Forum Discussion

Copper Contributor

Sep 30, 2024

AVD and the new Windows App - CA policy

Hi. Short backgroud: We've been using AVD for several years. We have a CA policy that essentially blocks access to cloud services when access originates from native windows application. W...

MVP

Oct 01, 2024

Worth to take a look at this:

Conditional access for AVD (Azure Virtual Desktop) - robjanssen.it

stewartgscott
Copper Contributor
Oct 01, 2024
Hi and thanks for the link.
We have already had these three app-id's as a part of our CA policies that to expressly identify AVD access. We've always had these three.

However it seems we can not determine what the appid(s) are to add to our CA policies that expressly identify the new Microsoft Windows App (https://learn.microsoft.com/en-us/windows-app/overview) . THis is MSFT's evolution of the client side app to connect to AVD.
Looking at some articles, along with the id's in the article you provided we have added two. But neither of them, in the CA policy identify and evaluate the client app . THe two we added are Microsoft Remote Desktop
a4a365df-50f1-4397-bc59-1a1564b8bb9c
Windows Cloud Login
270efc09-cd0d-444b-a71f-39af4910ec45

But during signon/access. these are not evaluating the windows client side app as the new Windows App, thus the CA policies are not applied (e.g. to enforce MFA, to allow this windows native app (ie this new Windows App )

Resources