Skip to main content

Azure AD Hybrid-Joined VMs with Frame

· 4 min read
Stefan Gajic

As more customers choose to host their infrastructure in Azure, there is an increasing demand for supporting Azure AD-joined and Hybrid-Joined devices with Frame. In this solution guide, we will demonstrate how Frame can assist partners and customers in leveraging the advantages of both on-premises and cloud environments through the utilization of hybrid-joined Frame workloads.


To provide a comprehensive understanding of how Frame integrates with hybrid-joined devices, we will begin by providing context about our test environment configuration. While your environment may differ, the objective is to offer insights into how Frame can be integrated with your own unique setup.

Hybrid Joined Devices are supported with Windows 10, Windows 11 (excluding Home Editions), and Windows Server 2016/2019/2022 operating systems. More specifications and details around Azure AD Hybrid Joined devices can be found in Microsoft’s official documentation. Customers can set up Hybrid-Joined devices not only with Azure IaaS, but with GCP, AWS and on-premises AHV as well.

Hybrid-Joined Device Configuration Options in Frame

The table below provides insight on which combination of infrastructure providers and operating systems are supported with Hybrid-Joined devices on Frame.


At the time of publication of this solution guide, Azure AD Hybrid-Joined devices are only supported on persistent Frame accounts.

Infrastructure Provider (used with a Persistent Frame Account)
OSWindows Server 2016/2019/2022
Windows 10
Windows 11

Hybrid-Joined Frame World

Hybrid-Joined Frame World

Our Environment:

  • Domain Controller: We have installed and configured a Windows Server 2019 Azure Virtual Machine as the Domain Controller.

  • AD Connect Tool: The AD Connect Tool is installed and configured to synchronize objects from the Frame Specific Organizational Unit.

  • Hybrid Joined Settings: We have configured Hybrid Joined settings on AD Connect.

  • Azure AD Device Settings: We made sure that users may register their devices with Azure AD.

    Device Settings Configuration Screen

  • Frame Account: We set up Frame Account with persistent virtual machines on the Frame-managed network with private networking. Additionally, we configured the domain-joined settings and established peering between the VNets where the Domain Controller is and Frame workloads reside. Additionally, we configured Azure Virtual Network Gateway with Point-to-Site (P2S) connection in order to establish a secure connection from the on-prem environment to Azure Cloud.

    Architecture Diagram

    Frame Settings

  • Visibility: Once we hit the publish we ensured that Workload Instances are visible on the Domain Controller and Azure Active Directory.

    Domain Controller

    Domain-joined Devices


    The synchronization of device objects from the Domain Controller to Azure AD may take a variable amount of time, depending on your configuration of the Azure AD Connect tool (default interval is 30 minutes). Typically, when a virtual machine (VM) starts, it attempts to register with Azure AD, and you can monitor this activity in the Windows event viewer (Event Viewer → Application and Services Logs → Microsoft → Windows → User Device Registration → Admin) . As a result, we strongly advise utilizing this setup exclusively with Persistent Frame Accounts for optimal performance and reliability.

After logging into the Frame Workload with the user that is synchronized from local AD to Azure AD, we observed that the machines were domain-joined but also Azure AD joined, meaning they are in Hybrid-Joined state.

Frame Workload VM


To join devices to Azure AD in a hybrid environment, you need Azure AD Connect, a Windows Server Active Directory environment, network connectivity, a supported Azure AD edition, DNS resolution, user accounts/permissions, supported device operating systems, and device registration.

In this solution guide, we explained how Frame can provide users with the benefits of Single Sign-On (SSO) and LDAP, ensuring productivity and satisfaction. If hybrid-joined devices are your preference, reach out to us so we can discuss how Frame can seamlessly integrate into your unique setup.

Stefan Gajic
Stefan Gajic is a Solutions Architect with Frame who has worked for various global enterprises and IT companies as a system engineer, technical lead, and solutions architect delivering various Information Technology projects mainly focused on multicloud and hybrid environments. Stefan is also a Microsoft Certified Trainer with the ability to properly impart his Azure expert knowledge to others.