{"id":1690,"date":"2025-10-25T10:29:26","date_gmt":"2025-10-25T10:29:26","guid":{"rendered":"https:\/\/virtualall.sk\/?p=1690"},"modified":"2026-05-08T07:31:30","modified_gmt":"2026-05-08T07:31:30","slug":"ako-nasadit-windows-11-v-azure-s-prihlasenim-cez-entra-id-a-viacfaktorove-overenie","status":"publish","type":"post","link":"https:\/\/virtualall.sk\/en\/2025\/10\/ako-nasadit-windows-11-v-azure-s-prihlasenim-cez-entra-id-a-viacfaktorove-overenie\/","title":{"rendered":"Windows 11 in Azure with Entra ID &#8211; Complete Deployment Guide"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><span style=\"caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: revert; white-space: normal;\">Cie\u013eom tohto postupu je vytvori\u0165 virtu\u00e1lny po\u010d\u00edta\u010d s opera\u010dn\u00fdm syst\u00e9mom\u00a0<\/span><strong data-start=\"346\" data-end=\"378\" style=\"caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: revert; white-space: normal;\">Windows 11 Pro (verzia 25H2)<\/strong><span style=\"caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: revert; white-space: normal;\">\u00a0v prostred\u00ed\u00a0<\/span><strong data-start=\"391\" data-end=\"410\" style=\"caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: revert; white-space: normal;\">Microsoft Azure<\/strong><span style=\"caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: revert; white-space: normal;\">, ktor\u00fd bude prepojen\u00fd s\u00a0<\/span><strong data-start=\"435\" data-end=\"468\" style=\"caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: revert; white-space: normal;\">Microsoft Entra ID (Azure AD)<\/strong><span style=\"caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: revert; white-space: normal;\">. Pou\u017e\u00edvate\u013e sa n\u00e1sledne prihl\u00e1si do syst\u00e9mu cez\u00a0<\/span><strong data-start=\"517\" data-end=\"550\" style=\"caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: revert; white-space: normal;\">RDP (Remote Desktop Protocol)<\/strong><span style=\"caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: revert; white-space: normal;\">\u00a0pomocou\u00a0<\/span><strong data-start=\"559\" data-end=\"576\" style=\"caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: revert; white-space: normal;\">webov\u00e9ho \u00fa\u010dtu<\/strong><span style=\"caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: revert; white-space: normal;\">\u00a0a\u00a0<\/span><strong data-start=\"579\" data-end=\"616\" style=\"caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: revert; white-space: normal;\">MFA (Multi-Factor Authentication)<\/strong><span style=\"caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: revert; white-space: normal;\">. Tento scen\u00e1r sa vyu\u017e\u00edva najm\u00e4 v organiz\u00e1ci\u00e1ch, ktor\u00e9 prech\u00e1dzaj\u00fa na cloudov\u00fa spr\u00e1vu zariaden\u00ed a vy\u017eaduj\u00fa centr\u00e1lne overovanie identity.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Krok 1 \u2013 Nasadenie opera\u010dn\u00e9ho syst\u00e9mu Windows 11 v Azure<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Vytvorenie virtu\u00e1lneho po\u010d\u00edta\u010da<\/strong>\n<ul class=\"wp-block-list\">\n<li>V Azure Port\u00e1li prejdite na sekciu\u00a0<strong>Virtual machines \u2192 Create \u2192 Azure virtual machine<\/strong>.<\/li>\n\n\n\n<li>Vyberte predplatn\u00e9 (<strong>Subscription<\/strong>) a v poli\u00a0<strong>Resource group<\/strong>\u00a0vytvorte nov\u00fa skupinu, napr\u00edklad\u00a0<code>mhite-VM<\/code>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Definovanie in\u0161tan\u010dn\u00fdch parametrov<\/strong>\n<ul class=\"wp-block-list\">\n<li><strong>N\u00e1zov virtu\u00e1lneho po\u010d\u00edta\u010da:<\/strong>\u00a0<code>mhitew11<\/code><\/li>\n\n\n\n<li><strong>Regi\u00f3n:<\/strong>\u00a0zvo\u013ete napr\u00edklad\u00a0<code>(US) East US<\/code>\u00a0alebo najbli\u017e\u0161\u00ed regi\u00f3n k Eur\u00f3pe, napr\u00edklad \u201eWest Europe\u201c.