Forum Discussion
Add guest user to Windows Virtual Desktop app pool
Hello,
I'm trying to add guest user to my App pool but I always get the following error:
The identity provider for Tenant 'xxxxxxxxxx' did not recognize User '≤xxxxxxxxxx≥'.
Is there any restriction to add guest users?
My guess will be that because the guest user account password hash are not registered in AADDS, it will not be technically possible to enable this service for guest account but I will let the expert confirm....
Thank you for your help.
ghonyme : Yes, unfortunately we do not support guest users yet in Windows Virtual Desktops. Users must be sourced from the Azure AD that you specify for your Windows Virtual Desktop tenant.
29 Replies
Microsoft recently announced this:
New pricing options for remote app streaming
Many organizations are using Azure Virtual Desktop to stream apps to their own employees who are covered by existing license entitlements. But many organizations also want to use Azure Virtual Desktop to deliver applications “as-a-service” to customers and business partners as well.Today we are pleased to announce a monthly per-user access pricing option for organizations to use Azure Virtual Desktop to deliver apps from the cloud to external users. For example, this would enable software vendors to deliver their app as a SaaS solution that can be accessed by their customers. In addition to the monthly user price for Azure Virtual Desktop, organizations also pay for Azure infrastructure services based on usage.
https://azure.microsoft.com/es-mx/blog/azure-virtual-desktop-the-desktop-and-app-virtualization-platform-for-the-hybrid-workplace/
- Exactly this feature do we need too.
There are several customers which like to work "modern". That means: WVD as first place of contact. To reduce costs and maintenance effort, we thought about building one big WVD environment instead of several small ones.
Therefore the clients will have either a Business Standard/Premium oder M365 E3, licenses are given and it should be fine from this perspective.
Unfortunately the current stage of WVD seems a little "old fashioned" regarding the architecture. Why is there still the need to connect to either an onPrem AD or AADDS? With end user devices it is possible since ages to manage them "cloud only". I know this feature (Azuer AD Hybrid Join) is in pipeline right now but why so late? Didn't it make more sense to implement ist as the spring update came along? - Christian_Montoya
Microsoft
Radek V : Are you also synchronizing SIDs?
- Christian_Montoya
ghonyme : Yes, unfortunately we do not support guest users yet in Windows Virtual Desktops. Users must be sourced from the Azure AD that you specify for your Windows Virtual Desktop tenant.
I have the same question and in need to have this feature. I was under the impression that, if a guest user can be added to an application according to the https://docs.microsoft.com/en-us/azure/active-directory/b2b/add-users-administrator#add-guest-users-to-an-application then, the feature to add a guest user to application group in a host pool in WVD was also supported.
Our objective is to allow guest users (who are clients) to connect to VM in WVD so that they can use our software (already installed in VM) through Excel add-in. In this way, they can sign in to Excel with their Office 365 credentials (related to their Office 365 license).
If we add a guest user to our Azure AD (as another AD user) then, we have to add Office 365 license for every guest user, which is not acceptable.
Is there any workaround to achieve the objective? This is something, that is needed and expected to be implemented.
Many thanks.
Kind regards,
Misbah
MisabhMHasan Christian_Montoya that's exact use case we are also working upon. Extending access to guest users in AD would make more sense and would be a cost effective way to access the WVD environment for end customers as they then could make use of their existing license.
Right now, one needs to create all customers accounts in same Ad tenant as that of WVD setup and then need to procure and assign license to each one of the customer record which does not make sense because end customers essentially end up paying licensing un-necessarily when they do already have valid license within their home AD tenant.
Hello Christian_Montoya how about users synced from Active Directory to Azure AD with a .onmicrosoft.com UPN
