Resources

Arrow Image

Blog & News

Arrow Image

Cloud Security Redefined: Microsoft Entra ID Meets Frame

Cloud Security Redefined: Microsoft Entra ID Meets Frame

As technology evolves, so do the ways organizations manage their IT infrastructure. In the realm of virtualization and cloud services, the concept of Microsoft Entra ID (formerly known as Azure Active Directory) joined devices has emerged as a game-changer. This technology not only streamlines device management by unifying access across multiple platforms but also enhances security through advanced authentication mechanisms. In this blog, we'll delve into the intricacies of utilizing Entra ID joined devices within the dynamic landscape of Frame DaaS, providing a seamless and secure experience for users.

News & Blog

WRITTEN BY

Stefan Gajic

Solutions Architect

March 20, 2024

TABLE OF CONTENT

Introduction

Entra ID joined devices represent a shift in endpoint device management, allowing direct integration with Entra ID without relying on traditional on-premises Active Directory infrastructure. Specifically designed for Windows 10 and Windows 11 devices, this approach streamlines authentication processes and reduces dependencies on local AD environments. Dizzion supports organizations who want to use Entra ID within the Desktop as a Service solution. Besides the ability to support workload VM integration and user logon with Entra ID, Dizzion also supports classic Active Directory and deployments without any Directory service. This flexibility is one of many unique features not typically offered by other DaaS vendors.

Entra ID with Frame Diagram

Why Choose Entra ID Joined Devices?

Organizations opt for Entra ID joined devices for various reasons:

  • Simplified Device Management: Centralized management through Entra ID eliminates the need for on-premises infrastructure, streamlining configurations. With Microsoft Intune, which also is supported by Frame, this can make life of EUC admins much easier, so continue reading 😊
  • Cloud-Centric Approach: Ideal for organizations heavily reliant on cloud services, Entra ID joined devices align seamlessly with a cloud strategy, fostering tighter integration with Azure services.
  • Enhanced Security: Entra ID offers advanced security features like conditional access policies and multi-factor authentication (MFA), enforcing security policies for accessing corporate resources. More information about conditional access use cases with Frame can be found in my previous solution guide.
  • Seamless Access to Cloud Resources: The Frame-powered workload instances are Entra ID integrated and the user logs in to these workload instances using Entra ID to authenticate. This means that once users are logged into their Frame Virtual Machines, they can enjoy seamless access to cloud-based applications, such as Microsoft 365 and other SaaS applications, using their Entra ID credentials.

Enabling Entra ID Support in Frame

In the realm of Frame, the integration of Entra ID joined devices involves specific steps and considerations for both Azure and Nutanix AHV customers. Integration on Frame side is secured with a “one-click” solution as you are used to when collaborating with Frame. 😊

Enable Entra ID with Frame

Prerequisites

Before diving into the Entra ID joined devices world within Frame, ensure the following prerequisites are met:

  • Entra ID Tenant: You should have a dedicated instance of Entra ID representing your organization's identity and access management in the Azure cloud.
  • Supported Operating Systems: Windows 10 and Windows 11 (Pro, Enterprise) and Windows Server 2019 and newer instances running in Azure (Server core isn't supported). This means that, with the Frame, Entra ID joined devices can be used with two supported infrastructures: Azure and Nutanix AHV.
  • Internet Connectivity: Instances must have internet access for communication with Entra ID.
  • Frame Subscription and Frame Account: A Frame subscription along with a Frame account within organization is necessary.
  • BYO Azure Subscription or Nutanix AHV Cluster: Ensure ownership of a Bring Your Own (BYO) Azure Subscription with Owner rights or a Nutanix AHV cluster.

Azure Customers

Azure customers can use this new feature with both non-persistent (pooled) Frame Accounts and with persistent or personal desktop Frame Accounts. This is possible as Frame implemented the Micrsoft provided extension for Azure that automatically joins VMs into corresponding Entra ID Tenant during VM creation.

After Frame Administrator enables this feature and configures required permissions in Frame and Azure, end users can enter its Entra ID credentials and login into session.

Entra ID with Azure

Nutanix AHV Customers

Nutanix AHV customers can use the Entra ID feature only for persistent Frame Accounts because each end-user must go through the Windows OOBE (Out-Of-Box-Experience) procedure.

Entra ID with AHV

Additional Features

Entra ID Additional Features

Frame SSO

Frame Single Sign-On (SSO) lets users access an Entra ID joined VM without needing users to enter their Entra ID credentials every time they enter a Frame session. You can also easily enable this feature within Entra ID settings and make your end-user experience even smother.

Intune MDM Integration

Integrating Intune with Azure and AHV Persistent Frame Accounts empowers users with seamless control over the management of their workload VMs, aligning with the best practices recommended by Microsoft. For more info, please review Microsoft's official documentation.

Windows Hello for Business (WH4B)

Enable secure authentication using biometrics or PIN to enhance security and simplify user login experiences. Note that WH4B setup requires you to use Azure Generation 2 Virtual Machines with vTPM enabled and ensure User Account Control is enabled on Frame workspaces.

Conclusion

The integration of Microsoft Entra ID joined devices with Frame represents a significant step in IT management for cloud first Customers. Frame's flexibility allows organizations to choose their directory service, simplifying device management. Entra ID's advanced security features, coupled with Frame's streamlined user experience, strike a crucial balance. For cloud-focused organizations, this integration seamlessly aligns with Azure services. Additional features like Frame Single Sign-On, Intune MDM integration, and Windows Hello for Business enhance productivity and security. Ultimately, this integration empowers organizations to navigate the evolving IT landscape efficiently and securely.

About the Author

Dizzion

Dizzion was founded in 2011 with a visionary mission to redefine the way the world works.

In an era of legacy Virtual Desktop Infrastructure (VDI), Dizzion set out to challenge the status quo by making it simple for all customers to transform their workspace experience. By building a powerful automation and services platform on top of the VMware stack, Dizzion delivered virtual desktops as a service before Desktop as a Service (DaaS) even existed.

Stefan Gajic

Solutions Architect

Stefan Gajic is a Solutions Architect with Frame who has worked for various global enterprises and IT companies as a system engineer, technical lead, and solutions architect delivering various Information Technology projects mainly focused on multicloud and hybrid environments. Stefan is also a Microsoft Certified Trainer with the ability to properly impart his Azure expert knowledge to others.

More about the author

NOTE

Microsoft is not recommending usage of Intune service with non-persistent instances.

Subscribe to our newsletter

Register for our newsletter now to unlock the full potential of Dizzion's Resource Library. Don't miss out on the latest industry insights – sign up today!