Remote desktop broker for Entra ID devices

Problem Context

Engineering firms and IT teams use physical desktops for heavy workloads but need remote access for hybrid work. They rely on Citrix for remote access, but Citrix requires domain join, which conflicts with their move to Entra ID and Autopilot for laptops. This creates a split management system—laptops on modern cloud-based tools, desktops stuck with legacy AD-dependent solutions—adding complexity and admin overhead.

Pain Points

Citrix blocks full Intune/Autopilot adoption for desktops because it requires domain join, which breaks Entra ID-only setups. Manual workarounds like hybrid join are unreliable, and alternatives like RDP lack brokered multi-monitor/GPU support. Admins waste time on manual imaging, co-management, and troubleshooting unreliable hybrid joins, while users lose seamless remote access when working from home.

Impact

The split system wastes IT time (5+ hours/week on manual imaging and co-management), delays IT modernization, and risks security gaps from mixed management tools. Remote workers face unreliable access, and the firm misses cost savings from fully cloud-based device management. Long-term, this creates technical debt as the organization grows and more teams adopt Entra ID.

Urgency

This is urgent because the firm cannot fully adopt Intune/Autopilot—a key goal for reducing IT complexity—until they replace Citrix. Every month spent in this hybrid state means continued manual work, higher costs, and a fragmented IT environment. The problem also risks slowing hiring or expansion, as onboarding new employees requires manual desktop setup instead of zero-touch Autopilot.

Target Audience

IT administrators in engineering firms, manufacturing companies, and other industries with heavy workstation users. Also targets MSPs managing similar environments, as well as mid-sized companies (50–1,000 employees) that have partially migrated to Entra ID but still rely on Citrix for desktop access. Firms using Autopilot for laptops but stuck with legacy tools for desktops will face this exact pain point.

Solution Approach

A lightweight broker service that replaces Citrix for remote access to physical desktops while working seamlessly with Entra ID and Autopilot. It uses direct RDP (no VDI performance hit) and authenticates users via Entra ID—no domain join required. The solution deploys via Intune for zero-touch setup, eliminating manual imaging and co-management. Admins get a simple dashboard to manage users and policies, while end users experience Citrix-like remote access without the legacy dependencies.

Key Features

1. Direct RDP Passthrough: Sessions use native RDP with multi-monitor and GPU support, matching Citrix performance for engineering workloads.
2. Intune Deployment: A PowerShell script installs the lightweight agent during Autopilot setup, making it zero-touch for admins.
3. Policy Enforcement: Admins set time limits, MFA requirements, and device compliance rules (e.g., only allow access from managed devices).

User Experience

End users open the broker app (or use a web portal) and log in with their Entra ID. They select their desktop from a list and connect—just like Citrix, but faster and without performance lag. Admins see a dashboard with active sessions, user access logs, and policy violations. No manual RDP setup or VPN hassles; remote access works as reliably as their on-prem desktops. IT teams save hours per week by eliminating manual imaging and hybrid join troubleshooting.

Differentiation

Unlike Citrix (which requires AD) or RDP brokers (which lack Entra ID support), this solution is designed specifically for the hybrid scenario: physical desktops + Entra ID + Autopilot. It avoids VDI performance issues by using direct RDP, and it integrates natively with Intune for deployment—something no existing tool does. Competitors either force you to keep AD (Citrix) or don’t support modern device management (RDP brokers). This fills the gap with a purpose-built, cloud-native alternative.

Scalability

The broker service scales horizontally in the cloud, handling thousands of users with no performance degradation. The agent is lightweight and resource-efficient, so it won’t impact desktop performance even on high-end workstations. Pricing scales per user, so firms pay only for active remote access seats. Over time, the product can add features like session recording, advanced analytics, or integration with other Microsoft 365 tools—all while keeping the core value prop intact.

Expected Impact

Firms can finally fully adopt Intune/Autopilot for all devices, reducing IT complexity and manual work. Remote access becomes as reliable as Citrix but without the legacy dependencies, cutting admin time by 80% or more. Users get seamless hybrid work without performance trade-offs, and the organization avoids the technical debt of a split management system. The solution also future-proofs IT infrastructure, as it works with modern identity and device management—unlike Citrix, which is becoming obsolete in cloud-first environments.