How does Nerdio Manager Support Entra ID Join in Existing Accounts
Your accounts created in Nerdio Manager must have an Active Directory to join the session hosts. Nerdio Manager allows you to configure directory profiles (Entra ID, Active Directory, or Entra Domain Services) for each of your host pools.
Before we proceed further, let us briefly understand each directory profile type. Traditionally, AVD requires both Active Directory (AD), as well as Entra Domain Services. Entra Domain Services is available in the following formats:
Traditional AD DS from Windows server: The AD DS domain controllers can either be located on-premises and accessed over a site-to-site VPN or ExpressRoute. Or they can be VMs located within Azure itself, or both. All AVD needs is a network line-of-sight to a domain controller, to facilitate the VM domain join at deployment time and to perform user authentication.
Entra Domain Services): This is a Microsoft-managed PaaS service to provide Entra Domain Services inside of Azure. Customers do not manage the virtual machines for this service. It was originally designed for cloud-only organizations. Since then, it has been updated to support trust relationships to existing on-premises Entra Domain Services.
Entra ID-joined VMs remove the need to have line-of-sight from the VM to an on-premises or virtualized Active Directory Domain Controller (DC) or to deploy Entra Domain Services. In some cases, it can remove the need for a DC entirely, simplifying the deployment and management of the environment. This reduces your costs and complexity significantly. Entra ID-joined VMs can also be automatically enrolled in Intune for ease of management.
See Microsoft's MFA requirements for Entra ID-joined VMs for more details.
Configure a Directory Profile that uses Entra ID
The first step in using the Entra ID feature is to configure a directory profile that uses Entra ID.
To configure a directory profile that uses Entra ID:
At the Account level, navigate to Settings > Integrations.
In the Directory tile, select Add.
Enter the following information:
Directory: From the drop-down list, select Entra ID.
Enroll with Intune: Select this option to enroll with Intune.
Once you have entered all the desired information, select OK.
Entra ID is now listed as an available directory profile.
Create a Host Pool with Entra ID
Once you have created a directory profile that uses Entra ID, you can use it to create a host pool.
To create a host pool that uses Entra ID:
At the Account level, navigate to AVD > Host Pools.
Select Add host pool.
Enter the following information:
Directory: From the drop-down list, select Entra ID.
FSLogix: From the drop-down list, select OFF.
Note: The Entra ID-joined VMs feature does not currently support authentication to Azure Files, Azure NetApp Files, or File Server VMs to access FSLogix profiles. However, FSLogix Cloud Cache with Azure Storage Account access keys can be used for FSLogix.
To enable Cloud Cache on the selected FSLogix configuration profile, navigate to Settings > Integrations > FSLogix Profiles storage and select Use Cloud Cache in the profile's settings.
See Create a Host Pool for the full details.
Note: It is possible to have session hosts with different directories under the same host pool, therefore we display the directory type at the host level instead of pools level. To view the "Directory" type for each session host under the host pool, navigate to session hosts page as shown in the screen shot below. You can view the directory info in the session host's name. If the host is not Entra ID joined, then its name is displayed in <VM name>.<domain name> format. Otherwise, you see a label "Entra Domain Services" next to the host name.
Comments (0 comments)