Forum Discussion

stevenzelenko's avatar
stevenzelenko
Brass Contributor
Mar 22, 2019
Solved

Different between Windows Virtual Desktop and Client Application Assignments in Azure AD

Can someone explain the difference of these two apps in AD?  It seems like at some point today something changed and I have to set my test users to be Tenant Creators in the Windows Virtual Desktop A...
  • Christian_Montoya's avatar
    Christian_Montoya
    Aug 07, 2019
    Feffen : The primary reason is that we only use Azure AD app role / assignments for 1 action, and that's to create a tenant. Otherwise, because you can create numerous host pools and app groups, we handle end-user assignments through our own PowerShell and our own implementation.
Christian_Montoya's avatar
Christian_Montoya
Icon for Microsoft rankMicrosoft
Mar 29, 2019

stevenzelenko : Thanks for the testing so far! To address some of your questions:

  • Difference between apps: the Windows Virtual Desktop app is for the management of the service, and includes granting permission for the service to call your Azure AD for user validation, service principal validation, etc. The Windows Virtual Desktop client app is for the end-user login, where you can control MFA/Conditional Access policies. I agree that we should highlight this a bit more with some examples.
  • Correct, right now you can only assign users through Add-RdsAppGroupUser by individual user UPNs and not a security group. We're working on this.
sarahpotrick2573's avatar
sarahpotrick2573
Copper Contributor
Dec 16, 2019

Christian_Montoya   My Users are not able to sign-in into thier hostpool virtual Machine. It is throwing the following error. The username and password is correct and also i have assigned them through powershell, Still it is throwing the same error

Resources