Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,362 questions
About Azure Virtual Desktop and Microsoft Defender for Endpoint
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 52%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Testa
551
Reputation points
Hi there,
I would like to get your advice to the below two points about the current setup of AVD:
1,
Since one user has 3 different ID(domains), I understand that each user needs to have 3 licenses of Microsoft Defender for Endpoints. Is there any way to avoid us from purchasing 3 licenses per user, and instead giving 1 license to get the user to access two different on premises environments with AVD and Azure environment?
2,
Related to question 1, but I was shared the below document and I don't understand the logic how it can help solve the problem. Any explanation would be great!
Thank you.
{count} votes
-
Testa 551 Reputation points
2022-08-18T14:13:59.157+00:00 Hi. The info in the attachment is wrong. Please refer to this instead
-
Prrudram-MSFT 21,886 Reputation points2022-08-24T17:13:13.677+00:00 @Testa ,
May not be able to help much with licensing but if you have users from different forests belonging to one AAD tenant you can try two host pools with sessions hosts in each pool joined to the proper domain. If there is forest trusts you can have all sessions hosts in the same domain. Did that fail for you?
also based on the picture I don't understand the scenario in the text. In the picture you have one user and one AAD tenant, but it seems there are 3 custom domains registered in the AAD Tenant? And then you have 2 AD Domains, both are synced to the single AAD tenant.
Where is the AVD Environment located? Is there just 1, 2 or 3 AVD environments?To access AVD, a user needs 1 AAD/AD identity to authenticate. Licenses for Defender are assigned to the user identity and are not related to AVD.
If 1 user has 3 different identities in AAD and all of them should be licensed to use Defender (or Office or any other per-user licensed app), the identity needs to have a license assigned.The question is - why does a single person(user) need 3 different identities?
Or are they 3 UPNs / custom domains under the same AAD tenant that the user has? is there a 3rd on-prem AD (Main)? but yea bottom line if they are different users, they need respective licenses. -
Testa 551 Reputation points
2022-08-25T06:40:49.333+00:00 Thank you for your answer.
The scenario is similar with the below link (though 1 user only have 2 IDs in the link)
https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/multi-forest-azure-managed#architectureIf all users have 3 domains (@companyA.com, @companyB.com, @newcompanyAB.com), they all need 3 licenses since they have 3 different UPNs, right?
(I understand that you cannot advise licenses matters, but I just want to check if my understanding is correct).1, For the above link case, user@companyA.com can access to Hostpool B and Hostpool AB as well if use "Forest Trust" you mentioned above?
2, In terms of minimizing the number of domains per user, only options is to merge AD(companyA.com and companyB.com), and then, companyA.com domain in Local environment is changed to newcompanyAB.com?
3, In terms of architecture of AVD, is there any better option if there are two on-premises environments which have each different domain?
Sign in to comment