Forum Widgets
Latest Discussions
Need advice on the architecture of a setup
I need a bit of a sanity check on something as I have been reading through documentation and not entirely sure if this is possible. We have a Microsoft Azure/365 tenant and all of our identities are currently Cloud-only. We recently decommissioned the last of our domain controllers, which used to be hosted in Azure. There is now a requirement to provide a small AVD environment, 5 users to pilot initially, with the ability to be able to scale up if this is successful. We want to be able to use FSLogix to store user profiles. We want to avoid going back to having a DC in Azure if possible, so considered using Entra ID Domain Services instead. I have since: Deployed an instance of Entra DS - Standard SKU Configured Synchronisation and filtered its scope to a specific Security Group containing only a test account initially. Reset the password on the test account as a pre-requisite for PW Hash Sync. Created a pooled Host Pool, added a single SH (W11 24H2 Multisession) and joined it to Entra ID. Created a Premium storage account, provisioned a share, configured identity-based access with Microsoft Entra Domain Services, added the relevant IAM roles to the storage account using the relevant security group. Created a Private Endpoint and DNS zone for access to the storage account. Configured Entra ID SSO using Microsoft Graph explorer, added the correct RDP property. I got to a point where I can happily sign in to the Session host using either Web or Windows Client, haven't even started configuring FSLogix at this stage. Wanted to make sure I could access the storage account first, so browse to the UNC path e.g. storageaccountname.file.core.windows.net and get prompted for credentials. When I manually enter credentials (and these are the exact same as I'm using to sign in to the Session Host, e.g. email address removed for privacy reasons / password) I get the expected access, but obviously don't want to be entering these manually. So I guess my question is: is SSO to a storage account configured to authenticate with Entra DS possible from an Entra ID Joined VM possible, or would I be better off joining the VM to Entra DS instead? I think I'm either missing a simple step or designing this in a way that won't work. Any help would be greatly appreciated.
Windows App, pasting files hangs OS
Hi all, We’re experiencing an intermittent but frustrating issue when using the Windows App to connect to our Azure Virtual Desktop environment. Issue: When users attempt to copy and paste certain files from their local machine to the remote session, the operating system on the remote side hangs. The mouse still moves, and the clock continues to tick, but: -Start menu becomes unresponsive -Taskbar icons stop registering clicks -Desktop icons are frozen -No error messages appear This occurs sporadically and seems to affect files of varying sizes and types — 100KB up to 20MB. What we've tried: -Updating the Windows App to the latest version -Verifying clipboard redirection is enabled -Using MSTSC, and the Remote Desktop Store App. These work but don't support Session Pools, Remote -Apps, or SSO. -Using RemoteDesktop_1.2.6228.0 (MSI Install) Has the same issue as Windows App Environment: -Remote app hosted in Azure Virtual Desktop (AVD) -Users connecting from Windows 10/11 clients -Windows App version: 2.0.419.0, 2.0.420.0, and 2.0.500.0 All ideas welcome - is a major disruption to our business processes.
RDS HTML5 WebClient - WebSocket issues on reconnection
Hi Everyone - Currently have an RD farm deployed to roughly 1000 users utilising azure app proxy and RD Web HTML5 client. This seems to work ok besides some issues with random disconnections. This wouldn't be much of an issue if a user was disconnected and it reconnected, but I am experiencing an issue and this has been an issue since rollout. The webclient will attempt to reconnect 10 times and fail, the user then has to click the reconnect button for their session to come back. The error in the troubleshooting logs provided by the user show: 2025-06-16T18:32:25.631Z Connection(ERR): The connection generated an internal exception with disconnect code=ConnectionBroken(8), extended code=<null>, reason=WebSocket closed with code: 1006 reason: Thrown in thread 1440032 at: websockettransport.cpp(335) Call Stack: at invoke_iiiiii at https://redacted/RDWeb/WebClient/static/librdp/librdphtml.5e634d6d7f9728ab68c3.wasm:wasm-function[11989]:0x3cf63f at invoke_vii at https://redacted/RDWeb/WebClient/static/librdp/librdphtml.5e634d6d7f9728ab68c3.wasm:wasm-function[1067]:0x4fede Any help would be amazing, I'm at a dead end with this.
WVD and Zscaler App
Has anyone had an issue running Zscaler with WVD? Or has anyone been succesful? At the moment, Zscaler is totally killing our WVD pilot. We run the app version of Zscaler that runs on the client and it seems to be unhappy with some of the WVD components and how they talk to Azure. We are working with Zscaler support, but so far no luck. So I'm wondering if anyone else has experienced issues with Zscaler and WVD.
Single-Sign On
After troubleshooting an issue for a customer, we determined that the prerequisites for enabling SSO at the AVD host pool level is not strictly enforced when a user goes to execute the SSO workflow from MSRDC or the Windows App. Meaning, that if an administrator does not enable the -IsRemoteDesktopEnabled flag on the Service Principals "Microsoft Remote Desktop" and "Windows Cloud Login" respectively. Setup: Deploy Entra ID Joined session hosts to a host pool and enable the "Microsoft Entra single sign-on" RDP property to "Connections will use Microsoft Entra authentication to provide single sign-on" or update the RDP connection string with 'enablerdsaadauth:i:1'. Result: User will not receive the 'Windows Security' dialog box to access the session host with their Entra ID credentials. Caveat: Be aware that to sign in with Entra ID credentials, minimally, the host pool RDP settings must contain 'targetisaddjoined:i:1'. Microsoft states this is going away and blending into 'enablerdsaadauth:i:1', which also enables SSO. It seems a bit odd of a move in my opinion and having two separate RDP properties makes sense if a company does not want SSO. But it is in alignment with Microsoft's push for passwordless authentication. For the Microsoft AVD team, why does this behavior exist and is it on the roadmap to be fixed if it's a known gap?
AVD
Hi MS Tech Community, We are trying to setup a pilot AVD for 20 users who would belong to either one of the application pool ( Pool A or Pool B. Pool A would need applications - App1 and App2. Pool B would need applications - App1 , App2 and App3. They are on active directory and connected to Microsoft Entra via Microsoft Entra connect. They have a set of 20 LOB applications and need to be converted to MSIX format and then converted to .cim image for mounting onto app attach. They would like the applications to be listed in the desktop rather then separate applications outside desktop. Currently I have few questions that I would like to clear so we do the things step by step. How many host pool do we need and how many session hosts ( we have thought of 1 host pool and 2 session hosts )? How many application groups do we need? Currently we noticed that a default desktop type application group is created when we create host pool, Is that the only host pool we need or do we need to create seperate desktop type host pools? How do we attach applications in desktop type application group as we currently see one application session-host inside the application group? Any responses would be highly appreciated.AVD that are based in the US are somehow being provided with a UK ip address by Microsoft
AVD that are based in the US are somehow being provided with a UK ip address by Microsoft. We came to know this because some external clients are sharing documents to some of our users. They have a conditional policy to block access outside US and our users are being restricted. Came to know that the AVDs IP are somewhat being provided with a UK ip address by Microsoft.
Implement SSO for rds web client HTML 5
Hi everyone, I have deployed a new RDS on Windows Server 2019. 1 server with connection broker, gateway, web server and licensing role installed. I have recently deployed the new RDS HTML5 web client for a client. However, it is unable to implement SSO like with the old web access (windows auth in IIS). After researching, I realize that the new RDS web client (HTML5) doesn't support SSO. So, I'm going to integrate RDS with Azure AD Application Proxy on following article: https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-integrate-with-r... Then enable SSO on Azure AD Application Proxy. Questions: Is it the solution to implement SSO for the web client ? Thanks in advance for your precious.MultiMonitor Support for AVD Webclient
Hello, We have users using HP ThinPRO to connect to AVD. They normally use AVD client but that seems having latency. However user confirmed once they use AVD Webclient via browser https://client.wvd.microsoft.com/arm/webclient/ its working pretty fine. There is only one challenge as they can use more than one monitor. Is there any option to use more than one monitor with AVD webclient? Thanks Pankaj