Forum Discussion

patrick-h's avatar
patrick-h
Brass Contributor
Jul 27, 2020

Conditional access policy for access on WVD

All-

 

We are complete Azure AD with ADDS for WVD.  Currently, we have conditional access policies that require a device be marked compliant to access certain tools.  What is best way to have a similar policy with WVD?  It seems that a hybrid join would be the right way, but as I don't have an on premises AD server, would I have to spin one up in Azure just to get hybrid join?  Any advice would be appreciated. 

  • DBR14's avatar
    DBR14
    Iron Contributor

    patrick-h 

    Piggybacking onto this as I've put a CA policy in place to require MFA at login at after each hour. It works flawlessly with the web client, but does not seem to work for the desktop client.

     

    Once you have subscribed to a stream with the desktop client you are locked in and then you can just launch it the VM once you launch the desktop client. Ideally, you would need to login and pass MFA after launching the desktop client unless you had not expired the X time CA Policy.

     

    Looking back this was brought and documented as an issue last year while it was in its infancy but from looking around there doesn't seem to be a solution to this. Requiring MFA at every login is a necessity for some organizations.

Resources