As more customers choose to host their infrastructure in Azure, there is an increasing demand for supporting Azure AD-joined and Hybrid-Joined devices with Frame. In this solution guide, we will demonstrate how Frame can assist partners and customers in leveraging the advantages of both on-premises and cloud environments through the utilization of hybrid-joined Frame workloads.
To provide a comprehensive understanding of how Frame integrates with hybrid-joined devices, we will begin by providing context about our test environment configuration. While your environment may differ, the objective is to offer insights into how Frame can be integrated with your own unique setup.
Hybrid Joined Devices are supported with Windows 10, Windows 11 (excluding Home Editions), and Windows Server 2016/2019/2022 operating systems. More specifications and details around Azure AD Hybrid Joined devices can be found in Microsoft’s official documentation. Customers can set up Hybrid-Joined devices not only with Azure IaaS, but with GCP, AWS and on-premises AHV as well.
Hybrid-Joined Device Configuration Options in Frame
The table below provides insight on which combination of infrastructure providers and operating systems are supported with Hybrid-Joined devices on Frame.
At the time of publication of this solution guide, Azure AD Hybrid-Joined devices are only supported on persistent Frame accounts.
|Infrastructure Provider (used with a Persistent Frame Account)
|Windows Server 2016/2019/2022
Domain Controller: We have installed and configured a Windows Server 2019 Azure Virtual Machine as the Domain Controller.
AD Connect Tool: The AD Connect Tool is installed and configured to synchronize objects from the Frame Specific Organizational Unit.
Hybrid Joined Settings: We have configured Hybrid Joined settings on AD Connect.
Azure AD Device Settings: We made sure that users may register their devices with Azure AD.
Frame Account: We set up Frame Account with persistent virtual machines on the Frame-managed network with private networking. Additionally, we configured the domain-joined settings and established peering between the VNets where the Domain Controller is and Frame workloads reside. Additionally, we configured Azure Virtual Network Gateway with Point-to-Site (P2S) connection in order to establish a secure connection from the on-prem environment to Azure Cloud.
Visibility: Once we hit the publish we ensured that Workload Instances are visible on the Domain Controller and Azure Active Directory.Important
The synchronization of device objects from the Domain Controller to Azure AD may take a variable amount of time, depending on your configuration of the Azure AD Connect tool (default interval is 30 minutes). Typically, when a virtual machine (VM) starts, it attempts to register with Azure AD, and you can monitor this activity in the Windows event viewer (Event Viewer → Application and Services Logs → Microsoft → Windows → User Device Registration → Admin) . As a result, we strongly advise utilizing this setup exclusively with Persistent Frame Accounts for optimal performance and reliability.
After logging into the Frame Workload with the user that is synchronized from local AD to Azure AD, we observed that the machines were domain-joined but also Azure AD joined, meaning they are in Hybrid-Joined state.
To join devices to Azure AD in a hybrid environment, you need Azure AD Connect, a Windows Server Active Directory environment, network connectivity, a supported Azure AD edition, DNS resolution, user accounts/permissions, supported device operating systems, and device registration.
In this solution guide, we explained how Frame can provide users with the benefits of Single Sign-On (SSO) and LDAP, ensuring productivity and satisfaction. If hybrid-joined devices are your preference, reach out to us so we can discuss how Frame can seamlessly integrate into your unique setup.