Can you domain join an Azure VDI to a corporate Windows AD?

Yes. Windows Server Active Directory Domain Services (ADDS) which is synchronized with Azure Active Directory (AAD) using Azure Active Directory Connect. In this case:

  • User identities are sourced from Windows Server AD
  • Virtual Desktops are domain joined to Windows Server AD

Fileshares (corporate fileshare from an Azure VDI)?

  • On-premises AD DS authentication

    Yes, domain-joined machines or VMs are required to access Azure file shares. The domain controllers must be set up on-premises or on Azure VMs. The domain-joined clients must be within the domain service’s corporate network or virtual network (VNET). 

  • Microsoft Entra Domain Services authentication

    Yes, non-domain-joined VMs can access Azure file shares if they have network connectivity to the domain controllers. The user accessing the file share must have an identity in the Microsoft Entra Domain Services managed domain. 

  • Windows File Explorer

    Yes, if you’re logged on to a domain-joined Windows client, you can use Windows File Explorer to grant permissions to files and directories. 

What is the alternative to joining to the Corporate AD?

Joining to an Azure AD Domain. This will provided limited access – and things such as on premises fileshares will need to be replicated/reproduced as Azure fileshares.

Summary

 

Domain joining an Azure VDI to a windows server AD is possible – as is joining to an Azure AD (Entra) only domain.