Azure Virtual Desktop (AVD) is once again pushing the boundaries of virtual desktop technology. The long-awaited Azure Active Directory (Azure AD) native join capability will address a significant gap in the product offering. Azure AD native join will allow users to fully manage their virtual environment without any need for extending existing or creating new legacy Active Directory infrastructure in the cloud.
Now, this might sound like a bunch of unintelligible tech jargon but stick with me and we’ll cover what this means and how it will impact your organization.
Why utilize Azure AD-joined VM’s
Before this update, accessing AVD required a legacy Active Directory infrastructure, using either domain controller servers or the “Azure AD DS” cloud-hosted version of this service. So, despite being a modern solution, AVD still required a few legacy services to deploy. Now, full Azure AD support also means users no longer have to jump through hoops to take advantage of Azure AD’s highly sought-after capabilities including multi-factor authentication (MFA), Single Sign-On (SSO), additional credential types (FIDO2), and Conditional Access.
Eliminating the need for legacy Active Directory reduces the cost of switching and streamlines the deployment of AVD making an already cost-effective product even more attractive. Additionally, costs can also be decreased by deploying thin clients as AVD does not require as much processing power as traditional desktops. The benefits of MFA, SSO, FIDO2, and Conditional Access are fully compatible with thin clients from several vendors. With a range of models available with features such as multi-monitor support, camera pass-through for Teams/Zoom/etc., and cloud enrollment for secure out-of-the-box deployment for office or remote users, thin clients are a strategic option to consider.
Increasing Cybersecurity Posture with Intune Management
Users will now have a fully secure infrastructure reachable anywhere with reduced CAPEX costs (hardware/internet costs). Organizations can combine Azure AD-joined devices with full Intune management of multi-session AVD virtual servers. In addition to the Azure AD benefits mentioned previously, admins can now control all single-session and multi-session servers from one place. This allows for device-wide configurations and full MFA-controlled access to your cloud environment with encryption at rest and trusted launch VMs.
In addition, Microsoft has added another important security feature: Conditional Access on the AVD virtual server. Conditional Access policies are essentially if-then statements that make a user complete an action to access a resource, such as enrolling a device with Intune to ensure its policies are applied before granting access to company data. It helps ensure a minimum-security posture for company-owned and bring-your-own-device (BYOD) devices and helps protect the organization’s assets in the cloud.
As it often does, new technology can experience a lot of changes in a year. AVD is no exception. AVD continues to innovate, taking advantage of the latest security and management features Microsoft has made available to traditional devices and integrating them into its cloud-first platform. Support for Azure AD and Intune device management are only the latest improvements made to a tool that is changing the way people work. We can’t wait to see what innovations the next year will bring to this platform!
If you’re interested in learning more about AVD and how it can work for you, click here for an overview. You can also check out the previously published articles, “Why Make the Switch” and June 2021 updates. For more clarification or specific questions, feel free to reach out to our team directly at firstname.lastname@example.org.