This article explores how you can move your workload into the Azure cloud using Azure RemoteApp and Azure AD Domain Services.
Azure RemoteApp (ARA) allows you to create a domain-joined collection; this is done so your remote applications run on domain-joined computers and can access other resources using Windows Authentication.
If you want remote applications connecting back to your on-premises environment, you should not use Azure AD Domain Services – instead you should configure a site to site connection between Azure and on-premises and use that with ARA. ARA will then join its computers to your on-premises domain controller and users will be able to access your on-premises resources.
However, if your entire workload is being lift-and-shifted into Azure and there is no need to connect back to the on-premises domain, Azure AD Domain Services may be the right solution for you. Instead of connecting ARA back to your on-premises you will place it in the same VNet as Azure AD Domain Services and your other resources. Remote applications will be able to authenticate and access resources within that virtual network.