Forum Discussion

AdrianHallNHSE's avatar
AdrianHallNHSE
Copper Contributor
Mar 01, 2023

Can't *disable* webauthn passthrough with Windows 11 Azure VM

Hi, trying to test out FIDO2 Windows Hello on Azure VMs, but cannot turn off the webauthn passthrough to the client machine in the RDP session. 

 

I've disabled it in the RDP client as per https://learn.microsoft.com/en-us/azure/virtual-desktop/configure-device-redirections and logged off, and restarted VM, but it still continues to throw up my client machine WHfB dialog when a webauthn registration is done on webauthn.io, requesting a platform registration. 

 

I want to be able to use the vTPM on the VM itself to register, primarily to prove it is possible, and also to get the FIDO2 aaGUID for the TPM from the registration process. 

Any help appreciated. 

 

 

1 Reply

  • Varun_Ghildiyal's avatar
    Varun_Ghildiyal
    Iron Contributor
    Mar 07, 2023
    Hi there,

    It sounds like you are trying to test FIDO2 Windows Hello on Azure VMs and are having trouble disabling webauthn passthrough to the client machine in the RDP session. I can certainly help with this.

    First, it's important to note that by default, webauthn passthrough is enabled for Azure VMs, and this cannot be disabled via Group Policy or any other settings. However, as you mentioned, it can be disabled in the RDP client as per the instructions in the link you provided.

    If you have followed the steps in the link and are still experiencing the issue, there are a few additional troubleshooting steps that you can try:

    Ensure that the RDP client settings are being applied correctly: Make sure that you have properly saved the settings after disabling webauthn passthrough in the RDP client, and that the RDP client is properly configured to connect to the Azure VM.

    Check for any conflicting settings: Ensure that there are no conflicting Group Policy settings or other settings that could be overriding the RDP client settings.

    Verify that FIDO2 is enabled on the Azure VM: Make sure that FIDO2 is enabled on the Azure VM by following the instructions in the Microsoft documentation.

    Try using a different RDP client: If you are still experiencing the issue, try using a different RDP client to connect to the Azure VM and see if that resolves the issue.