Hey everyone, I'm wondering if it's a good idea to restrict workstation admin accounts solely to Azure Virtual Desktop. Recently, our system admin migrated everything to AVD for these accounts, but after some quick research, it seems like there are more downsides than benefits. What do you all think?
4 Answers
I actually see the potential in this setup. If you're implementing Protected Admin Workstations (PAWs), you could host them on-premises, in a virtual on-prem, or in the cloud (like AVD). This way, conditional access can be applied, which adds an extra layer of security. However, if you're using Azure Active Directory, keep in mind that your domain controllers may be in a different region. This might slow down replication. Plus, outages in Azure can affect your access, but there are ways to build resilience into your setup. It really comes down to your overall architecture and security needs!
Is this setup really beneficial for a smaller company with around 500 employees? Would it offer more security compared to traditional on-prem access?
Could you clarify what WA and WVD stand for? On my side, WA usually means WhatsApp, but I doubt that's what you're referencing. Also, I'm not sure about WVD. What does that mean in this context?
From a security standpoint, using VMs in AVD is like using jump boxes, which isn't the worst option. However, I wouldn't recommend it solely because of the risk of lateral movement. I'd suggest having dedicated, locked-down PAWs that can only be accessed directly and not remotely for better security.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures