# Extended Guide ## Prerequisites * [ ] Windows PowerShell * [ ] Azure subscription (at least Contributor rights on that subscription) * [ ] Azure owner rights (at least on Resource Group level) * [ ] Microsoft Entra ID "Global administrator" (Consent to access Graph API) ## Azure Resource Overview | Type | Description | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------- | | Application Insights | Optionally stores LAPS-related audit and access events. | | Automation Account | Hosts RealmJoin runbooks and related automation tasks. | | Key Vault | Stores LAPS passwords securely in your Azure environment. | | Log Analytics Workspace | Stores RealmJoin audit logs, archived runbook logs, and optional reporting data. | | Storage Account | Provides storage for optional Workplace Cloud Storage features such as favorites, files, and Outlook signature templates. | {% stepper %} {% step %} #### Onboard the RealmJoin Portal Onboarding onto the RealmJoin Portal will establish the initial connection to RealmJoin. Administrators will be able to choose from the Quick or Advanced Setup once complete. This guide continues with the **Advanced Setup** path. {% content-ref url="/pages/TH5ltCfKQq46OCm4Q6G2" %} [Onboarding](/realmjoin-deployment/onboarding-realmjoin-portal.md) {% endcontent-ref %} {% endstep %} {% step %} #### Proceed with the Advanced Setup Use **Advanced Setup** to deploy RealmJoin with granular permission control. You can add or remove permissions later with the RealmJoin PowerShell module. {% content-ref url="/pages/aM3XHiiAsUIHKzD2Lled" %} [Advanced Setup](/realmjoin-deployment/onboarding-realmjoin-portal/advanced-setup.md) {% endcontent-ref %} {% endstep %} {% step %} #### Establish Group Permissions Assign RealmJoin access through Entra groups. Use built-in roles for standard access or create custom roles for stricter control. {% hint style="warning" %} Assign permissions carefully. Some roles grant **elevated access** in RealmJoin Portal {% endhint %} {% content-ref url="/pages/O9C3aUU8SqYnRfq85BAs" %} [Pre-defined Roles](/realmjoin-settings/permission/pre-defined-roles.md) {% endcontent-ref %} {% content-ref url="/pages/IVfhCi6AQlLrInlb0rPI" %} [Custom Roles](/realmjoin-settings/permission/custom-roles.md) {% endcontent-ref %} {% endstep %} {% step %} #### Set up the RealmJoin Agent Install the RealmJoin Agent on Windows devices to unlock agent-based features such as application lifecycle management, RealmJoin ESP, LAPS, notifications, AnyDesk integration, audit tasks, and compliance checks. If you do not need the agent, continue to the next relevant step. {% content-ref url="/pages/HMKELYXl8Ouf0RLabchl" %} [Deploying the Agent](/realmjoin-agent/installation.md) {% endcontent-ref %} {% endstep %} {% step %} #### Set up optional RealmJoin Agent add-ons Enable optional add-ons that require additional configuration after the agent is installed. Use this step if you want to extend the agent with: * **LAPS** for managed local admin accounts, password rotation, and secure password storage * **AnyDesk Integration** for remote support workflows directly from RealmJoin Portal If you do not need these add-ons, continue to the next step. {% content-ref url="/pages/ZZEe7EpGe2H2R8R3cVVP" %} [Local Admin Password Solution (LAPS)](/realmjoin-agent/realmjoin-client/local-admin-password-solution-laps.md) {% endcontent-ref %} {% content-ref url="/pages/7KKYiTUw8ofVTRNkDMqr" %} [AnyDesk Integration](/realmjoin-agent/realmjoin-client/anydesk-integration.md) {% endcontent-ref %} {% endstep %} {% step %} #### Connect Azure Automation Connect Azure Automation to enable runbooks and remediation scripts. These features automate recurring administrative tasks, reduce manual effort, and improve traceability. {% content-ref url="/pages/AR3xCOpDeW8R544P1CPT" %} [Connecting Azure Automation](/automation/connecting-azure-automation.md) {% endcontent-ref %} {% endstep %} {% step %} #### Connect Azure Log Analytics Workspace Connect a Log Analytics Workspace to store RealmJoin audit data and runbook execution logs. This also enables integrations such as Windows Update for Business reporting. {% content-ref url="/pages/6eNVb62uA6Ogi6yjhKRd" %} [Connecting Azure Log Analytics Workspace](/logs/log-analytics.md) {% endcontent-ref %} {% endstep %} {% step %} #### Deploy Packages RealmJoin Portal provides and maintains a large library of ready-to-use packages for Windows and macOS. When deploying packages, first decide whether the application should be delivered through **Microsoft Intune** or through the **RealmJoin Agent**. This depends on your deployment model and whether you want to use agent-based features. For new applications, start with a **pilot group** before assigning packages broadly. If a newer package version is available, you can test it as a **Preview** before promoting it into production. Once validation is complete, you can enable **update automation** for ongoing lifecycle management. If a required application is not available in the Package Store, use **Packaging Requests** to request a generic, custom, or organic package for your environment. A typical rollout is: import package → configure assignments → test with pilot users or devices → enable automation. {% content-ref url="/pages/qujii1DZUl1kXifaINjB" %} [Package Store](/app-management/packages/package-store.md) {% endcontent-ref %} {% content-ref url="/pages/yQVOjSbUC2pGkJz3PC4l" %} [Package Management Overview](/app-management/packages/package-management.md) {% endcontent-ref %} {% content-ref url="/pages/dybUrRL6OuX8Itod5RAQ" %} [Package Configuration and Assignments](/app-management/packages/package-deployment.md) {% endcontent-ref %} {% content-ref url="/pages/FqMbSqsnYnENrt2DqzsH" %} [Packaging Requests](/app-management/packages/packaging-requests.md) {% endcontent-ref %} {% endstep %} {% step %} #### Configure optional platform features After the core setup is complete, you can enable additional features for daily operations. **Workplace Cloud Storage** connects an Azure Storage Account to the RealmJoin Portal. Once connected, administrators can: * Manage favorites for Edge and Google Chrome * Store backgrounds and other files with a publicly accessible URL * Store Outlook signature templates {% content-ref url="/pages/heG4AaGnHYV68cFPuwJB" %} [Workplace Cloud Storage](/realmjoin-settings/workplace-cloud-storage.md) {% endcontent-ref %} **Self Service Forms** are a convenient way to collect structured data from users. This can be used to let users report incidents or indicate changes, like the need for a new workplace setup in an office. {% content-ref url="/pages/jRclcF9bEknJAxZDT9Nb" %} [Self Service Forms](/realmjoin-settings/self-service-forms.md) {% endcontent-ref %} **Group namespaces** assist the RealmJoin Portal in sorting groups into different categories based off a specified prefix. The RealmJoin Portal includes default group namespaces, however additional namespaces may be added. {% content-ref url="/pages/zCocP0Gjiy1FiibGx0q5" %} [Group Namespaces](/realmjoin-settings/groups.md) {% endcontent-ref %} The **Software Report** aggregates data from the RealmJoin Agent and Intune to provide a list of all applications, their versions and the method of deployment. {% content-ref url="/pages/mCeyb7oglPHaMdF6as0y" %} [Software Reporting](/app-management/software-reporting.md) {% endcontent-ref %} {% endstep %} {% endstepper %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.realmjoin.com/realmjoin-deployment/getting-started/extended-guide.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.