Forum Discussion
AVD and the new Windows App - CA policy
Hi.
Short backgroud: We've been using AVD for several years.
We have a CA policy that essentially blocks access to cloud services when access originates from native windows application.
When we started using AVD a while back of course we added to this CA policy and "excluded " AVD client apps. In other words, AVD client apps (on Windows devices is exclued , thus the policy is not assigned, thus users can connect to AVD using the thier windows desktop AVD client app.
Now - with the new Windows App we are testig it and stuck. We thought to simply add to this CA policy the additional AVD clients app id's as per msft windows app documentation for Windows App.
But, on Windows devices, using the new Windows App, the CA policy doesn't seem to recognize it as excluded (therefore the user is blocked as per this CA policy). nb: the new windows app on macOS works fine and the CA policy recognized the native windows app client as excluded and allows access...so we know the policy is bahaving as expected. But - not when using the windows app on an windows device os device. )
What app i missing in my CA policy (in our case, on the excluded list of cloud apps) ?
Currently i have :
Microsoft Remote Desktop
a4a365df-50f1-4397-bc59-1a1564b8bb9c
Windows Cloud Login
270efc09-cd0d-444b-a71f-39af4910ec45
Windows Virtual Desktop
5a0aa725-4958-4b0c-80a9-34562e23f3b7
Windows Virtual Desktop
9cdead84-a844-4324-93f2-b2e6bb768d07
Windows Virtual Desktop Client
fa4345a4-a730-4230-84a8-7d9651b86739
Many thanks
- stewartgscottCopper ContributorHi and thanks for the link.
We have already had these three app-id's as a part of our CA policies that to expressly identify AVD access. We've always had these three.
However it seems we can not determine what the appid(s) are to add to our CA policies that expressly identify the new Microsoft Windows App (https://learn.microsoft.com/en-us/windows-app/overview) . THis is MSFT's evolution of the client side app to connect to AVD.
Looking at some articles, along with the id's in the article you provided we have added two. But neither of them, in the CA policy identify and evaluate the client app . THe two we added are Microsoft Remote Desktop
a4a365df-50f1-4397-bc59-1a1564b8bb9c
Windows Cloud Login
270efc09-cd0d-444b-a71f-39af4910ec45
But during signon/access. these are not evaluating the windows client side app as the new Windows App, thus the CA policies are not applied (e.g. to enforce MFA, to allow this windows native app (ie this new Windows App )