Sure, you can use Powershell Desired State Configuration, but let's say you don't want to. Use PSRemoting.
Create a domain using Azure Active Directory Domain Services. Create a user, put them in AAD DC Administrators group in Azure AD. Change their password.
Note: AADDS copies all users and groups from Azure Active Directory. In order to authenticate to the new domain, the password must be changed. This is a security feature. How would you feel if Azure was able to copy your password? Not good, eh?
Once that's complete, let's join a VM to the new domain. Create a VM, ensure it can route/connect to the same network the AADDS servers were provisioned in.
Open Azure Cloudshell and choose Powershell.
Save powershell as .ps1 file and upload to Cloudshell.
Execute and follow prompts.
Connect-AzAccount -UseDeviceAuthentication
$vmName = Read-host "VM Name?"
$rgName = Read-host "Resource Group Name?"
Write-Host "Enabling PSRemoting and disabling Cert checking..." -ForegroundColor Green
Install-Module pswsman -Force
Disable-WSManCertVerification -All
Enable-AZVMPSRemoting -Name $vmName -ResourceGroupName $rgName -Protocol https -OsType Windows
Write-Host "Adding VM to Domain and rebooting..." -ForegroundColor Green
Invoke-AzVMCommand -Name $vmName -ResourceGroupName $rgName -ScriptBlock {
Add-Computer -DomainName "domain.com" -restart -force -confirm;
} -Credential (Get-Credential)