This template will deploy a set of Windows Server 2012R2, 2016, 2019 or 2022 VMs that can be used as an Azure AD single sign-on lab.
The virtual network has two subnets: an external-facing subnet an an internal subnet. A network security group on the internal subnet prevents all inbound traffic and only allows 53, 443, and 3389 from the external subnet. A network security group on the external subnet restricts 3389 to the Gateway VM from the public IP address specified in the template.
This template deploys the following VMs in the specified subnet. You will be able to remote into all VMs from the remote desktop jump server.
- Remote desktop jump server(external)
- Domain controller (internal)
- ADFS farm server (internal)
- ADFS proxy server (external)
- Synchronization server (internal)
With the exception of the domain controller, the template only deploys the operating system to the VMs and joins them to the domain.
This template also deploys and configures an AD DS single-domain forest and populates the domain with generic OUs, users, and groups. All of the VMs on the internal subnet are joined to this domain.
Template based on mbakunas/azure-ad-sso-lab and dakoer/Synlab