On-premises network connections (OPNC) are required so that Cloud PCs can:
- Be provisioned.
- Be joined to your company’s domain.
- Have connectivity to your organization’s on-premises resources.
You can have up to 10 connections per tenant.
As part of the connection process, the Windows 365 service is granted the following permissions:
- Reader permission on the Azure subscription.
- Network contributor permission on the specified resource group.
- Network contributor permission on the virtual network.
Requirements
To create a connection, you must:
- Be an Intune Administrator in Azure AD.
- Have Owner permissions on the Azure subscription that contains the virtual network with connectivity to your on-premises domain controller and network.
To create an on-premises network connection
-
Sign in to the Microsoft Endpoint Manager admin center, select Devices > Windows 365 (under Provisioning) > On-premises network connection > Create connection.
-
On the Network details page, enter a Name for the new connection. The connection name must be unique within the customer tenant.
-
Select a Subscription and Resource group for the new connection. Create a new resource group to contain your Cloud PC resources. Optionally, you can instead select an existing resource group in the list (which grant Windows 365 permissions to the existing resource group). If you don’t have a healthy OPNC, you won't be able to proceed.
-
Select a Virtual network and Subnet.
-
Select Next.
-
On the AD domain page, provide the following information:
- AD domain name: The DNS name of the Active Directory domain that you want to use for connecting and provisioning Cloud PCs. For example, corp.contoso.com.
- Organizational unit: This is optional. An organizational unit (OU) is a container within an Active Directory domain, which can hold users, groups, and computers. Make sure that this OU is enabled to sync with Azure AD Connect. Provisioning will fail if this OU is not syncing.
- AD domain username: The username, in user principal name (UPN) format, that you want to use for connecting the Cloud PCs to your Active Directory domain. For example, svcDomainJoin@corp.contoso.com. This service account must have permission to join computers to the domain and, if set, the target OU.
- AD domain password: The password for the user specified above.
- Confirm AD domain password: The password for the user specified above.
-
Select Next.
-
On the Review + Create page, select Create.
Edit on-premises network connection
All on-premises network connections (OPNC) are periodically checked to ensure that the environment is ready for use when provisioning Cloud PCs. If these checks fail, you may need to need to fix your networking setup on Azure or edit one of the properties provided.
To edit an on-premises network connection:
- Sign in to the Microsoft Endpoint Manager admin center > Devices > Windows 365 (under Provisioning) > On-premises network connection > select the connection you want to edit > Properties.
- On the Properties page, you can edit the General and AD domain settings by selecting Edit next to each header.
After the edits have been saved, the OPNC checks are run to verify the configuration.
You cannot edit an OPNC if it is running checks. You must wait for the checks to pass/fail before edit functionality becomes available.
Delete on-premises network connection
Only a unassigned on-premises network connection (OPNC) can be deleted. If an OPNC is in use by a provisioning policy, then you must do one of the following:
- Remove the OPNC from all provisioning policies.
- Delete the OPNC.
To delete an on-premises network connection:
- Sign in to the Microsoft Endpoint Manager admin center > Devices > Windows 365 (under Provisioning) > On-premises network connection.
- Select the ellipses (…) next to the connection you want to delete > Delete.
- Select Confirm when asked to delete the connection.
Microsoft Documentation: https://docs.microsoft.com/en-us/windows-365/enterprise/create-on-premises-network-connection
Comments
0 comments
Article is closed for comments.