Deploy Entra Domain Services

Implementation Effort: Medium – Deploying Microsoft Entra Domain Services (MEDS) involves configuring virtual networks, which requires cross-team planning and operational execution. User Impact: Medium – Users with cloud-only may need to reset passwords to generate NTLM and Kerberos hashes.

Overview

Microsoft Entra Domain Services (MEDS) enables domain join, LDAP, Kerberos, and NTLM authentication in Azure without deploying and managing domain controllers for existing AD Domains. MEDS integrates directly with Microsoft Entra ID, allowing for centralized credential and group management, while preserving support for legacy authentication protocols necessary for certain applications. It supports Zero Trust principles by enabling segmentation, providing identity-based access controls, and reducing reliance on corporate network perimeter-based trust.

Reference

• Overview of Microsoft Entra Domain Services
• Common deployment scenarios for Microsoft Entra Domain Services
• Network planning and connections for Microsoft Entra Domain Services
• Create a management VM for Microsoft Entra Domain Services
• Tutorial: Create and configure a Microsoft Entra Domain Services managed domain