Skip to main content

Exploring Domain Join Options for Frame DaaS: Active Directory, Entra ID (Azure AD), and Hybrid

· 6 min read
Stefan Gajic

Curious about what sets Frame apart, how it stacks up against competitors, or the latest domain-join options we offer? Read on for answers that might just revolutionize your authentication strategy.

Why Frame?

Simple. Frame is the easiest to use DaaS solution and doesn't require extensive prior cloud or VDI experience to get started. Once you get going, it's even simpler to scale and manage. We are known for pioneering access from a browser (no downloads/no plugins). Our priority was to effectively turn Windows apps and desktops into web apps. Other competitors treat browser access as a "second-class citizen,” with their primary focus on delivery through a downloadable application that must be installed on client devices.

Fast. Go from zero to scale, anywhere in the world, in minutes/hours (vs. weeks/months).

Evergreen. Built in the cloud age, for the cloud, from scratch. There is no lift-and-shift of technology previously used for decades on-premises. Frame Control Plane is cloud-native and multi-tenant.

Flexible. Frame is a true hybrid and multi-cloud DaaS solution. You can create desktop/app workloads in over 100+ cloud data centers worldwide (including AWS, Google Cloud, and Microsoft Azure) and in private clouds on Nutanix Cloud Platform (AOS/AHV) all from a single console. No lock-in.

Domain Join Options

Frame provides flexibility without compromising ease of use! We got you covered, whether you're aiming to provide non-domain join desktops through Frame DaaS or looking to deploy domain-joined instances. With Frame's versatile features, you can choose from three distinct domain join settings: Active Directory Domain-Joined Instances, Azure AD-Joined Instances, or Hybrid-Joined Instances.

In this blog post, we'll delve into these options and help you understand which one suits your organization's needs the best.

Active Directory Domain-Joined Instances

When it comes to traditional Microsoft Active Directory (AD) domain-joined environments, AD plays a crucial role. Frame offers seamless workload VM integration with AD, allowing you to extend and use your existing on-premises Active Directory setup with Frame. This domain join setting is ideal for organizations with complex on-premises infrastructures, specific group policy requirements, or the need for on-premises resource access.


  • Utilizes Single Sign On to your existing on-premises AD infrastructure for user and / or machine authentication.
  • Enables tight integration with your organization's AD policies and resources.
  • Well-suited for scenarios where strict control over group policies and resource access is necessary.


  • Operating System: Windows 10, Windows Server 2016, or Windows Server 2019 for the Frame Account.
  • The Domain Join feature requires customers use Windows Server 2008 R2 and Domain Functional Level 2008 R2 or higher
  • Network Configuration:
    • Workloads in Frame must use a non-overlapping CIDR with your network due to the peering requirements.
    • Subnet masks between /16 and /24 are supported.
  • AWS Infrastructure: Update AWS IAM role.
  • Azure Infrastructure: Configure Azure DNS.

DJI Classic

Ready for a seamless setup? Details can be found in our official Frame Documentation.

Entra ID (Azure AD) Joined Instances

Organizations intersted in adopting a cloud-centric approach and leveraging the power of Microsoft services will find Entra ID (formerly known as Azure AD) joined instances to be a compelling option. With this setting, Frame workload VMs are joined directly to Entra ID (Azure AD), eliminating the need for on-premises AD infrastructure. This is particularly beneficial for cloud-first strategies, enhanced security, and streamlined device management.


  • Simplified device management through Entra ID.
  • Aligns well with a cloud-first strategy and integrates seamlessly with other Azure services.
  • Offers enhanced security with advanced features like conditional access and multi-factor authentication.
  • Provides seamless access to cloud-based applications using Entra ID credentials.


  • An active Entra ID (Azure AD) subscription.
  • Windows 10 or Windows 11 Pro or Enterprise. Practically speaking, customers can use Entra ID instances using persistent and non-persistent instances on BYO (Bring-Your-Own) Azure as well as for Nutanix AHV persistent instances.
  • Internet connectivity for device communication with Entra ID

Azure AD

Entra ID Hybrid-Joined Instances

The hybrid model offers a bridge between on-premises AD and Azure AD, providing a balanced approach for organizations with diverse needs. This option is suitable for those who want to maintain their on-premises AD infrastructure while benefiting from Azure AD's capabilities for specific use cases. From the Frame perspective, you will just need to set up Domain Joined instances. From there, install and configure the Azure AD Connect tool on your Domain Controller.

Read our solution guide for an in-depth walkthrough.


  • Enables a gradual transition from on-premises AD to Azure AD.
  • Maintains compatibility with existing on-premises infrastructure and group policies.
  • Offers flexibility to choose benefits from both on-premises and cloud worlds.


  • Active Azure AD and on-premises AD environments with AD Connect.
  • Windows 10 or Windows 11 Pro or Enterprise. Practically speaking, customers can use Entra ID instances with persistent and non-persistent instances on BYO (Bring Your Own) Azure, as well as with Nutanix AHV persistent instances.
  • Internet connectivity.

Entra ID Hybrid-Joined Instances


Frame provides a range of domain join options to meet your organization's unique needs. Whether you prefer the familiarity of traditional AD, the cloud-centric approach of Entra ID, or a hybrid solution, Frame empowers you to tailor your DaaS environment exactly as desired. Lastly, don't forget -- we are the only DaaS provider of non-domain-joined instances.

Choosing the right domain join setting allows you to optimize device management, security, and user experience, enhancing your organization's overall productivity and efficiency. Options like Frame Single Sign-On (Frame SSO) and many more are available, so go and check out our public documentation. Remember, each setting has its own prerequisites and considerations, so it is essential to evaluate your organization's goals and infrastructure before making a decision.

Frame gives you the flexibility to choose the domain join setting that aligns best with your IT strategy and business objectives. If you have questions, please contact us at

About the Author

Stefan Gajic

More content created by

Stefan Gajic
Stefan Gajic is a Solutions Architect with Frame who has worked for various global enterprises and IT companies as a system engineer, technical lead, and solutions architect delivering various Information Technology projects mainly focused on multicloud and hybrid environments. Stefan is also a Microsoft Certified Trainer with the ability to properly impart his Azure expert knowledge to others.