According to Verizon Data Breach 2021 Investigation Report, there are four key paths leading to high security risk: Credentials, Phishing, Exploiting vulnerabilities, and Botnets. All of these four areas are crucial, and no organization is safe without a plan to handle each of them. As far as credentials go, having a centralized credential system in place is critical, especially when it comes to users and desktops. And virtual desktop or Desktop as a Service (DaaS) solution is no exception. Rather, it makes more sense today to adopt a secure centralized authentication system for any sort of virtual desktops implementation.
With the advent of Active Directory Services (AD) way back in 2000, Microsoft revolutionized identity management with a Kerberos-based, centralized authentication for users, computers, and other entities. Henceforth all of Microsoft’s desktop and server products have been tightly integrated with AD. Moving all their product stacks to Azure Cloud Services, Microsoft has also come up with an as-a-service version of its popular Active Directory Services, called Azure Active Directory (Azure AD). Azure AD is an enterprise identity service that provides single sign-on, multi-factor authentication, and conditional access to guard against 99.9 percent of cybersecurity attacks.
Today’s market leading virtual desktops solutions – including Spot PC, Windows 365 , Azure Virtual Desktop – rely on directory services to authenticate users as well as sessions and provide access to assigned resources. For many years, traditional Active Directory Domain Controller (ADDC) instances have provided these services. With modern cloud based virtual desktops this configuration has created complexity and challenges, mostly related to the fact that Active Directory originated on-premises and often carries with it significant technical debt.
Customers are now asking how they can take advantage of this cloud-based AD service (Azure AD) for their business.
Firstly, customers who have embraced cloud native apps or have moved their traditional applications to cloud, can take advantage of Azure AD. In case of Azure AD, all the users, virtual machines, policies, and security configurations are created and managed in a single Azure Activity Directory instance. This choice simplifies management and increases the security posture by centralizing configuration into one place.
Secondly, large enterprise organizations can use Azure AD to segment virtual desktop management away from on-premises or hybrid configurations. When virtual desktops are hosted in Azure, setting up appropriate network connectivity and security rules back to on-premises resources can be really complex and inefficient. By contrast, hosting Azure AD joined virtual desktops means the base configuration only depends on Azure resources and Azure AD. Further access to additional applications and data can be built out as an add-on for the users that need it.
Spot by NetApp is announcing a Preview access for Azure Active Directory joined Spot PC virtual desktops. By now, many partners and customers are familiar with Spot PC workflows, so it won’t be surprising that we closely mirror the deployment steps for Azure Virtual Desktop and Windows 365 Azure AD joined instances. The steps include:
- During Spot PC Onboarding, choose Azure Active Directory as the directory type.
- You are done. Spot PC automation takes care of the rest of the configuration steps so you can go off and doing something more productive (see Kris Gillette’s helpful blog post here).
Support for Windows 365 Azure Active Directory direct join will follow shortly as part of General Availability for this feature.
Interesting in learning more about Spot PC? Request a demo today.