Forum Discussion
Alex Kwitny
Mar 08, 2023Brass Contributor
How to allow External users to connect to Azure Virtual Desktop?
I'm trying to get external users to connect to my Azure Virtual Desktop instance, but nothing seems to work?
I've "Enrolled" my subscription in "Per-user access pricing" as specified here, invited/assigned the external user to an application group, and even made the external user a Global Administrator and I'm still not able to see any resources?
I'm testing this with an Azure Dev/Test subscription, which has an "Azure AD Free" license, before doing anything in our primary tenant ("Azure AD Premium P1"). Does this matter?
- A user in an organization that is not in your organization. It's a legal/licensing distinction, not a technical one.
"External users aren't members of your organization, such as customers of a business." (https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/licensing)
From a technical viewpoint, you'd use users local to an Azure AD tenant you control (the docs say best practice is a tenant per external company but nobody does that). You'd put the AVD environment in that tenant. But the users are all local to that tenant, not in their own tenants.
see also https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/identities
- GoGoGadgetCommunityCopper ContributorAre you trying to use external identities? That's documented as unsupported.
https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/identities
it's also mentioned on the page you link to.- Alex KwitnyBrass ContributorI'm not sure? We have random companies trying to sell us things, but they need access to our environment and instead of creating them temporary accounts (i.e. email address removed for privacy reasons), we were hoping we could just add them in AAD via "Invite external user". Is that not an external user?
- GoGoGadgetCommunityCopper ContributorThat is an external identity (B2B) and thus won't work.
Yes, the terminology is confusing.