<\/li>\n\n\n\n<li><strong>Availability options:<\/strong>\u00a0\u201eNo infrastructure redundancy required\u201c (v testovacom prostred\u00ed nie je potrebn\u00e1 vysok\u00e1 dostupnos\u0165).<\/li>\n\n\n\n<li><strong>Security type:<\/strong>\u00a0zvo\u013ete\u00a0<strong>Trusted launch virtual machine<\/strong>\u00a0\u2013 t\u00e1to mo\u017enos\u0165 aktivuje TPM 2.0 emul\u00e1ciu a zabezpe\u010den\u00fd boot, ktor\u00e9 s\u00fa po\u017eiadavkou Windows 11.<\/li>\n\n\n\n<li>Kliknite na\u00a0<strong>Configure security features<\/strong>\u00a0a overte, \u017ee je povolen\u00fd\u00a0<strong>Secure Boot<\/strong>\u00a0a\u00a0<strong>vTPM<\/strong>.<\/li>\n\n\n\n<li><strong>Image:<\/strong>\u00a0vyberte\u00a0<code>Windows 11 Pro, version 25H2 \u2013 x64 Gen2<\/code>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Architekt\u00fara a kompatibilita<\/strong>\n<ul class=\"wp-block-list\">\n<li>Pre syst\u00e9m Windows 11 Pro 25H2 je potrebn\u00e9 pou\u017ei\u0165\u00a0<strong>x64 architekt\u00faru<\/strong>.<\/li>\n\n\n\n<li>Azure automaticky upozorn\u00ed, \u017ee \u201eArm64 is not supported with the selected image\u201c. Tento krok potvrdzuje, \u017ee pou\u017e\u00edvate spr\u00e1vny typ in\u0161tancie.<\/li>\n\n\n\n<li><strong>Pokra\u010dovanie v sprievodcovi<\/strong><\/li>\n\n\n\n<li>V nasleduj\u00facich krokoch sprievodcu sa nastavuje:<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"773\" src=\"https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-1024x773.png\" alt=\"\" class=\"wp-image-1691\" srcset=\"https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-1024x773.png 1024w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-300x227.png 300w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-768x580.png 768w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-1536x1160.png 1536w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-16x12.png 16w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image.png 1830w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\"><strong>Krok 2 \u2013 Povolenie Entra ID autentifik\u00e1cie pri vytv\u00e1ran\u00ed virtu\u00e1lneho po\u010d\u00edta\u010da<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">V tomto kroku nastav\u00edme, aby sa pou\u017e\u00edvate\u013e mohol prihlasova\u0165 do syst\u00e9mu pomocou svojho&nbsp;<strong>Microsoft Entra ID \u00fa\u010dtu (Azure AD \u00fa\u010dtu)<\/strong>&nbsp;a n\u00e1sledne vyu\u017e\u00edva\u0165 viacfaktorov\u00e9 overenie (MFA).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Po\u010das vytv\u00e1rania virtu\u00e1lneho po\u010d\u00edta\u010da v Azure port\u00e1li prejdite do z\u00e1lo\u017eky&nbsp;<strong>Management<\/strong>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Zapnutie syst\u00e9movej spravovanej identity (System assigned managed identity)<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Toto nastavenie je nevyhnutn\u00e9, preto\u017ee umo\u017e\u0148uje, aby samotn\u00fd virtu\u00e1lny po\u010d\u00edta\u010d mal vlastn\u00fa identitu v Entra ID.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Za\u0161krtnite vo\u013ebu\u00a0<strong>Enable system assigned managed identity<\/strong>.<\/li>\n\n\n\n<li>Azure automaticky prirad\u00ed VM unik\u00e1tnu identitu, ktor\u00fa mo\u017eno pou\u017ei\u0165 na prihl\u00e1senie a autentifik\u00e1ciu vo\u010di slu\u017eb\u00e1m Azure.<\/li>\n\n\n\n<li>T\u00e1to identita bude nesk\u00f4r pou\u017eit\u00e1 aj pri aktiv\u00e1cii prihl\u00e1senia cez Entra ID.