Allow AD joining of VM from Workspaces

microsoft / AzureTRE

An accelerator to help organizations build Trusted Research Environments on Azure.

https://microsoft.github.io/AzureTRE

MIT License

182 stars 139 forks source link

Allow AD joining of VM from Workspaces #978

Open deniscep opened 3 years ago

deniscep commented 3 years ago

From workspace subnet, allow on firewall: https://enterpriseregistration.windows.net - For device registration. http://169.254.169.254 - Azure Instance Metadata Service endpoint. https://login.microsoftonline.com - For authentication flows. https://pas.windows.net - For Azure RBAC flows.

Allow port 80 on NSG for http://169.254.169.254

https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows

marrobi commented 2 years ago

@deniscep Am I right in thinking that these are probably rules that need configuring at the workspace level should machines want to be joined to Azure AD?