Windows 10/11 outside of the Active directory accessing the Azure VM

Jamshid Javidi 106 Reputation points
2024-10-23T16:11:20.9933333+00:00

i have migrated an on-premise server to the Azure VM using Sonicwall VPN. I am able to connect to the VM from inside the office without any issues. I would like to know if remote users (who have Win 10/11 machines) want to access the VM, how to do they do it? Do they need special Microsoft 365 license? I know i should go to the settings and account and join them that way. We currently have office 365. Basic and standard licenses.

I appreciate your help.

Jamshid

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,677 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,274 questions
Windows Licensing
Windows Licensing
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Licensing: Rules, regulations, and restrictions that define how software can be used and distributed.
114 questions
0 comments No comments
{count} votes

Accepted answer
  1. hossein jalilian 8,230 Reputation points
    2024-10-23T17:40:22.1866667+00:00

    Thanks for posting your question in the Microsoft Q&A forum.

    Joining Devices: You can join your devices to Azure Active Directory by going to Settings > Accounts > Access work or school and signing in with their Microsoft 365 credentials.

    Configuring the VM: You need to ensure the Azure VM is Azure AD joined or Hybrid Azure AD joined, and assign the right roles, like Virtual Machine User Login.

    Enabling RDP Authentication: In the Azure portal, we can go to the VM’s Identity section and enable System assigned for Azure AD authentication.

    I believe basic Microsoft 365 licenses should be enough for Azure AD join and authentication, but using Azure Bastion might have additional costs.


    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

    0 comments No comments

6 additional answers

Sort by: Most helpful
  1. Jamshid Javidi 106 Reputation points
    2024-10-23T18:06:10.1166667+00:00

    Hi,

    Thank you for your response. Do I need a special license (like Premium, E3, E5, etc.) to join the vm? Some of these workstations were joined to the on premise server and part of the network and now they are outside of the office.

    Thanks for your help.

    Jamshid

    0 comments No comments

  2. Jamshid Javidi 106 Reputation points
    2024-10-23T18:59:19.63+00:00

    Hi Hossein,

    Thank you for your response. Here are my answers.

    Joining Devices: You can join your devices to Azure Active Directory by going to Settings > Accounts > Access work or school and signing in with their Microsoft 365 credentials. UNDERSTOOD.

    Configuring the VM: You need to ensure the Azure VM is Azure AD joined or Hybrid Azure AD joined, and assign the right roles, like Virtual Machine User Login.- THE VM IS THE PRIMARY DOMAIN CONTROLER. ALL THE ROLES WERE TRANSFERRED FROM THE ON-PREMISE. WE CAN CONNECT TO THE VM THROUGH THE SITE TO SITE VPN.

    Enabling RDP Authentication: In the Azure portal, we can go to the VM’s Identity section and enable System assigned for Azure AD authentication.

    I believe basic Microsoft 365 licenses should be enough for Azure AD join and authentication, but using Azure Bastion might have additional costs. HOW DO I ACHIEVE CONNECTING ONE OF THE WORKSTATIONS THAT WAS IN THE OFFICE AND NOW IT IS NOT TO THE VM? I appreciate your help. Jamshid

    0 comments No comments

  3. Neuvi Jiang 1,460 Reputation points Microsoft Vendor
    2024-10-24T02:54:18.1266667+00:00

    Hi Jamshid Javidi,

    Thank you for posting in the Q&A Forums.

    Remote users can access Azure VMs in a variety of ways, including but not limited to the following:

    Remote Desktop Connection:

    Remote users can use the Remote Desktop Connection (RDP) feature that comes with Windows to access the VM remotely by entering the Azure VM's public IP address and port number (3389 by default), as well as the corresponding username and password.

    This is simple and straightforward, but you need to make sure that the Azure VM's firewall and network security group (NSG) have opened the appropriate ports and that the correct inbound rules are configured.

    VPN connection:

    If your organization has set up a VPN (e.g., Sonicwall VPN), remote users can first connect to the organization's internal network through the VPN and then access Azure VMs through the internal network.

    This approach enhances security because users need to be authenticated by the organization before they can access the internal network.

    Other remote access tools:

    Other remote access tools such as AnyDesk, TeamViewer, and others can be used, which provide more flexible remote access options but may require additional configuration and licensing fees.

    Remote users do not need a special Microsoft 365 license to access Azure VM itself.Microsoft 365 licenses are primarily related to the use of Office applications, cloud storage, collaboration features, and so on.

    If remote users need to use Office applications (e.g., Word, Excel, PowerPoint, etc.) and those applications are installed on Azure VMs, they need to have the appropriate Office 365 (or Microsoft 365) licenses in order to access and use those applications.Remote users can access Azure VMs in a variety of ways, including but not limited to the following: Remote Desktop Connection: Remote users can use the Remote Desktop Connection (RDP) feature that comes with Windows to access the VM remotely by entering the Azure VM's public IP address and port number (3389 by default), as well as the corresponding username and password. This is simple and straightforward, but you need to make sure that the Azure VM's firewall and network security group (NSG) have opened the appropriate ports and that the correct inbound rules are configured. VPN connection: If your organization has set up a VPN (e.g., Sonicwall VPN), remote users can first connect to the organization's internal network through the VPN and then access Azure VMs through the internal network. This approach enhances security because users need to be authenticated by the organization before they can access the internal network. Other remote access tools: Other remote access tools such as AnyDesk, TeamViewer, and others can be used, which provide more flexible remote access options but may require additional configuration and licensing fees.

    Remote users do not need a special Microsoft 365 license to access Azure VM itself.Microsoft 365 licenses are primarily related to the use of Office applications, cloud storage, collaboration features, and so on.

    If remote users need to use Office applications (e.g., Word, Excel, PowerPoint, etc.) and those applications are installed on Azure VMs, they need to have the appropriate Office 365 (or Microsoft 365) licenses in order to access and use those applications.

    Best regards

    NeuviJ

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

  4. Jamshid Javidi 106 Reputation points
    2024-10-24T16:26:55.6666667+00:00

    Hi NeuviJ,

    Thank you for your response. I appreciate your help. here is my situation. I am taking out the pc's that were in the office and joined to the AD domain to the remote location. They are no longer accessing the Sonicwall VPN. But I want these PC's authenticate to the VM? How do I achieve this?

    Thanks for your help.

    Jamshid

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.