Forum Discussion
Guidance on using WVD with MFA user accounts and Azure AD DS?
Is there any guidance out there on using WVD with MFa accounts?
I have a total cloud environment. No on prem ever. Implemented AZ AD DS. set up WVD. Working for users without MFA. But unable to login on desktop or web for users with MFA enabled.
Guidance? Articles? i seemed to have missed something??
That is my understanding yes, as per the Microsoft document I sent. If ADDS was set up recently then there is a high possibility that a high proportion of users have not changed there password.
You can test this by dumping out user accounts and last password change to see if you get any sort of correlation.
13 Replies
and
also the workstations are AD joined I get that but are they Azure AD joined? Do I have to do some sorta 'hybrid' install so the Win 10 desktops support Azure AD and normal AD??
If you have managed to deploy Windows Virtual Desktops (Personal or pooled) using the portal or arm templates, then they will becomes Domain joined to Azure AD Domain Services. And if that process was successful then I am assuming you have the networking in place between your WVD VNET and your ADDS VNET (VNET Peering required).
You will see the computer accounts of the WVD's in Azure ADDS if you use ADUC to connect.
When you say the workstations are Azure AD joined, do you mean the devices that are running the RD Client? If you do, that should have no bearing on it. We have that set up also.
What this might be is the Sync between Azure AD and ADDS. Try changing your password in Azure AD then wait for that to Sync to AADDS.
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance#enable-user-accounts-for-azure-ad-ds
>>When you say the workstations are Azure AD joined, do you mean the devices that are running the RD Client?
No I mean the VMs in the pool that are connected to Azure AD DS.
>>What this might be is the Sync between Azure AD and ADDS.
Sync report as working and I know it works because if I disable a non MFA user in Azure AD they can't access WVD VMs.
Do I need secure LDAP enabled?
We have the same set up. Cloud only, with AADDS and users set up with MFA can log in through the RDC and Web without issue. From what I have see you are prompted for MFA when you initially subscribe, but not thereafter.
HandA I kinda thought that should be the case but I get stuff like:
The remote computer that you are trying to you are trying to connect to requires Network Level Authentication (NLA), but your Windows Domain controller cannot be contacted to perform NLA. if you are an administrator on the remote computer, you can disable NLA by using the options on the Remote tab of the System Properties dialogue box.