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"773\" src=\"https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-1-1024x773.png\" alt=\"\" class=\"wp-image-1692\" srcset=\"https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-1-1024x773.png 1024w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-1-300x227.png 300w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-1-768x580.png 768w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-1-1536x1160.png 1536w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-1-16x12.png 16w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-1.png 1830w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Vytvorenie DNS z\u00e1znamu pre pr\u00edstup k virtu\u00e1lnemu po\u010d\u00edta\u010du<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Aby sa pou\u017e\u00edvatelia mohli jednoducho a bezpe\u010dne prip\u00e1ja\u0165 na virtu\u00e1lny po\u010d\u00edta\u010d, je potrebn\u00e9 vytvori\u0165 DNS z\u00e1znam, ktor\u00fd bude zodpoveda\u0165 n\u00e1zvu a dom\u00e9ne va\u0161ej organiz\u00e1cie.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>1. Pre\u010do je DNS z\u00e1znam d\u00f4le\u017eit\u00fd<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Pri prihlasovan\u00ed cez&nbsp;<strong>RDP (Remote Desktop Protocol)<\/strong>&nbsp;sa pou\u017e\u00edvate\u013e autentifikuje pomocou&nbsp;<strong>Entra ID \u00fa\u010dtu<\/strong>&nbsp;\u2013 ten vy\u017eaduje, aby sa cie\u013eov\u00e9 zariadenie nach\u00e1dzalo v dom\u00e9ne, ktor\u00e1 zodpoved\u00e1 overenej organiz\u00e1cii (napr.&nbsp;<code>mhite.sk<\/code>).<br>T\u00fdmto sp\u00f4sobom sa zabezpe\u010d\u00ed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>d\u00f4veryhodn\u00e9 spojenie medzi zariaden\u00edm a dom\u00e9nou,<\/li>\n\n\n\n<li>\u00faspe\u0161n\u00e9 pou\u017eitie webov\u00e9ho prihl\u00e1senia (<a>https:\/\/login.microsoftonline.com<\/a>),<\/li>\n\n\n\n<li>spr\u00e1vne fungovanie viacfaktorov\u00e9ho overenia (MFA) pri prihlasovan\u00ed cez RDP.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>2. Vytvorenie DNS z\u00e1znamu<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">V prostred\u00ed DNS (napr. v&nbsp;<strong>Azure DNS Zone<\/strong>,&nbsp;<strong>Plesk<\/strong>,&nbsp;<strong>PowerDNS<\/strong>&nbsp;alebo inom spr\u00e1vcovi dom\u00e9ny) vytvorte nov\u00fd z\u00e1znam typu&nbsp;<strong>A (Address record)<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Pr\u00edklad konfigur\u00e1cie:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Typ z\u00e1znamu<\/th><th>N\u00e1zov (Host)<\/th><th>Hodnota (IP adresa)<\/th><th>TTL<\/th><\/tr><\/thead><tbody><tr><td>A<\/td><td><code>w11.mhite.sk<\/code><\/td><td><code>20.125.43.87<\/code><\/td><td>3600<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">\ud83d\udca1 IP adresa v pr\u00edklade predstavuje&nbsp;<strong>verejn\u00fa IP adresu virtu\u00e1lneho po\u010d\u00edta\u010da<\/strong>, ktor\u00fa z\u00edskate po jeho nasaden\u00ed v Azure v sekcii&nbsp;<strong>Networking \u2192 Public IP address<\/strong>.<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">Tento DNS z\u00e1znam zabezpe\u010d\u00ed, \u017ee pri zad\u00e1van\u00ed n\u00e1zvu&nbsp;<strong>w11.mhite.sk<\/strong>&nbsp;sa pou\u017e\u00edvate\u013e dostane priamo na v\u00e1\u0161 Azure VM, pri\u010dom prihl\u00e1senie bude realizovan\u00e9 prostredn\u00edctvom&nbsp;<strong>Microsoft Entra ID<\/strong>&nbsp;\u00fa\u010dtu.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Krok 3 \u2013 Nastavenie DNS suffixu v syst\u00e9me Windows 11<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Aby prihl\u00e1senie cez&nbsp;<strong>Microsoft Entra ID (Azure AD)<\/strong>&nbsp;fungovalo korektne, mus\u00ed ma\u0165 po\u010d\u00edta\u010d nakonfigurovan\u00fd rovnak\u00fd DNS suffix, ako je dom\u00e9na registrovan\u00e1 v Entra ID. Tento krok zabezpe\u010d\u00ed, \u017ee syst\u00e9m bude schopn\u00fd identifikova\u0165 zariadenie ako s\u00fa\u010das\u0165 d\u00f4veryhodnej dom\u00e9ny.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>1. Otvorenie nastaven\u00ed po\u010d\u00edta\u010da<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Na virtu\u00e1lnom po\u010d\u00edta\u010di sa prihl\u00e1ste lok\u00e1lnym \u00fa\u010dtom, ktor\u00fd ste zadali po\u010das nasadzovania VM, a n\u00e1sledne:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Kliknite prav\u00fdm tla\u010didlom na\u00a0<strong>This PC \u2192 Properties<\/strong><\/li>\n\n\n\n<li>Zvo\u013ete\u00a0<strong>Advanced system settings \u2192 Computer Name \u2192 Change \u2192 More&#8230;<\/strong><\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"420\" src=\"https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-2-1024x420.png\" alt=\"\" class=\"wp-image-1693\" srcset=\"https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-2-1024x420.png 1024w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-2-300x123.png 300w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-2-768x315.png 768w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-2-1536x631.png 1536w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-2-18x7.png 18w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-2.png 1768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>2. Nastavenie DNS suffixu<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">V okne&nbsp;<strong>DNS Suffix and NetBIOS Computer Name<\/strong>&nbsp;zadajte n\u00e1zov va\u0161ej dom\u00e9ny:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Primary DNS suffix of this computer: mhite.sk\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Nezabudnite ponecha\u0165 za\u0161krtnut\u00e9 pol\u00ed\u010dko:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\u2611 Change primary DNS suffix when domain membership changes\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">T\u00fdmto sp\u00f4sobom sa zabezpe\u010d\u00ed, \u017ee pln\u00fd n\u00e1zov po\u010d\u00edta\u010da (FQDN \u2013 Fully Qualified Domain Name) bude napr\u00edklad:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mhitew11.mhite.sk\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>3. Re\u0161tartovanie syst\u00e9mu<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Po potvrden\u00ed zmien kliknite na&nbsp;<strong>OK<\/strong>&nbsp;a syst\u00e9m v\u00e1s vyzve na re\u0161tart.<br>Po re\u0161tarte bude po\u010d\u00edta\u010d pou\u017e\u00edva\u0165 nov\u00fd DNS suffix, \u010do umo\u017en\u00ed spr\u00e1vne overenie identity cez Entra ID.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>4. Pre\u010do je tento krok potrebn\u00fd<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft Entra ID vy\u017eaduje, aby zariadenie malo rovnak\u00fd suffix ako organiz\u00e1cia, v ktorej je \u00fa\u010det registrovan\u00fd. Ak by bol suffix in\u00fd (napr\u00edklad \u201elocal\u201c alebo \u201einternal\u201c), syst\u00e9m by nevedel spr\u00e1vne zmapova\u0165 identitu zariadenia vo\u010di tenantovi v cloude, \u010do by sp\u00f4sobilo chybu pri prihlasovan\u00ed cez RDP.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">\ud83d\udca1&nbsp;<strong>Odpor\u00fa\u010dam:<\/strong><br>DNS suffix nech je v\u017edy v zhode s dom\u00e9nou uvedenou v Entra ID \u2013 napr\u00edklad&nbsp;<code>@mhite.sk<\/code>.<br>Ak m\u00e1 organiz\u00e1cia viacero dom\u00e9n, pou\u017eite t\u00fa, ktor\u00e1 je nastaven\u00e1 ako&nbsp;<strong>Primary Domain<\/strong>&nbsp;v Entra ID tenantovi.<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">V\u00fdborne, dopln\u00edme to ako&nbsp;<strong>Krok 5<\/strong>, ktor\u00fd sa t\u00fdka priradenia opr\u00e1vnen\u00ed pou\u017e\u00edvate\u013eom na prihl\u00e1senie do virtu\u00e1lneho po\u010d\u00edta\u010da cez Entra ID.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Krok 4 \u2013 Priradenie opr\u00e1vnen\u00ed na prihl\u00e1senie (RBAC roly)<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Aby sa pou\u017e\u00edvate\u013e mohol prihl\u00e1si\u0165 do virtu\u00e1lneho po\u010d\u00edta\u010da prostredn\u00edctvom&nbsp;<strong>Microsoft Entra ID<\/strong>, mus\u00ed ma\u0165 v Azure priraden\u00e9 spr\u00e1vne opr\u00e1vnenia. Azure vyu\u017e\u00edva&nbsp;<strong>RBAC (Role-Based Access Control)<\/strong>, ktor\u00e9 definuje, kto a ak\u00fdm sp\u00f4sobom m\u00f4\u017ee pristupova\u0165 k VM.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>1. Typy rol\u00ed pre prihl\u00e1senie<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Existuj\u00fa dve z\u00e1kladn\u00e9 roly ur\u010den\u00e9 na prihl\u00e1senie do VM pomocou Entra ID:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Virtual Machine Administrator Login<\/strong><br>Umo\u017e\u0148uje prihl\u00e1si\u0165 sa do syst\u00e9mu s administr\u00e1torsk\u00fdmi pr\u00e1vami (ekvivalent lok\u00e1lneho administr\u00e1tora).<br>T\u00fato rolu prira\u010fte pou\u017e\u00edvate\u013eom, ktor\u00ed bud\u00fa spravova\u0165 VM, in\u0161talova\u0165 softv\u00e9r alebo meni\u0165 konfigur\u00e1cie syst\u00e9mu.<\/li>\n\n\n\n<li><strong>Virtual Machine User Login<\/strong><br>Umo\u017e\u0148uje prihl\u00e1si\u0165 sa do syst\u00e9mu ako be\u017en\u00fd pou\u017e\u00edvate\u013e bez administr\u00e1torsk\u00fdch pr\u00e1v.<br>T\u00fato rolu pou\u017eite pre \u0161tandardn\u00fdch pou\u017e\u00edvate\u013eov, ktor\u00ed bud\u00fa VM pou\u017e\u00edva\u0165 na pr\u00e1cu, testovanie alebo vzdialen\u00fd pr\u00edstup.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>2. Postup priradenia role<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>V Azure port\u00e1li prejdite na:<code>Virtual Machines \u2192 <n\u00e1zov v\u00e1\u0161ho VM> \u2192 Access control (IAM)<\/code><\/li>\n\n\n\n<li>Kliknite na\u00a0<strong>Add \u2192 Add role assignment<\/strong>.<\/li>\n\n\n\n<li>V poli\u00a0<strong>Role<\/strong>\u00a0vyberte bu\u010f:\n<ul class=\"wp-block-list\">\n<li><em>Virtual Machine Administrator Login<\/em>, alebo<\/li>\n\n\n\n<li><em>Virtual Machine User Login<\/em>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>V sekcii\u00a0<strong>Members<\/strong>\u00a0kliknite na\u00a0<strong>+ Select members<\/strong>\u00a0a vyberte pou\u017e\u00edvate\u013ea z Entra ID.<br>(V pr\u00edklade je to\u00a0<code>hasin@mhite.sk<\/code>.)<\/li>\n\n\n\n<li>Potvr\u010fte v\u00fdber kliknut\u00edm na\u00a0<strong>Review + assign<\/strong>.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"109\" src=\"https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-3-1024x109.png\" alt=\"\" class=\"wp-image-1694\" srcset=\"https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-3-1024x109.png 1024w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-3-300x32.png 300w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-3-768x82.png 768w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-3-1536x163.png 1536w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-3-2048x218.png 2048w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-3-18x2.png 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<h4 class=\"wp-block-heading\"><strong>3. Overenie priradenia<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Po priraden\u00ed role by sa pou\u017e\u00edvate\u013e mal zobrazi\u0165 v zozname pr\u00edstupov:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Pou\u017e\u00edvate\u013e<\/th><th>Typ pr\u00edstupu<\/th><th>Rola<\/th><\/tr><\/thead><tbody><tr><td><a href=\"mailto:hasin@mhite.sk\">hasin@mhite.sk<\/a><\/td><td>User<\/td><td>Virtual Machine Administrator Login<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">\ud83d\udca1&nbsp;<strong>Odpor\u00fa\u010dam:<\/strong><br>Pre testovacie prostredie najsk\u00f4r prira\u010fte rolu&nbsp;<em>Administrator Login<\/em>, aby ste mali pln\u00fd pr\u00edstup a mohli overi\u0165 funk\u010dnos\u0165 prihl\u00e1senia cez Entra ID.<br>Nesk\u00f4r m\u00f4\u017eete rolu zmeni\u0165 na&nbsp;<em>User Login<\/em>&nbsp;pod\u013ea potreby.<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">Perfektne \u2013 toto je posledn\u00fd krok, ktor\u00fd opisuje samotn\u00e9 prihl\u00e1senie pou\u017e\u00edvate\u013ea do virtu\u00e1lneho po\u010d\u00edta\u010da pomocou&nbsp;<strong>Microsoft Entra ID \u00fa\u010dtu<\/strong>&nbsp;cez RDP. Dopln\u00edm ho ako&nbsp;<strong>Krok 6<\/strong>&nbsp;\u010dl\u00e1nku.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Krok 6 \u2013 Prihl\u00e1senie cez RDP klienta pomocou Entra ID \u00fa\u010dtu<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Po \u00faspe\u0161nom priraden\u00ed opr\u00e1vnen\u00ed v Azure a konfigur\u00e1cii DNS suffixu je mo\u017en\u00e9 prihl\u00e1si\u0165 sa do virtu\u00e1lneho po\u010d\u00edta\u010da cez&nbsp;<strong>Remote Desktop Connection (RDP)<\/strong>&nbsp;pomocou&nbsp;<strong>Microsoft Entra ID<\/strong>&nbsp;\u00fa\u010dtu s podporou&nbsp;<strong>webov\u00e9ho prihl\u00e1senia a MFA<\/strong>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>1. Spustenie RDP klienta<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Na svojom lok\u00e1lnom zariaden\u00ed otvorte aplik\u00e1ciu&nbsp;<strong>Remote Desktop Connection (mstsc.exe)<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Do po\u013ea&nbsp;<strong>Computer<\/strong>&nbsp;zadajte DNS n\u00e1zov virtu\u00e1lneho po\u010d\u00edta\u010da, napr\u00edklad:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mhitew11.mhite.sk\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>2. Nastavenie autentifik\u00e1cie<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Kliknite na&nbsp;<strong>Show Options \u2192 Advanced<\/strong>&nbsp;a v sekcii&nbsp;<strong>User authentication<\/strong>&nbsp;za\u0161krtnite mo\u017enos\u0165:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\u2611 Use a web account to sign in to the remote computer\n<\/code><\/pre>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"808\" height=\"948\" src=\"https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-4.png\" alt=\"\" class=\"wp-image-1695\" srcset=\"https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-4.png 808w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-4-256x300.png 256w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-4-768x901.png 768w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-4-10x12.png 10w\" sizes=\"auto, (max-width: 808px) 100vw, 808px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">T\u00fdmto aktivujete prihl\u00e1senie cez&nbsp;<strong>webov\u00e9 rozhranie Microsoft identity platform<\/strong>.<br>Pri nadviazan\u00ed pripojenia sa otvor\u00ed okno, v ktorom sa pou\u017e\u00edvate\u013e prihl\u00e1si svoj\u00edm&nbsp;<strong>Entra ID \u00fa\u010dtom<\/strong>&nbsp;(napr.&nbsp;<code>meno@mhite.sk<\/code>) a dokon\u010d\u00ed&nbsp;<strong>viacfaktorov\u00e9 overenie (MFA)<\/strong>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>3. Overenie spojenia<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Po \u00faspe\u0161nom prihl\u00e1sen\u00ed syst\u00e9m na\u010d\u00edta pou\u017e\u00edvate\u013esk\u00fd profil a zobraz\u00ed pracovn\u00fa plochu Windows 11.<br>V \u010dasti&nbsp;<strong>Start \u2192 Settings \u2192 Accounts \u2192 Access work or school<\/strong>&nbsp;m\u00f4\u017eete overi\u0165, \u017ee zariadenie je pripojen\u00e9 k Microsoft Entra ID.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"819\" src=\"https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-6-1024x819.png\" alt=\"\" class=\"wp-image-1697\" srcset=\"https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-6-1024x819.png 1024w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-6-300x240.png 300w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-6-768x614.png 768w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-6-15x12.png 15w, https:\/\/virtualall.sk\/wp-content\/uploads\/2025\/10\/image-6.png 1210w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<h4 class=\"wp-block-heading\"><strong>4. Rie\u0161enie probl\u00e9mov s pripojen\u00edm<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Ak sa prihlasovanie nepodar\u00ed, skontrolujte:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u010di m\u00e1 pou\u017e\u00edvate\u013e priraden\u00fa rolu\u00a0<code>Virtual Machine Administrator Login<\/code>\u00a0alebo\u00a0<code>User Login<\/code>,<\/li>\n\n\n\n<li>\u017ee DNS suffix (<code>mhite.sk<\/code>) je spr\u00e1vne nastaven\u00fd,<\/li>\n\n\n\n<li>\u017ee VM je zaregistrovan\u00fd v Entra ID (v port\u00e1li Azure \u2192 Devices \u2192 All Devices),<\/li>\n\n\n\n<li>\u017ee v RDP je povolen\u00e1 vo\u013eba\u00a0<strong>Use a web account<\/strong>.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">\ud83d\udca1&nbsp;<strong>Odpor\u00fa\u010dam:<\/strong><br>Ak pou\u017e\u00edvate najnov\u0161ie verzie Windows 11 alebo RDP klienta, webov\u00e9 prihl\u00e1senie je plne integrovan\u00e9 a podporuje aj bezpe\u010dnostn\u00e9 prvky ako&nbsp;<strong>Conditional Access<\/strong>&nbsp;alebo&nbsp;<strong>FIDO2 k\u013e\u00fa\u010de<\/strong>.<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p><!--:sk-->Ako nasadi\u0165 Windows 11 v Azure s Entra ID prihl\u00e1sen\u00edm? Kompletn\u00fd n\u00e1vod: vytvorenie VM s Trusted Launch, povolenie Managed Identity, konfigur\u00e1cia DNS suffixu, priradenie RBAC rol\u00ed (Virtual Machine User\/Administrator Login), RDP prihl\u00e1senie s MFA overen\u00edm cez web account.<!--:--><!--:en-->How to deploy Windows 11 in Azure with Entra ID login? Complete guide: creating VM with Trusted Launch, enabling Managed Identity, DNS suffix configuration, assigning RBAC roles (Virtual Machine User\/Administrator Login), RDP login with MFA verification via web account.<!--:--><\/p>\n","protected":false},"author":1,"featured_media":1699,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[86,65],"tags":[87],"class_list":["post-1690","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure","category-windows","tag-azure"],"_links":{"self":[{"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/posts\/1690","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/comments?post=1690"}],"version-history":[{"count":8,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/posts\/1690\/revisions"}],"predecessor-version":[{"id":2059,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/posts\/1690\/revisions\/2059"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/media\/1699"}],"wp:attachment":[{"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/media?parent=1690"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/categories?post=1690"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/tags?post=1690"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}