How to configure Windows 365 Enterprise Azure AD join

30-05-2023 8:46 PM

BEFORE YOU BEGIN

Disclaimer: All information and content in this blog post is provided without any warranty whatsoever. The entire risk of using this information or executing the provided content remains with you. Under no circumstances should the mentioned persons or vendors, the author, or anyone else involved in creating these blog posts be held liable for any damage or data loss.

Introduction

Many of us have been waiting for native Azure AD join for Windows 365 Enterprise since its release in August 2021. But wait no longer! The native Azure AD join support has finally become a reality. In this article, I will guide you through the whole process of how to configure both the Built in Network (Referred to as Microsoft Hosted Network in this article) and the On-premises network connection provisioning policy in the Microsoft Endpoint Manager admin center. Read about the prerequisites and requirements for Windows 365 Enterprise Cloud PC and how to configure Hybrid Azure AD join in the original blog post here – How to configure Windows 365 Enterprise in Microsoft Endpoint Manager.

Azure AD join (Microsoft Hosted Network)

First, let’s configure the Microsoft Hosted Network provisioning policy by visiting the Microsoft Endpoint Manager admin center. The Cloud PCs based on this policy will be Azure AD joined, and they will run in a network hosted by Microsoft, which is perfect for cloud-only customers without an Azure or on-premises infrastructure. Go to https://intune.microsoft.com Click Devices | Windows 365 | Provisioning policies

Click Create policy.

Fill in the required Name field. Choose Join type, Network, Region, and click Next.

Select Image type and click Next. I chose Windows 11 Enterprise + Microsoft 365 Apps 21H2 from the image gallery.

Add a user-based Azure AD security group containing users eligible for a Windows 365 Enterprise Cloud PC, and click Next.

Review the configuration and click Create.

From Devices | Windows 365, click the All Cloud PCs tab. If all goes well, the Cloud PCs should appear in the list with the status shown as Provisioned after approx. 20-30 minutes.

Let’s try and sign in to the newly created Azure AD joined Windows 365 Enterprise Cloud PC. Go to https://windows365.microsoft.com I can confirm from an elevated Command Prompt that the Cloud PC is Azure AD joined, and it’s running in a Microsoft hosted network.

Azure AD join (On-premises network connection)

Next, let’s configure the On-premises network connection provisioning policy. The Cloud PCs based on this policy will be Azure AD joined and connected to your Virtual Network, perfect for customers with an existing Azure or on-premises infrastructure that they need to reach from their Cloud PCs for several reasons. From Devices | Windows 365, click the On-premises network connection tab. Click Create and choose Azure AD join (preview) in the list.

Fill in the required Name field. Choose Subscription, Resource group, Virtual network, Subnet, and click Next.

Review the configuration and click Review + Create.

After approx. 5-10 minutes, we should be able to check the status of the on-premises network connection. Luckily for me, everything passed! Next, click the Provisioning policies tab.

Click Create policy.

Fill in the required Name field. Choose Join type, Network, and click Next.

Select Image type and click Next. Once again, I chose Windows 11 Enterprise + Microsoft 365 Apps 21H2 from the image gallery.

Add a user-based Azure AD security group containing users eligible for a Windows 365 Enterprise Cloud PC, and click Next.

Review the configuration and click Create.

From Devices | Windows 365, click the All Cloud PCs tab. If all goes well, the Cloud PCs should appear in the list with the status shown as Provisioned after approx. 20-30 minutes.

Let’s try and sign in to the newly created Azure AD joined Windows 365 Enterprise Cloud PC. Go to https://windows365.microsoft.com Once again, I can confirm from an elevated Command Prompt that the Cloud PC is Azure AD joined. However, it’s connected to the newly created on-premises network connection, and I can communicate with an on-premises server.

Summary

In this article, you learned how to configure Windows 365 Enterprise Azure AD join based on a Microsoft Hosted Network or an On-premises network connection provisioning policy in the Microsoft Endpoint Manager admin center. The capability to provision Windows 365 Enterprise Cloud PCs without the need for a connection to an on-premises domain controller is finally a reality. As already mentioned at the beginning of this article, native Azure AD join is something many of us have been looking forward to for several months, especially cloud-only customers! So this is something that I’m very excited to see available in public preview. – Happy testing, everyone! As always, if you have any questions regarding this topic, don’t hesitate to reach out to me.

Last updated