Hosting Active Directory over Azure VM to connect clients without vpn

Question

We(a small organization) are deploying an Azure VM as Active Directory Domain Controller. Now we want to add clients to this active directory and looking at the network/connectivity solutions.

Have users working from many sites, and outside premises also. Have already looked at directaccess but it needs windows enterprise licenses on the clients. Have already looked at azure site to site VPN but for that users need to be on premises which is not the case most of the times. Have already looked at azure point to site VPN for the users, but it only connects after the users logs in(even by using task scheduler. I broke up the azure vpn client already but it doesnt connect before logging in to windows because it uses a certificate and windows doesnt allow it to be accessed before logging in).

Is there a solution which authenticates users to active directory over the internet like directaccess ?

Answer 1

NO.In your case,connecting Azure virtual machines back to an on-premises corporate network must requires Azure virtual network, which includes a site-to-site or site-to-point virtual private network (VPN) component able to seamlessly connect Azure virtual machines and on-premises machines.

Since it provides a layer-3 connection, the VPN component that provides connectivity between an Azure virtual network and an on-premises network can also enable member servers that run on-premises to leverage DCs that run as Azure virtual machines on Azure virtual network. But if the VPN is unavailable, communication between on-premises computers and Azure-based domain controllers will not function, resulting in authentication and various other errors.

More about Contrasts between deploying Windows Server Active Directory domain controllers on Azure Virtual Machines versus on-premises,refer to this document.