to deploy VMs to users without having to maintain a virtual desktop infrastructure (VDI) either on-premises or in the cloud.

Azure Virtual Desktop uses a multisession version of Windows 10, and soon Windows 11. But Windows 365 dedicates a VM to each user and it allows organizations to purchase the service much in the same way they might buy a license for a Microsoft 365 solution, like Exchange Online.

For a complete rundown of the differences between Windows 365 and Azure Virtual Desktop, check out Mary Jo Foley’s chat with Nerdio CEO, Vadim Vladimirskiy here.

New feature limitations could curb Azure Virtual Desktop’s viability with Azure AD-joined VMs

Azure AD-joined VM support is something that might simplify deployment of Azure Virtual Desktop for some organizations. But you should carefully consider your use case because there are quite a few limitations that could curb its viability.

Check out Microsoft’s documentation here for complete details about how to deploy Azure AD-joined VMs in Azure Virtual Desktop.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: