Blog Post

Azure Virtual Desktop Blog
1 MIN READ

Announcing public preview of SSO and passwordless authentication for Azure Virtual Desktop

DavidBelanger's avatar
DavidBelanger
Icon for Microsoft rankMicrosoft
Sep 26, 2022

Today we’re announcing the public preview for enabling an Azure AD-based single sign-on experience and support for passwordless authentication, using Windows Hello and security devices (like FIDO2 keys). With this preview, you can now:

  • Enable a single sign-on experience to Azure AD-joined and Hybrid Azure AD-joined session hosts when using the Windows and the web clients
  • Use passwordless authentication to sign in to the host using Azure AD
  • Use passwordless authentication inside the session when using the Windows client
  • Use third-party Identity Providers (IdP) that integrate with Azure AD to sign in to the host

 

New Azure AD authentication RDP property in the Azure Virtual Desktop portal.

 

Getting started

This new functionality is currently available on Windows 10, Windows 11 and Windows Server 2022 session hosts, once you’ve installed the September Cumulative Update Preview.

  • Want a quick overview of the new functionality? Watch this intro video on Azure Academy!
  • To get started with single sign-on, follow the instructions to Configure single sign-on which will guide you in enabling the new authentication protocol.
  • To start using Windows Hello and FIDO2 keys inside the session, follow the instructions for In-session passwordless authentication to use the new WebAuthn redirection functionality.
  • Learn more about the supported authentication methods for Azure Virtual Desktop, including single sign-on on our Identities and authentication page.
Updated Sep 26, 2022
Version 1.0
updates
  • DavidBelanger's avatar
    DavidBelanger
    Icon for Microsoft rankMicrosoft
    Jul 13, 2023

    Samz111992 Thanks for checking in. We're currently aiming for late Q3/early Q4. The 2 main items we want to wrap up before GA are the ability to hide the consent prompt and we're moving the session host authentication to the Azure Virtual Desktop app instead of the Microsoft Remote Desktop one. This will ensure consistent CA/MFA requirements between the AVD gateway and session host and simplify CA configuration.

     

    David

  • LiamBowers's avatar
    LiamBowers
    Copper Contributor
    Feb 21, 2023

    Is there a projected date for GA yet? This is awesome progress on something that has felt like a massive hole in the offering until now. 

  • DavidBelanger's avatar
    DavidBelanger
    Icon for Microsoft rankMicrosoft
    Sep 29, 2022

    M_Wilkinson_ Yes, we do plan to support this for peer-to-peer connections. You can have a first look at MSTSC on the Advanced tab where you can enable the feature. We don't have public documentation just yet to explain the details of how to use it but it's coming.

  • Chris-Yue's avatar
    Chris-Yue
    Iron Contributor
    Sep 29, 2022

    Will we see this surface through to those that use Citrix Cloud by any chance?

     

  • M_Wilkinson_'s avatar
    M_Wilkinson_
    Copper Contributor
    Sep 29, 2022

    Wishful thinking but can this functionality be brought to non AVD environments?

     

    Traditional HADDJ/AAD devices would benefit from this.

  • DavidBelanger's avatar
    DavidBelanger
    Icon for Microsoft rankMicrosoft
    Sep 28, 2022

    ChrisTout6DG We're hoping to bring this to general availability in the first half of 2023 so we have time to gather feedback (please report on your experience), hide the consent prompt and complete any remaining work.