Azure AD DNS

Hi Handian Sudianto. I wanted to check in and see if you've been able to resolve your issue. Please don't hesitate to reach out if you have any questions—I'm always here to help!

Hi Handian Sudianto,

Azure AD (now Microsoft Entra ID) does not natively provide device-to-device DNS resolution like traditional Active Directory.To access other workstations by hostname, you need to implement a DNS or routing solution based on your specific environment. Here are the most effective approaches:

1. For Azure VMs or Windows 365 (Cloud PCs): You need to deploy Microsoft Entra Domain Services (Entra DS) or set up a custom DNS server within your Azure Virtual Network. Devices joined to this network will dynamically register their hostnames, replicating the traditional AD DNS behavior.
2. For Physical Laptops on a Local Office Network: Entra ID does not manage local LAN traffic. You must configure your local office router/DHCP server to act as the DNS server to register client hostnames, or simply ensure network discovery (mDNS/LLMNR) is enabled on the Windows endpoints.
3. For Remote/Work-From-Home Devices: If your workstations are strictly cloud-joined and geographically separated, you cannot resolve their hostnames natively. You will need a VPN, SD-WAN, or a Zero-Trust network solution like Microsoft Entra Private Access to securely route traffic between them.

I hope this information is helpful. If this answer clarifies your issue, please click "Accept answer" so that other community members facing similar issues can find the solution.

In a traditional AD DS domain, DNS records are created in an AD‑integrated DNS zone and clients resolve each other by hostname. In a pure Azure AD environment, there is no built‑in equivalent host‑name registration and resolution between workstations; Azure AD by itself does not provide device‑to‑device DNS like AD DS.

To access other workstations by hostname in an Azure‑based environment, a DNS solution must be added and clients configured to use it:

1. Use AD DS (or Microsoft Entra Domain Services) with DNS
   • Deploy Active Directory Domain Services (AD DS) or a managed domain (Microsoft Entra Domain Services) in Azure.
   • AD DS uses DNS for domain controller location and name resolution; domain‑joined clients dynamically register their hostnames in the AD‑integrated DNS zone and can resolve each other by hostname.
   • Configure client DNS settings so that workstations point to the AD DS / Entra DS DNS servers.
2. Use custom DNS servers in Azure virtual networks
   • For Windows 365 / Cloud PCs or Azure VMs, configure the Azure virtual network to use custom DNS servers (for example, domain controllers or standalone DNS servers) instead of the default Azure DNS.
   • Domain‑joined Windows clients in that network can then use secure dynamic DNS (DDNS) to register their hostnames in that DNS server, enabling hostname‑based access between machines.
3. Use Azure DNS private zones for complex topologies
   • For multi‑region or multi‑domain architectures, Azure DNS private zones and Azure DNS Private Resolver can be used to centralize and route DNS queries between Azure networks and on‑premises DNS.
   • Workstations still need a DNS server that holds or can resolve the host records (for example, AD‑integrated DNS plus conditional forwarders or private resolver).

Key points:

• Azure AD alone does not provide workstation hostname resolution.
• Hostname‑based access requires DNS infrastructure (AD DS/Entra DS DNS, custom DNS servers, and optionally Azure DNS private zones) and client DNS settings pointing to that infrastructure.

References:

• DNS and AD DS
• Use dynamic DNS to register hostnames in your own DNS server
• Windows 365 Azure network connection
• What is Domain Name System (DNS)?
• Understand Domain Name Systems in Azure NetApp Files
• How Azure DNS works with other Azure services