Update an WVD Application Group Based on a Windows AD Security Group

WVD Security Groups

One unfortunate aspect of working with Windows Virtual Desktop is the inability to assign users to an Application Group based on group management. Microsoft has heard this complaint and an upcoming version of WVD portal management will include App Group access based on group membership. Until that is available, I created a script that should help.

Continue reading “Update an WVD Application Group Based on a Windows AD Security Group”

Active Directory Domain Service, Azure Active Directory and Azure Active Directory Domain Service Explained

Active Directory Domain Service, Azure Active Directory and Azure Active Directory Domain Service

Microsoft has a couple of options available for identity and authentication services including Active Directory Domain Services, Azure Active Directory, and Azure Active Directory Domain Services.  This can lead to confusion, especially considering three of the options have “Active Directory” in the name.  It also leads to the question “do we still need domain controllers?”  This post reviews these three different options, outlining the functionality and comparing how they work together in Microsoft and Azure.

Continue reading “Active Directory Domain Service, Azure Active Directory and Azure Active Directory Domain Service Explained”

VM has reported a failure when processing extension ‘joindomain’

The Problem

It has been about two weeks since the Azure Windows Virtual Desktop preview was announced.  I have had several people ask about a specific issue when adding Windows Virtual Desktops to a domain during the provisioning process.  The error is related to adding the new hosts to the Active Directory Domain and the message looks like below, indicating the “VM has reported a failure when processing extension ‘joindomain’’

Continue reading “VM has reported a failure when processing extension ‘joindomain’”

Azure AD Application Proxy and IIS

I had the pleasure of spending a significant amount of time elbows deep in a Remote Desktop Services deployment this week.  As part of the effort, I published the RDS RDWeb IIS page with the Azure AD Application Proxy so MFA can be leveraged for remote desktop services.

Continue reading “Azure AD Application Proxy and IIS”

Microsoft 365 E3 and E5 Bundels

Microsoft 365 LicensingFor all the technical challenges I’ve ran into, nothing is more frustrating than trying to understand Microsoft Licensing.  I put together an infogram as an attempt to explain Microsoft licensing and the relationship between the O365, EMS and the new Microsoft 365 license bundle.  Supporting links are below as well as a video I put together to explain how each product relates to the other.  This is meant to be informational only, please seek assistance from a Microsoft licensing professional before making any purchasing decisions. Continue reading “Microsoft 365 E3 and E5 Bundels”

Azure AD and Named Locations

I am at the beginning of implementing Azure AD Premium in an environment and got hung up on the simple task of configuring Named Location for Conditional Access. Now, this was a minor nuisance at best, but thought I would outline what happened as the Microsoft documentation is a bit misleading.

As a background for those of you unfamiliar, Named Location is a feature of Azure AD Premium that lets you define know locations in your AD tenant. This is used for with Identity Protection and login risk assessments. It can also be part of Conditional Access. For example, don’t force MFA when a user logs in from a Named Location. More information can be found here:
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-named-locations

Continue reading “Azure AD and Named Locations”