Add an Account
Disclaimer: Nerdio Manager is an automation and management solution. Nerdio Partners are responsible for understanding and managing Microsoft Identity Services, Microsoft 365, and Azure Resources. For Identity and Azure support, please contact your distributor or Microsoft directly.
After installing Nerdio Manager, the next step is to provision a customer account in Nerdio Manager, to manage their Azure environment. Note that generally this is a customer's tenant, but you can also manage your own Azure tenant.
Note: In order to add an account, you must have the following:
An Entra ID login to the customer's tenant, with Global Administrator and Subscription Owner roles.
If you are using an existing Active Directory, you need the domain name, admin username, and admin password.
Tip: This is a multi-step process. You may complete all the steps in one pass. Alternatively, you may complete individual steps and continue with the additional steps later.
Companion Video
To add an account:
At the MSP level, navigate to Accounts.
Select Add account.
Enter the following Step 1. Link to Customer's Entra ID Tenant information:
Grant access to Entra ID Tenant: Select Connect. When prompted:
Review the required permissions.
Select Consent on behalf of your organization.
Select Accept.
Account Name: Type the account name for this customer's deployment.
Note: Generally, this is your customer's organization name. This value can be changed later.
Desktop Deployment Model: Select one or two of the following models:
Azure Virtual Desktop: Select this option to deploy personal and pooled Azure Virtual Desktops.
Windows 365 Enterprise Cloud PC (MEM-managed): Select this option to deploy Cloud PC desktops that are AD-joined and can be managed from the endpoint manager.
Windows 365 Business Cloud PC (Self-managed): Select this option to deploy Cloud PC desktops that are not AD-joined.
Endpoint Management with Intune: Select this option to manage physical and/or virtual endpoints with Intune that are Entra ID-joined.
Select subscription: From the drop-down list, select from the list of available Azure subscriptions in the Entra ID tenant.
Notes:
Only subscriptions accessible to the currently signed in user are listed. That is, it is based on the user chosen when you selected Connect above.
For Endpoint Management with Intune, which is for Intune-only physical device management without AVD, you do not need an Azure subscription, so leave this as <no subscription>. Please note that you do need an Intune subscription.
Once the account is created, you may link additional subscriptions. SeeLink Multiple Azure Subscriptions to an Account for details.
Indicate your Active Directory setup: From the drop-down list, select the type of Directory configuration for this account.
Note: The following AD options are available:
Entra ID: Select this option if you do not plan to run Active Directory and can work with the limitations of Entra ID versus traditional Active Directory. There are certain limitations to using Entra ID, including limited support for FSLogix. Learn more here. This is the only option for Endpoint Management with Intune.
Use existing Active Directory: Select this option if you already have an Azure environment with access to a traditional Windows Active Directory domain controller. It is strongly recommended that a domain controller VM exists in the Azure environment and a network is properly configured with access to this AD DC. You are prompted to select the existing network that has access and this network must have its DNS servers pointing at the domain controller.
Create new Entra Domain Services: Select this option if you do not have a current Azure environment, are building this account as "greenfield," and need the capabilities of Active Directory Domain Services. Nerdio Manager creates Entra Domain Services in the Azure subscription. You can learn more about Entra Domain Services and its associated costs here.
Use existing Entra Domain Services: Select this option if you have already configured Entra Domain Services in the customer's Azure environment and would like to continue using it then select this option. All Entra Domain Services prerequisites apply.
Once you have entered all the desired Entra ID Tenant information, select Save & next.
Notes:
Once you select Save & next, Nerdio Manager creates a service principal in your customer's Entra ID tenant. This may take a few minutes.
For Endpoint Management with Intune, select Save & done. There are no additional steps required to create the new account. The account is created after a few minutes.
Enter the following Step 2. Azure information:
Note: This step allows you to create a new network or select an existing network. You are able to add additional networks and resource groups on the Settings page later, after you have finished adding the account.
Select Azure region: From the drop-down list, select the Azure region (location) where you would like to begin your initial deployment.
Notes:
We generally recommend you select a region that is closest to the majority of your customer's users.
It is possible to link additional networks later and deploy resources to multiple networks and regions.
Select or create Resource Group: From the drop-down list, select an existing resource group. Alternatively, select Create new and type the new resource group's name.
Note: This resource group is used for the initial deployment. You may link additional resource groups later.
Select network: From the drop-down list, select an existing network. Alternatively, create a new network if you are deploying a greenfield environment with a new Entra Domain Services.
For a New Network:
Network name: Type the network's name.
Network address space: Type the network's address space.
Subnet name: Type the network's subnet name.
Subnet address prefix: Type the network's subnet address prefix.
Once you have entered all the desired Networking information, select Save & next.
Note: Once you select Save & next, Nerdio Manager links to an existing network or creates a new network. This may take a few minutes. You can follow the progress of the provisioning task in the Account Provisioning Tasks section at the bottom of the page.
If you are creating a new Entra Domain Services instance, you must enter the following Step 3. Active Directory - Create new Entra Domain Services information:
Name for new domain: Type the domain's name.
Notes:
The DNS domain name can only include letters, numbers, periods, and hyphens.
The DNS domain name must include at least two segments, and the first segment cannot be all numbers.
The prefix of the DNS domain name must contain 15 or fewer characters.
Each segment of the DNS domain name must start with a letter or number.
Entra Domain Services allows routable and non-routable domains. Non-routable domains are not recommended and may cause DNS resolution issues.
Nerdio Manager does not check for DNS conflicts with custom domain names. Be sure to verify that no DNS conflicts exist before continuing.
Create New Domain Admin:
Username: Type the new admin's username.
Password: Type the new admin's password.
Once you have entered all the desired Active Directory information, select Save & next.
Note: Once you select Save & next, Nerdio Manager sets up the new Entra Domain Services domain, which typically takes 60-90 minutes. You can see the task's progress in Account Provisioning Tasks.
Enter the following Step 4. FSLogix Storage information:
Note: The FSLogix storage is where user profiles are stored. This can be on an existing Azure Files share, another SMB share, or Nerdio Manager can create a new Azure Files share. The share location must be AD integrated.
Select existing Azure Files share (AD integrated): Select this option and from the drop-down list, select the Azure Files share to use.
Create new Azure Files share: Select this option, and then select Add. Enter the following information:
Storage account name: Type the globally-unique name for the Azure storage account to be created. This must be lower case without spaces.
Location: From the drop-down list, select the region for the new storage account. This should be the same region as your vNet and hosts.
Performance: From the drop-down list, select the storage performance.
Tip: We recommend Premium storage to avoid performance bottlenecks when loading user profiles at sign in.
Provisioned capacity (GiB): Type the storage capacity in GiB.
File Share access security: From the drop-down list, select the user groups that can access the file share.
Tip: We recommend using a group that all remote desktop (AVD) users belong to. This group is granted access to the file share.
Once you have entered all the desired information for the new Azure Files storage account, select OK.
Provide existing share UNC path: Select this option, and then type the UNC path of the share.
Once you have entered all the desired FSLogix Storage information, select Save & done.
The new account is setup is now complete. The new account is fully provisioned and listed on the Accounts page.
Comments (0 comments)