How does Nerdio Manager Support AAD Join in Existing Accounts
Your accounts created in Nerdio Manager must have an Active Directory to join the session hosts. Nerdio Manager allows you to configure directory profiles (Azure AD, Active Directory, or Azure AD DS) for each of your host pools.
Before we proceed further, let us briefly understand each directory profile type. Traditionally, AVD requires both Active Directory (AD), as well as Active Directory Domain Services (AD DS). AD DS is available in the following formats:
Traditional AD DS from Windows server: The AD DS domain controllers can either be located on-premises and accessed over a site-to-site VPN or ExpressRoute. Or they can be VMs located within Azure itself, or both. All AVD needs is a network line-of-sight to a domain controller, to facilitate the VM domain join at deployment time and to perform user authentication.
Azure Active Directory Domain Services (AAD DS): This is a Microsoft-managed PaaS service to provide AD DS inside of Azure. Customers do not manage the virtual machines for this service. It was originally designed for cloud-only organizations. Since then, it has been updated to support trust relationships to existing on-premises AD DS.
Azure AD-joined VMs remove the need to have line-of-sight from the VM to an on-premises or virtualized Active Directory Domain Controller (DC) or to deploy Azure AD Domain services (Azure AD DS). In some cases, it can remove the need for a DC entirely, simplifying the deployment and management of the environment. This reduces your costs and complexity significantly. Azure AD-joined VMs can also be automatically enrolled in Intune for ease of management.
See Microsoft's MFA requirements for Azure AD joined VMs for more details.
Configure a Directory Profile that uses Azure AD
The first step in using the Azure AD feature is to configure a directory profile that uses Azure AD.
To configure a directory profile that uses Azure AD:
At the Account level, navigate to Settings > Integrations.
In the Directory tile, select Add.
Enter the following information:
Directory: From the drop-down list, select Azure Active Directory.
Enroll with Intune: Select this option to enroll with Intune.
Once you have entered all the desired information, select OK.
Azure Active Directory is now listed as an available directory profile.
Create a Host Pool with Azure AD
Once you have created a directory profile that uses Azure AD, you can use it to create a host pool.
To create a host pool that uses Azure AD:
At the Account level, navigate to AVD > Host Pools.
Select Add host pool.
Enter the following information:
Directory: From the drop-down list, select Azure Active Directory.
FSLogix: From the drop-down list, select OFF.
Note: The Azure AD-joined VMs feature does not currently support authentication to Azure Files, Azure NetApp Files, or File Server VMs to access FSLogix profiles. However, FSLogix Cloud Cache with Azure Storage Account access keys can be used for FSLogix.
To enable Cloud Cache on the selected FSLogix configuration profile, navigate to Settings > Integrations > FSLogix Profiles storage and select Use Cloud Cache in the profile's settings.
See Create a Host Pool for the full details.
Note: It is possible to have session hosts with different directories under the same host pool, therefore we display the directory type at the host level instead of pools level. To view the "Directory" type for each session host under the host pool, navigate to session hosts page as shown in the screen shot below. You can view the directory info in the session host's name. If the host is not Azure AD joined, then its name is displayed in <VM name>.<domain name> format. Otherwise, you will be able to see a label "(AADJ)" next to the host name.
Comments (0 comments)