AVD and AAD Join Public Preview

Image

The Most anticipated and requested feature for Azure Virtual Desktop is finally in public preview. Since the beginning of the service, everybody wanted to eliminate the need to have a domain controller or AADDS in place for your AVD deployment to work.

This week at Inspire Microsoft announced the AAD Join feature. In this blogpost I’ll walk you through the deployment of a new hostpool with a session host that is AAD joined.

Create The hostpool

The first step to enjoy this feature is to create a new hostpool. It’s the exact same way as in the past only for this feature to work you need to put Validation Environment to “Yes”. For this demo I create a personal hostpool with automatic assignment.

For the moment I choose not to add the virtual machines, I’ll do this later.

Next step is to create a new workspace

The final step in the hostpool creation is to add your tags. The tags I’ve taken are just examples.

Review your details and click “Create”

Assigning users to your DAG

To make sure the users can access the desktop you need to assign them permissions. This is the same as with all your other hostpools.

Go to your DAG and click on assignments and click on “Add”

Select your users and click “Select”

AAD Role Assignments

To make sure the users can logon to the virtual machine you need to add a Role Assignment. The 2 roles that you need are:

  • Virtual Machine Administrator Login
  • Virtual Machine User Login

To make sure that new user are granted the role assignment automatic you can add your WVD users group to this role assignment.

Go to the IAM of the resource group and assign them as you can see below.

Configure AVD RDP Properties

For your hostpool to know that the Session Host in the hostpool is AAD joined you need to add an advanced RDP property.

When adding it you will also be able to use any device to connect with AVD. Otherwise you can only use the windows client.

Deploy Session Hosts

The final step to make this feature work is to add session hosts. the first step is the same as always. The first settings are the details of your hostpool so click next.

For this demo I’ll choose a small machine with redundancy but with the latest version.

Now comes the important part. For the domain to join option we now have a dropdown menu and we are able to select Azure Active Directory.

I’ll choose to Enroll the VM with Intune

The last step is to add the VM admin account

Add your tags and you are good to go

After a while the deployment is complete

When we go to Azure Active Directory and look in the Devices blade we can see the vm and the MDM type is set to Microsoft Intune.

We can check the same but this time in the Microsoft Endpoint Manager console. Because I selected Enroll with Intune the device is automaticly in here.

Your credentials did not work error

When first authenticating to the vm you might get this error

The way to fix this is to enable PKU2U authentication in your local policy and put this on enabled.

For our final step to check wether the AAD join worked we can run the command dsregcmd /status.

I hope you enjoy reading this blogpost and go and try this feature yourself.

Leave a Reply

Your email address will not be published. Required fields are marked *