This template will deploy a set of Windows Server 2016 VMs that can be used as an Azure AD single sign-on lab.
The virtual network has two subnets: an external-facing subnet an an internal subnet. A network security group on the internal subnet prevents all inbound traffic and only allows 53, 443, and 3389 from the external subnet.
This template deploys Azure Bastion so no gateway/jump host is needed.
NOTE: Because Azure Bastion is in public preview it's only available in the following regions:
- West US
- East US
- West Europe
- South Central US
- Australia East
- Japan East
Visit https://docs.microsoft.com/en-us/azure/bastion/bastion-overview for details.
This template deploys the following VMs (in the specified subnet):
- Domain controller (internal)
- ADFS farm server (internal)
- ADFS proxy server (external)
- Synchronization server (internal)
With the exception of the domain controller the template only deploys the operating system to the VMs.
This template also deploys and configures an AD DS single-domain forest and populates the domain with OUs, users, and groups. All of the VMs on the internal subnet are joined to this domain.