Forum Discussion

Redsman13's avatar
Redsman13
Copper Contributor
Jan 15, 2024

Azure Virtual Desktop - Restricting Access based on the Remote Desktop Client App Version

 

Morning,

 

What are the current options for restricting access to the AVD Service based on the version of the Remote Desktop Client App?  I would have thought CA policy could achieve this, but it doesnt seem to be granualar enough.

 

Thanks in advance.

 

AVD - Win10 Multi-User

Identity - Entra Domain Services (AAD-DS)

 

 

  • Hi Redsman13,

    This is not possible.

    Conditional access policies can only target these Azure Virtual Desktop resources:

    • Azure Virtual Desktop with app ID "9cdead84-a844-4324-93f2-b2e6bb768d07"
    • Microsoft Remote Desktop with app ID "a4a365df-50f1-4397-bc59-1a1564b8bb9c"
    • Windows Cloud Login with app ID "270efc09-cd0d-444b-a71f-39af4910ec45"
    • stewartgscott's avatar
      stewartgscott
      Copper Contributor
      Ive had for some time a CA policy that restricts using "Mobile apps and desktop clients"

      However, to allow a user (eg on their home/personal computer) to use the local AVD desktop client on their home personal Windows machine , we Excluded the specific AVD/Remote Desktop apps (in other words, this CA policy is not assigned because the app was excluded, and the user happily uses the windows AVD client on Windows device. This has also been in place for some time.

      Now, when instead using the new Windows App, we added to the excluded apps in the CA Windows Cloud Login with app ID "270efc09-cd0d-444b-a71f-39af4910ec45" , and we also added Microsoft Remote Desktop ID "a4a365df-50f1-4397-bc59-1a1564b8bb9c" .

      However, the CA policy does not seem to "see" the connection arriving from either of these two apps, thus the policy does NOT evaluate the user access as this new Windows App on thier windows device as one of these excluded apps, and they are blocked. Is there another app id i should add to my excluded list?

Resources