Forum Discussion

DAsnow's avatar
DAsnow
Copper Contributor
Nov 11, 2021

Azure Virtual Desktop - Azure AD Joined Sign on Issues (Need Guidance)

Folks does anyone know how to get MAC, WEB, IOS, and other clients to allow connections to AVD machines that are natively joined to an AzureAD (not AADDS).

 

I have built a test machine, in a validation environment and joined it to an AzureAD. The user assigned can successfully logon from any AzureAD joined machine without issue, inclusive of using Windows Hello. However if you try to connect from a MAC, Web portal, or other PC non-joined or IOS client the logon fails. Also the custom RDP property to notify the client that the machine is Azure AD joined is set on the pool as well.

 

Any direction here would be super helpful, can't figure out why the Microsoft team wouldn't want access to be ubiquitous, perhaps I missed something or if it's coming soon.

 

Please help!

  • Dan_B1135's avatar
    Dan_B1135
    Copper Contributor
    https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows ----- Remote connection to VMs joined to Azure AD is only allowed from Windows 10 PCs that are either Azure AD registered (minimum required build is 20H1) or Azure AD joined or hybrid Azure AD joined to the same directory as the VM. Additionally, to RDP using Azure AD credentials, the user must belong to one of the two Azure roles, Virtual Machine Administrator Login or Virtual Machine User Login. If using an Azure AD registered Windows 10 PC, you must enter credentials in the AzureAD\UPN format (for example, AzureAD\john@contoso.com). At this time, Azure Bastion can't be used to log in by using Azure Active Directory authentication with the AADLoginForWindows extension; only direct RDP is supported.

Resources