Cloud Security Redefined: Microsoft Entra ID Meets Frame
As technology evolves, so do the ways organizations manage their IT infrastructure. In the realm of virtualization and cloud services, the concept of Microsoft Entra ID (formerly known as Azure Active Directory) joined devices has emerged as a game-changer. This technology not only streamlines device management by unifying access across multiple platforms but also enhances security through advanced authentication mechanisms. In this blog, we'll delve into the intricacies of utilizing Entra ID joined devices within the dynamic landscape of Frame DaaS, providing a seamless and secure experience for users.
WRITTEN BY
TABLE OF CONTENT
Introduction
Entra ID joined devices represent a shift in endpoint device management, allowing direct integration with Entra ID without relying on traditional on-premises Active Directory infrastructure. Specifically designed for Windows 10 and Windows 11 devices, this approach streamlines authentication processes and reduces dependencies on local AD environments. Dizzion supports organizations who want to use Entra ID within the Desktop as a Service solution. Besides the ability to support workload VM integration and user logon with Entra ID, Dizzion also supports classic Active Directory and deployments without any Directory service. This flexibility is one of many unique features not typically offered by other DaaS vendors.
Why Choose Entra ID Joined Devices?
Organizations opt for Entra ID joined devices for various reasons:
- Simplified Device Management: Centralized management through Entra ID eliminates the need for on-premises infrastructure, streamlining configurations. With Microsoft Intune, which also is supported by Frame, this can make life of EUC admins much easier, so continue reading 😊
- Cloud-Centric Approach: Ideal for organizations heavily reliant on cloud services, Entra ID joined devices align seamlessly with a cloud strategy, fostering tighter integration with Azure services.
- Enhanced Security: Entra ID offers advanced security features like conditional access policies and multi-factor authentication (MFA), enforcing security policies for accessing corporate resources. More information about conditional access use cases with Frame can be found in my previous solution guide.
- Seamless Access to Cloud Resources: The Frame-powered workload instances are Entra ID integrated and the user logs in to these workload instances using Entra ID to authenticate. This means that once users are logged into their Frame Virtual Machines, they can enjoy seamless access to cloud-based applications, such as Microsoft 365 and other SaaS applications, using their Entra ID credentials.
Enabling Entra ID Support in Frame
In the realm of Frame, the integration of Entra ID joined devices involves specific steps and considerations for both Azure and Nutanix AHV customers. Integration on Frame side is secured with a “one-click” solution as you are used to when collaborating with Frame. 😊
Prerequisites
Before diving into the Entra ID joined devices world within Frame, ensure the following prerequisites are met:
- Entra ID Tenant: You should have a dedicated instance of Entra ID representing your organization's identity and access management in the Azure cloud.
- Supported Operating Systems: Windows 10 and Windows 11 (Pro, Enterprise) and Windows Server 2019 and newer instances running in Azure (Server core isn't supported). This means that, with the Frame, Entra ID joined devices can be used with two supported infrastructures: Azure and Nutanix AHV.
- Internet Connectivity: Instances must have internet access for communication with Entra ID.
- Frame Subscription and Frame Account: A Frame subscription along with a Frame account within organization is necessary.
- BYO Azure Subscription or Nutanix AHV Cluster: Ensure ownership of a Bring Your Own (BYO) Azure Subscription with Owner rights or a Nutanix AHV cluster.
Azure Customers
Azure customers can use this new feature with both non-persistent (pooled) Frame Accounts and with persistent or personal desktop Frame Accounts. This is possible as Frame implemented the Micrsoft provided extension for Azure that automatically joins VMs into corresponding Entra ID Tenant during VM creation.
After Frame Administrator enables this feature and configures required permissions in Frame and Azure, end users can enter its Entra ID credentials and login into session.
Nutanix AHV Customers
Nutanix AHV customers can use the Entra ID feature only for persistent Frame Accounts because each end-user must go through the Windows OOBE (Out-Of-Box-Experience) procedure.
Additional Features
Frame SSO
Frame Single Sign-On (SSO) lets users access an Entra ID joined VM without needing users to enter their Entra ID credentials every time they enter a Frame session. You can also easily enable this feature within Entra ID settings and make your end-user experience even smother.
Intune MDM Integration
Integrating Intune with Azure and AHV Persistent Frame Accounts empowers users with seamless control over the management of their workload VMs, aligning with the best practices recommended by Microsoft. For more info, please review Microsoft's official documentation.
Windows Hello for Business (WH4B)
Enable secure authentication using biometrics or PIN to enhance security and simplify user login experiences. Note that WH4B setup requires you to use Azure Generation 2 Virtual Machines with vTPM enabled and ensure User Account Control is enabled on Frame workspaces.
Conclusion
The integration of Microsoft Entra ID joined devices with Frame represents a significant step in IT management for cloud first Customers. Frame's flexibility allows organizations to choose their directory service, simplifying device management. Entra ID's advanced security features, coupled with Frame's streamlined user experience, strike a crucial balance. For cloud-focused organizations, this integration seamlessly aligns with Azure services. Additional features like Frame Single Sign-On, Intune MDM integration, and Windows Hello for Business enhance productivity and security. Ultimately, this integration empowers organizations to navigate the evolving IT landscape efficiently and securely.
NOTE
Microsoft is not recommending usage of Intune service with non-persistent instances.
Subscribe to our newsletter
Register for our newsletter now to unlock the full potential of Dizzion's Resource Library. Don't miss out on the latest industry insights – sign up today!
Dizzion values your privacy. By completing this form, you agree to the processing of your personal data in the manner indicated in the Dizzion Privacy Policy and consent to receive communications from Dizzion about our products, services, and events.