I have a client that wants to migrate from on prem to hybrid to eventually cloud only and they have a few apps that I want to run via Azure Virtual Desktop as opposed to RDS (licensing for avd is bundled into their M365 licensing) but I'm having an issue with the authentication because of how their domain is setup. They currently have a .local domain on prem that self routes to the domain controller as the DNS server, and they have a .com domain that is associated and validated with M365. It was my understanding that So long as you have Azure AD Connect you can join a AD DS domain to a vm for avd and then have that authenticate using Azure AD Credentials. But because their domain is not routable I'm stuck. If I put the vm's involved on the .com domain then they can't access resources (at least I don't think they can) from the .local and I'm not sure how to to make the .local domain routable in a way that M365/Azure AD will accept so that everything talks to each other.
I currently have a DC on prem that is .local, that same DC extended into a VM in azure, my app server in azure and then the avd vm. With a Ipsec tunnel between the vnet and the company network.
Thoughts?
