1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Designing an Azure Virtual Desktop Architecture

Planning and Configuring Name Resolution for Active Directory and Azure AD Domain Services

Start course

An important aspect of any Azure Virtual Desktop (AVD) environment is ensuring it is designed to not only meet best practices standards but also meet your organization’s requirements. To get the most out of this cloud-hosted service, it is important to use the correct features and components that make up the AVD environment which will, in turn, give a much better experience for your users. 

This course will help you design and plan your Azure Virtual Desktop environment and allow you to understand how it integrates with other Azure services. It covers understanding network and sizing requirements, recommending the correct identity and access management (IAM) solution to integrate with AVD, the operating system (OS) options that support AVD, and a closer look at the different host pool types with use cases they fit into.

Learning Objectives

  • Assessing existing physical and virtual desktop environments
  • Assessing network capacity and speed requirements for Azure Virtual Desktop
  • Recommending an operating system for an Azure Virtual Desktop implementation
  • Planning and configuring name resolution for Active Directory (AD) and Azure Active Directory Domain Services (Azure AD DS)
  • Planning host pools architecture
  • Recommending resource groups, subscriptions, and management groups
  • Configuring a location for the Azure Virtual Desktop metadata
  • Calculating and recommending a configuration for performance requirements

Intended Audience

This course is intended for people who want to become an Azure Virtual Desktop Specialist and/or are preparing to take the AZ-140 exam.


If you wish to get the most out of this course, it is recommended that you should have a good understanding of Azure Administration, however, this is not essential.


Welcome to this module on Planning and Configuring Name Resolution for Active Directory and Azure AD Domain Services. In this module, we'll cover the following topics. We'll discuss Identity and Access Management options, which include: Azure Active Directory, Active Directory topology with Azure Virtual Desktop. Finally, we'll discuss Azure AD Domain Services, better known Azure AD DS, with Azure Virtual Desktop. Let's jump straight into Identity and Access Management options.

First, we have Azure Active Directory, which is Microsoft Cloud's default identity service and it's with this service that we can integrate features, such as conditional access and multi-factor authentication. We then have Active Directory Domain Services. This is your traditional on-premises identity and access management services where you install the Active Directory role onto a physical or virtual server. The third identity option for Azure Virtual Desktop is Azure Active Directory Domain Services. This is Microsoft's domain controller as a service. Rather than provisioning a Windows Server to deploy the Active Directory role, you deploy this service and Microsoft manage the domain controller element. At the time of this course, all three options integrate with Azure Virtual Desktop. We will now look at each option in further detail.

First, let's discuss Azure AD. Azure AD join has only recently been added as an integration feature. This enables administrators to manage the users and devices in a single pane of glass, regardless of the country the user or device reside in. Azure Active Directory can synchronize with Active Directory domain services via the Azure AD Connect sync tool, which in turn allows Azure Virtual Desktop to potentially integrate with applications that are hosted on-premises.

One of the most important features of Azure Active Directory integration enables for Azure Virtual Desktop are the security enhancements, including conditional access policies and multi-factor authentication. Active Directory Domain Services is traditionally a service you deploy on-premises on a virtual machine or a physical server, and allows you to domain join Windows clients. Domain joining your Azure Virtual Desktop session hosts will allow you to integrate the group policy to enhance the management experience. If you want the best of both on-premises and cloud integration, you can apply Hybrid AD join to your session host virtual machines to make use of Azure Active Directory's enhanced security features but also Endpoint Manager integration.

The final deployment method we'll discuss is Azure Active Directory Domain services. As I mentioned before, this is a domain controller as a service, so you do not have the headache of managing the Windows operating system, but get almost identical features as Active Directory Domain Services You can domain join your Azure Virtual Desktop session hosts. You even have the LDAP and NTLM support. However, what you do not get is the ability to do a hybrid AD join.

About the Author

Shabaz Darr is a Senior Infrastructure Specialist at Netcompany based in the UK. He has 15 years plus experience working in the IT industry, 7 of those he has spent working with Microsoft Cloud Technologies in general, with a focus on MEM and IaaS. Shabaz is a Microsoft MVP in Enterprise Mobility with certifications in Azure Administration and Azure Virtual Desktop. During his time working with Microsoft Cloud, Shabaz has helped multiple public and private sector clients in the UK with designing and implementing secure Azure Virtual Desktop environments.