My goal is to upload a customized VHD into our cloud-only USGov environment and turn it into an Azure AD-joined template. My challenge is the option Login with Azure AD is disabled.
The image is a Windows 10 Pro x64 21H2 OS originally obtained via Azure Marketplace. It has since been hardened to comply with US government regulations. After hardening the VHD, I followed all the guidelines found in Prepare a Windows VHD or VHDX to upload to Azure and converted the VHD to a fixed size. I am able to upload the VHD to blob storage, and I can create a VM from the VHD, either via managed disk or directly from blob storage. The VM powers on properly, and I can login to it with local VM credentials and use the system as expected. However, I want to join the VM to Azure AD. When creating the VM, I am unable to check the box labeled Login with Azure AD, and a warning appears below the checkbox stating This image does not support Login with Azure AD.
Troubleshooting steps:
- I have tried generalizing the VM via OS Sysprep, capturing the VM as an image, and creating a new VM from that image. Same result.
- I have tried adding the AADLoginForWindows extension and turned on the System-assigned Identity after creating the VM, then rebooted. Same result.
- I have installed the Azure Virtual Machine Agent prior to upload, and then creating a VM. Same result.
- I have tried going to Settings > Accounts > Access Work or School > Connect > Join this device to Azure Active Directory, and walking through the credentials wizard with my USGov credentials, then I receive an undefined error. This VM does have outbound internet access and I am able to successfully login to USGov via browser. 80072efe Correlation ID not available
- dsregcmd /status reports AzureAdJoined = NO dsregcmd /status results
- Windows Firewall has been disabled and turned off with a blanket Allow All Inbound rule for good measure. Same result.
I'm not sure what else to check here. Any assistance would be greatly appreciated.
Thank you.
