Add an Account

After installing Nerdio Manager, the next step is to provision a customer account in Nerdio Manager, to manage their Azure environment. Note that generally this is a customer's tenant, but you can also manage your own Azure tenant.

Companion Video

To add an account:

1. At the MSP level, navigate to Accounts.

2. Select Add account.

   Step 1: Link to a Customer's Azure AD Tenant

3. Enter the following Step 1. Link to Customer's Azure AD Tenant information:

   

   • Grant access to Azure AD Tenant: Select Connect. When prompted:

     • Review the required permissions.

     • Select Consent on behalf of your organization.

     • Select Accept.

     

   • Account Name: Type the account name for this customer's deployment.

     Note: Generally, this is your customer's organization name. This value can be changed later.

   • Desktop Deployment Model: Select one or two of the following models:

     • Azure Virtual Desktop: Select this option to deploy personal and pooled Azure Virtual Desktops.

     • Windows 365 Enterprise Cloud PC (MEM-managed): Select this option to deploy Cloud PC desktops that are AD-joined and can be managed from the endpoint manager.

     • Windows 365 Business Cloud PC (Self-managed): Select this option to deploy Cloud PC desktops that are not AD-joined.

     • Endpoint Management with Intune: Select this option to manage physical and/or virtual endpoints with Intune that are Azure AD-joined.

   • Select subscription: From the drop-down list, select from the list of available Azure subscriptions in the Azure AD tenant.

     Notes:

     • Only subscriptions accessible to the currently signed in user are listed. That is, it is based on the user chosen when you selected Connect above.

     • For Endpoint Management with Intune, which is for Intune-only physical device management without AVD, you do not need an Azure subscription, so leave this as <no subscription>. Please note that you do need an Intune subscription.

   • Indicate your Active Directory setup: From the drop-down list, select the type of Directory configuration for this account.

     Note: The following AD options are available:

     • Azure AD: Select this option if you do not plan to run Active Directory and can work with the limitations of Azure AD versus traditional Active Directory. There are certain limitations to using Azure AD, including limited support for FSLogix. Learn more here. This is the only option for Endpoint Management with Intune.

     • Use existing Active Directory: Select this option if you already have an Azure environment with access to a traditional Windows Active Directory domain controller. It is strongly recommended that a domain controller VM exists in the Azure environment and a network is properly configured with access to this AD DC. You are prompted to select the existing network that has access and this network must have its DNS servers pointing at the domain controller.

     • Create new Azure AD DS: Select this option if you do not have a current Azure environment, are building this account as "greenfield," and need the capabilities of Active Directory Domain Services. Nerdio Manager creates Azure AD DS in the Azure subscription. You can learn more about Azure AD DS and its associated costs here.

     • Use existing Azure AD DS: Select this option if you have already configured Azure AD DS in the customer's Azure environment and would like to continue using it then select this option. All Azure AD DS prerequisites apply.

4. Once you have entered all the desired Azure AD Tenant information, select Save & next.

   Notes:

   • Once you select Save & next, Nerdio Manager creates a service principal in your customer's Azure AD tenant. This may take a few minutes.

   • For Endpoint Management with Intune, select Save & done. There are no additional steps required to create the new account. The account is created after a few minutes.

Step 2: Networking

5. Enter the following Step 2. Networking information:

   

   Note: This step allows you to create a new network or select an existing network. You are able to add additional networks and resource groups on the Settings page later, after you have finished adding the account.

   • Select Azure region: From the drop-down list, select the Azure region (location) where you would like to begin your initial deployment.

     Notes:

     • We generally recommend you select a region that is closest to the majority of your customer's users.

     • It is possible to link additional networks later and deploy resources to multiple networks and regions.

   • Select or create Resource Group: From the drop-down list, select an existing resource group. Alternatively, select Create new and type the new resource group's name.

     Note: This resource group is used for the initial deployment. You may link additional resource groups later.

   • Select network: From the drop-down list, select an existing network. Alternatively, create a new network if you are deploying a greenfield environment with a new Azure AD DS.

   • For a New Network:

     • Network address space: Type the network's address space.

     • Subnet name: Type the network's subnet name.

     • Subnet address prefix: Type the network's subnet address prefix.

6. Once you have entered all the desired Networking information, select Save & next.

   Note: Once you select Save & next, Nerdio Manager links to an existing network or creates a new network. This may take a few minutes. You can follow the progress of the provisioning task in the Account Provisioning Tasks section at the bottom of the page.

   Step 3: Active Directory

7. If you are creating a new Azure AD DS instance, enter the following Step 3. Active Directory information:

   

   • Name for new domain: Type the domain's name.

   • Create New Domain Admin:

     • Username: Type the new admin's username.

     • Password: Type the new admin's password.

8. Once you have entered all the desired Active Directory information, select Save & next.

   Note: Once you select Save & next, Nerdio Manager sets up the new Azure AD DS domain, which typically takes 60-90 minutes. You can see the task's progress in Account Provisioning Tasks.

   Step 4: FSLogix Storage

9. Enter the following Step 4. FSLogix Storage information:

   Note: The FSLogix storage is where user profiles are stored. This can be on an existing Azure Files share, another SMB share, or Nerdio Manager can create a new Azure Files share. The share location must be AD integrated.

   

   • Select existing Azure Files share (AD integrated): Select this option and from the drop-down list, select the Azure Files share to use.

   • Create new Azure Files share: Select this option, and then select Add. Enter the following information:

     

     • Storage account name: Type the globally-unique name for the Azure storage account to be created. This must be lower case without spaces.

     • Location: From the drop-down list, select the region for the new storage account. This should be the same region as your vNet and hosts.

     • Performance: From the drop-down list, select the storage performance.

       Tip: We recommend Premium storage to avoid performance bottlenecks when loading user profiles at sign in.

     • Provisioned capacity (GiB): Type the storage capacity in GiB.

     • File Share access security: From the drop-down list, select the user groups that can access the file share.

       Tip: We recommend using a group that all remote desktop (AVD) users belong to. This group is granted access to the file share.

     • Once you have entered all the desired information for the new Azure Files storage account, select OK.

   • Provide existing share UNC path: Select this option, and then type the UNC path of the share.

10. Once you have entered all the desired FSLogix Storage information, select Save & done.

    The new account is setup is now complete. The new account is fully provisioned and listed on the Accounts page.