Forum Discussion
Azure Virtual Desktop - Restricting Access based on the Remote Desktop Client App Version
Morning,
What are the current options for restricting access to the AVD Service based on the version of the Remote Desktop Client App? I would have thought CA policy could achieve this, but it doesnt seem to be granualar enough.
Thanks in advance.
AVD - Win10 Multi-User
Identity - Entra Domain Services (AAD-DS)
- Redsman13Copper Contributor
Restricting the version. Good example would be to prevent users from coming into the AVD environment when they are using a version of the Remote Desktop Client app that is 2 years out of date or more.
I'm aware that in the past Microsoft have blocked older unsupported versions from accessing the AVD Service:
Thanks in advance.
- MathieuVandenHautteSteel Contributor
Hi Redsman13,
This is not possible.
Conditional access policies can only target these Azure Virtual Desktop resources:- Azure Virtual Desktop with app ID "9cdead84-a844-4324-93f2-b2e6bb768d07"
- Microsoft Remote Desktop with app ID "a4a365df-50f1-4397-bc59-1a1564b8bb9c"
- Windows Cloud Login with app ID "270efc09-cd0d-444b-a71f-39af4910ec45"
- stewartgscottCopper ContributorIve had for some time a CA policy that restricts using "Mobile apps and desktop clients"
However, to allow a user (eg on their home/personal computer) to use the local AVD desktop client on their home personal Windows machine , we Excluded the specific AVD/Remote Desktop apps (in other words, this CA policy is not assigned because the app was excluded, and the user happily uses the windows AVD client on Windows device. This has also been in place for some time.
Now, when instead using the new Windows App, we added to the excluded apps in the CA Windows Cloud Login with app ID "270efc09-cd0d-444b-a71f-39af4910ec45" , and we also added Microsoft Remote Desktop ID "a4a365df-50f1-4397-bc59-1a1564b8bb9c" .
However, the CA policy does not seem to "see" the connection arriving from either of these two apps, thus the policy does NOT evaluate the user access as this new Windows App on thier windows device as one of these excluded apps, and they are blocked. Is there another app id i should add to my excluded list?