The much awaited Azure AD joined AVDs are now available for Public Preview. Microsoft offer management of the Azure AD joined machines with Intune enrolment. Let us do a sneak peak.
Hostpool should be enabled as validation environment
Only local profiles are supported(no fslogix)
Session host VMs need to be windows 2004 and above
User/User group who access these VDIs need to be part of “Virtual Machine user Login” Role
How to access the Session Host
Can be accessed only from the end points which are added to the same Azure AD tenant as the session host or
end points which are added to the same Hybrid Azure AD as the session host.
If the AAD device need to be accessed from a non-Azure AD joined client(web, Android and iOS), then follow steps given in the section “Accessing AVD from non-Azure AD joined clients”.
How to Create a Azure AD Joined Session Host
Follow the same “Adding session Hosts” to host pool wizard, in the virtual machines page, under the Domain to join section, select azure active directory as shown in the diagram below. You can enroll the VM to Intune in a single click by simply selecting “Yes” under the “Enroll VM with Intune” option.
Once you initiate the deployment, you can see the deployment will configure the AAD for you automatically.
The machine will be visible in azure AD devices as well as in the Intune portal as shown in the picture below. As of now there is no option to convert a Hybrid domain joined machine to Azure AD machine.
How to assign the AVD to users
Make sure to add the user/user AD group to “Virtual Machine user login” RBAC Role as it is a pre-requisite to access any Azure AD joined VM.
Windows AVD Client Protocol for AAD access
AVD Client uses PKU2U protocol for authentication. For customers who are getting error , please make sure you confirm the “allowOnlineID” key is set to “1”.
Accessing AVD from Non-Azure AD managed clients(web, android and ioS)
You need to add “targetisaadjoined:i:1;” property into the custom RDP Properties under Host Pool to allow the VMs to access from non windows clients and web client which are not joined to Azure AD.
If you not add this property and try to access the AVD using your UPN the user will get an error like below.
The AAD is still in preview and more features and support will get added soon. Stay tuned for the updates.
2 thoughts on “Azure AD Joined AVDs-Preview”