Written by amalcloud

Azure AD Joined AVDs-Preview

The much awaited Azure AD joined AVDs are now available for Public Preview. Microsoft offer management of the Azure AD joined machines with Intune enrolment. Let us do a sneak peak.

Pre-requisites:-

Hostpool should be enabled as validation environment

Only local profiles are supported(no fslogix)

Session host VMs need to be windows 2004 and above

User/User group who access these VDIs need to be part of “Virtual Machine user Login” Role

How to access the Session Host

Can be accessed only from the end points which are added to the same Azure AD tenant as the session host or

end points which are added to the same Hybrid Azure AD as the session host.

If the AAD device need to be accessed from a non-Azure AD joined client(web, Android and iOS), then follow steps given in the section “Accessing AVD from non-Azure AD joined clients”.

How to Create a Azure AD Joined Session Host

Follow the same “Adding session Hosts” to host pool wizard, in the virtual machines page, under the Domain to join section, select azure active directory as shown in the diagram below. You can enroll the VM to Intune in a single click by simply selecting “Yes” under the “Enroll VM with Intune” option.

Option to select Azure AD domain join option and Intune enrollment

Once you initiate the deployment, you can see the deployment will configure the AAD for you automatically.

The machine will be visible in azure AD devices as well as in the Intune portal as shown in the picture below. As of now there is no option to convert a Hybrid domain joined machine to Azure AD machine.

AAD joined session host available in Azure AD Devices

How to assign the AVD to users

Make sure to add the user/user AD group to “Virtual Machine user login” RBAC Role as it is a pre-requisite to access any Azure AD joined VM.

Windows AVD Client Protocol for AAD access

AVD Client uses PKU2U protocol for authentication. For customers who are getting error , please make sure you confirm the “allowOnlineID” key is set to “1”.

Accessing AVD from Non-Azure AD managed clients(web, android and ioS)

You need to add “targetisaadjoined:i:1;” property into the custom RDP Properties under Host Pool to allow the VMs to access from non windows clients and web client which are not joined to Azure AD.

custom RDP Properties

If you not add this property and try to access the AVD using your UPN the user will get an error like below.

Error accessing the AVD without custom property

The AAD is still in preview and more features and support will get added soon. Stay tuned for the updates.

Advertisement

2 thoughts on “Azure AD Joined AVDs-Preview

  1. Pingback: WVD/AVD Weekly Blog Post 15th July – 22nd July 2021 - WVD Community
  2. Pingback: AVD news of the week - Johan Vanneuville

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s