A typical IT department of a large enterprise needs to enable users to easily connect to the various enterprise resources while ensuring that security is maintained across the entire ecosystem. In many cases, enterprises provide specifically preconfigured computing devices, such as laptops, to their employees which the employees use to access the applications and other corporate resources used for work. This typically means that the organization not only needs to purchase all of these numerous devices but must also expend substantial resources to manage them, repair them and the like. One alternative that has been proposed is sometimes referred to as “Bring Your Own Device” (BYOD), where employees are allowed to bring their own devices and are asked to merely add the software specified by the enterprise to those devices. After installing the necessary software, the employee is permitted to bring their own individually owned device to work and utilize it as a work device to access privileged company information and applications (many of which are located on the corporate network). In one possible implementation of BYOD, individual users install a hypervisor on their computing device which is used to execute virtual machines and one or more of those virtual machines is provided by the organization to be used for accessing enterprise resources. Hypervisors enable the creation and execution of virtual machines (VMs), which are software emulations of real physical computers. Each VM may include its own guest operating system, applications and configuration, similar to a physical computer. In a BYOD implementation mentioned above, a single user's computer may be running separate VMs to represent their “personal computer” and their “work computer” which might contain sensitive data of the organization and so on. In some cases, the user can simply download the VM configured as their “work computer” over a remote network connection (e.g. Internet), which can be useful in situations where the user is working remotely.
In both the BYOD scenario and in more conventional situations where the enterprise provides actual physical devices to its users, each device typically needs to be first configured to join the domain of the enterprise. This is done mostly for security reasons to ensure that persons outside of the organization cannot access internal private enterprise resources. Conventionally, to complete the domain join and other security configuration of the device, the device typically needs to be connected to the local network of the enterprise at least once. After all of the configurations are complete and the device is trusted, the user may login remotely during future logins (e.g. via a VPN connection or the like). In some cases, this requirement of local connectivity may turn out to be fairly inconvenient, especially in situations where the user may be geographically located far away from the physical premises of the organization. Some solutions have been attempted to enable a full domain join and security configuration over remote connections, however such solutions have either been incomplete, required technologies such as Virtual Private Network (VPN) access, DirectAccess (Unified Remote Access), Read Only Domain Controller (RODC), which are not always readily available, or have simply been inconvenient for other reasons.