This article summarises Azure Virtual Desktop Domain join options. As of writing its only possible to join a traditional Active Directory Domain. However, Microsoft is planning to support Azure Active Directory (AAD) direct join in the future (currently in public preview). While you cannot join AAD directly, AAD is still a requirement of Azure Virtual Desktop.
Your options
Today, there are three options for Azure Virtual Desktop Domain join.
Option One
Windows Server Active Directory Domain Services (ADDS) which is synchronised with Azure Active Directory (AAD) using Azure Active Directory Connect. In this case:
- User identities are sourced from Windows Server AD
- Virtual Desktops are domain joined to Windows Server AD
Option Two
Azure Active Directory Domain Services (AADDS), a Microsoft PaaS managed service which automatically synchronises to Azure Active Directory (AAD). In this case:
- User identities are sourced from Azure AD
- Virtual Desktops are domain joined from Azure ADDS
Option Three
You can also run a combination of option 1 and option 2. In this case:
- User identities are sourced from Windows Server AD
- Virtual Desktops are domain joined to Azure ADDS
No matter which Azure Virtual Desktop Domain join option you select, users must be sourced from the same Active Directory Domain that is connected to Azure AD, and their UPN must exist in the Domain that the desktop virtual machine is joined to.
Related Articles
- Azure Virtual Desktop Review
- Active Directory Options Demystified
- Manage Azure Virtual Desktop with Endpoint Manager (Intune)
- Azure Virtual Desktop Classic vs ARM
- Microsoft Docs: Compare Active Directory-based services in Azure
- Azure Virtual Desktop & Windows 365 Licencing Requirements