Forum Discussion
Entra ID credentials in Azure Virtual Desktop
Are users cloud only Entra ID or hybrid identities from local Active Directory synced to Entra ID?
Users are cloud only Entra ID users.
I have investigated this further.
The lack on TPM chip in normal Azure SKUs (you can have vTPM using Azure Confidential SKUs), blocks the usage of Windows Hello for Business.
Also, when logging into an AVD session host (either via WindowsApp or browser), Microsoft handles the authentication of the user and then passes a token to the session host, allowing the user to be signed in to the session host. Microsoft does not gather the password and forward to the session host.
The lack of Kerberos tickets in a setup without Active Directory prevents us from authenticating towards Microsoft Edge Passwords. If Microsoft Edge Passwords did its authentication against Entra ID, it would work. Even then Profile sync including password sync are configured in the Microsoft Edge profile, still Microsoft asks for the password of the signed in user session.So bottomline is that you would need to implement a 3-party password manager solution like 1Password that supports Entra ID federated authentication.
I have a production AVD setup for a customer running Entra ID Joined session hosts and cloud only Entra ID Users.
The user signs in to AVD session host and uses Microsoft Edge. Profil sync is enabled for the user.
The user can access Paswords within Microsoft Edge to add new passwords, but accessing passwords already defines are showing the same behavior you are describing. So the issue is easy to reproduce.
I will try to see if I can find a valid solution for this headache.