Forum Discussion
Different between Windows Virtual Desktop and Client Application Assignments in Azure AD
- Aug 07, 2019Feffen : The primary reason is that we only use Azure AD app role / assignments for 1 action, and that's to create a tenant. Otherwise, because you can create numerous host pools and app groups, we handle end-user assignments through our own PowerShell and our own implementation.
Just checked and both of my apps are set to Yes for user assignment. Ill change them to no and test again in the morning.
Im a bit confused by the language here i guess, wouldnt i want to have to assign users to this app to control access?
- Christian_MontoyaNov 21, 2019Microsoft
sarahpotrick2573 : How did you configure Azure AD Domain Services? Does the domain match the UPNs those for the Azure AD user?
- sarahpotrick2573Nov 19, 2019Copper Contributor
Christian_Montoya Yes i checked it out and is telling that user does not exist and that the VM is not joined.,But my VM is joined to my domain that i created through Azure ADDS and also all of my users exists in the azure active directory and i have created that user in my azure active directory only. I dont want all of my users to be in the AADC group i just want them to access the WVD environment Please find or help me out with some solution ASAP as i have been trying to resolve this from past 10 days and i need to deploy this in my client environment.
- Christian_MontoyaNov 18, 2019Microsoft
sarahpotrick2573 : Can you run steps from our troubleshooting guide to see if there are specific errors from Diagnostics? https://docs.microsoft.com/azure/virtual-desktop/troubleshoot-client-connection#troubleshooting-end-user-connectivity .
This would be the best way to understand what the initial errors are so that you don't need to add them as admins.
- sarahpotrick2573Nov 18, 2019Copper Contributor
Christian_Montoya hey I am facing the same issue. i have added my users through powershell and also i have added them in my Entreprise application including windows virtual desktop and windows virtual desktop client. Everthing is in place also in my Enterprise applications in properties i have set the the users assigned tab to NO still my users are not able to access the WVD and throwing the folllowing error:-
pls help me with it as soon as possible also wen i add those users in AADC group they are able to access it and does not throw any error but for my environment i dont want all users to have the the admin access
- FeffenAug 13, 2019Copper ContributorConfirmed it’s working for me now as well.
- Christian_MontoyaAug 13, 2019MicrosoftGlad you're up and running! As we depend on Azure AD and other Azure services, we are learning as we go in certain scenarios. Thanks for the patience and validating!
- Rob BlankersAug 13, 2019Brass Contributor
stevenzelenko Christian_Montoya SUCCESS!!! I flipped the 'User assignment required' switch to No on each Enterprise Application, removed all the users from those apps and verified that all users in the Desktop Application Group (administered through PowerShell) can login without issue. Appreciate the follow up on this unsupported service and can't wait for GA!! Thanks again!
- stevenzelenkoAug 08, 2019Brass Contributor
Christian_Montoya Looks like I spoke too soon. For some reason, our session host crashed and I had to reboot the VM. All works now, even CA. Great and simple discovery. Thank you.
- stevenzelenkoAug 07, 2019Brass Contributor
Christian_Montoya Had some time to test this. I removed my account from the Azure application and got right in. When I went to open an app, I got this error shown in the screen cap. We do have a conditional access policy applied to require MFA off of our network. But even on our network, this same error presents itself.
- stevenzelenkoAug 07, 2019Brass Contributor
Christian_Montoya Mine was set to yes too. That makes sense. You are handling the permission from the app group, if you aren't part of the permission to that group, no access. Makes perfect sense now. We'll test tomorrow and report back our findings. Thanks for the reply! Greatly appreciated.