How to configure Windows 365 Enterprise Azure AD join

How to configure Windows 365 Enterprise Azure AD join

00
Windows 365 Enterprise Azure AD join – Microsoft Hosted Network.

 

Introduction

Many of us have been waiting for native Azure AD join for Windows 365 Enterprise since its release in August 2021. But wait no longer! The native Azure AD join support has finally become a reality. In this article, I will guide you through the whole process of how to configure both the Built in Network (Referred to as Microsoft Hosted Network in this article) and the On-premises network connection provisioning policy in the Microsoft Endpoint Manager admin center.


Read about the prerequisites and requirements for Windows 365 Enterprise Cloud PC and how to configure Hybrid Azure AD join in the original blog post here – How to configure Windows 365 Enterprise in Microsoft Endpoint Manager.



Azure AD join (Microsoft Hosted Network)

First, let’s configure the Microsoft Hosted Network provisioning policy by visiting the Microsoft Endpoint Manager admin center. The Cloud PCs based on this policy will be Azure AD joined, and they will run in a network hosted by Microsoft, which is perfect for cloud-only customers without an Azure or on-premises infrastructure.
Go to https://endpoint.microsoft.com  

Click Devices | Windows 365 | Provisioning policies
01


Click Create policy.
02

Fill in the required Name field.
Choose Join type, Network, Region, and click Next.
03

Select Image type and click Next. I chose Windows 11 Enterprise + Microsoft 365 Apps 21H2 from the image gallery.04

Add a user-based Azure AD security group containing users eligible for a Windows 365 Enterprise Cloud PC, and click Next.05

Review the configuration and click Create.
06

From Devices | Windows 365, click the All Cloud PCs tab.
If all goes well, the Cloud PCs should appear in the list with the status shown as Provisioned after approx. 20-30 minutes.
07


Let’s try and sign in to the newly created Azure AD joined Windows 365 Enterprise Cloud PC.   
Go to https://windows365.microsoft.com
 
I can confirm from an elevated Command Prompt that the Cloud PC is Azure AD joined, and it’s running in a Microsoft hosted network.
08 


 

Azure AD join (On-premises network connection)

Next, let’s configure the On-premises network connection provisioning policy. The Cloud PCs based on this policy will be Azure AD joined and connected to your Virtual Network, perfect for customers with an existing Azure or on-premises infrastructure that they need to reach from their Cloud PCs for several reasons.

From Devices | Windows 365, click the On-premises network connection tab.
Click Create and choose Azure AD join (preview) in the list.
01

Fill in the required Name field.
Choose Subscription, Resource group, Virtual network, Subnet, and click Next.
02


Review the configuration and click Review + Create.
03


After approx. 5-10 minutes, we should be able to check the status of the on-premises network connection.
Luckily for me, everything passed! Next, click the Provisioning policies tab. 
04
04_status

Click Create policy. 
05 

Fill in the required Name field.
Choose Join type, Network, and click Next.
06

Select Image type and click Next.
Once again, I chose Windows 11 Enterprise + Microsoft 365 Apps 21H2 from the image gallery.
07

Add a user-based Azure AD security group containing users eligible for a Windows 365 Enterprise Cloud PC, and click Next. 08

Review the configuration and click Create.
09 

From Devices | Windows 365, click the All Cloud PCs tab.
If all goes well, the Cloud PCs should appear in the list with the status shown as Provisioned after approx. 20-30 minutes.
10


Let’s try and sign in to the newly created Azure AD joined Windows 365 Enterprise Cloud PC.
Go to https://windows365.microsoft.com
 
Once again, I can confirm from an elevated Command Prompt that the Cloud PC is Azure AD joined. However, it’s connected to the newly created on-premises network connection, and I can communicate with an on-premises server.
10 

 


Summary

In this article, you learned how to configure Windows 365 Enterprise Azure AD join based on a Microsoft Hosted Network or an On-premises network connection provisioning policy in the Microsoft Endpoint Manager admin center.

 

The capability to provision Windows 365 Enterprise Cloud PCs without the need for a connection to an on-premises domain controller is finally a reality. As already mentioned at the beginning of this article, native Azure AD join is something many of us have been looking forward to for several months, especially cloud-only customers! So this is something that I’m very excited to see available in public preview. – Happy testing, everyone!

As always, if you have any questions regarding this topic, don’t hesitate to reach out to us.

Table of Contents

Share this post
Search blog posts
Search
Authors
Modern Workplace consultant and a Microsoft MVP in Enterprise Mobility.
Modern Workplace consultant and a Microsoft MVP in Windows and Devices for IT.

Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.

Cloud & security specialist with focus on Microsoft backend products and cloud technologies.

Cloud & Security Specialist, with a passion for all things Cybersecurity

Cloud and infrastructure security specialist with background in networking.

Infrastructure architect with focus on design, implementation, migration and consolidation.

Infrastructure consultant with focus on cloud solutions in Office365 and Azure.

follow us in feedly
Categories

Follow on SoMe