Back in the Azure management portal, click Join Local Domain in the quick start view of your app collection. Enter the name of the domain, the OU that you just created to join the RemoteApp session hosts and the service account details. The following image shows you how to do both of these steps:
Do not continue until you have double-checked:
When you deploy the session hosts of your new hybrid app collection, you are actually deploying virtual machines running the Session Host role in an RDS farm, with all the complexity of a RDS farm hidden by RemoteApp. These session hosts are domain members, just like with any virtual RDS farm that you might create on Hyper-V or on vSphere. They sign into the domain, apply group policy just like normal session hosts, and the users get login scripts and group policy just like any user signing into a traditional RDS farm. And that is where you can do some clever things:
You’re doing user and machine administration at this point, something that you might have been doing for quite a long time!
The next step is to create your first session host. Click Link A Template Image, click Link An Existing Template, and select one of the templates that you previously uploaded.
Now you must wait, possibly for quite some time — take lunch, go home, or find something else to do for an hour. Behind the scenes new virtual machines are being created and provisioned by Azure. A part of the provisioning process is to:
I have found that failures at this point are related to the domain join process:
If the domain join works, then a new computer will be joined to your RemoteApp OU in Active Directory (not AAD). You can breathe a sigh of relief!
You can publish any program that is installed in your custom template, assuming that it meets the technical requirements. Browse into the new app collection and then into Publishing. Click Publish RemoteApp Program. What you are doing here is selecting programs that are listed in the custom template’s Start Screen to be available to anyone that has permission to sign into the app collection.
After you have published something, you get a new Publish button. This allows you to reopen the above dialog to add or remove published programs. You can also publish programs based on their file path. This is a nice way to publish a useful program, such as File Explorer.
You are now ready to grant user access to the app collection. Browse to Assign Users in the app collection. You can either type in the UPN of the user name as it appears in both AAD and Active Directory, or create a CSV with lots of user UPNs and import that.
Now your users can sign into your hybrid RemoteApp app collection using the RemoteApp client for their device’s OS (Windows has a special client) and in their session: