Forum Discussion

DavidBelanger's avatar
DavidBelanger
Icon for Microsoft rankMicrosoft
Nov 03, 2023

HOW TO: Hiding the consent prompt for Single Sign-On

We've been working on the ability to hide the dialog shown to users on first connection to a new session host when Single Sign-On is enabled to allow the remote desktop connection. The steps have now...
Andrew_Allston's avatar
Andrew_Allston
Iron Contributor
Nov 14, 2023
This is great news, but the instructions, not so much. We could benefit from some more detail.
DavidBelanger's avatar
DavidBelanger
Icon for Microsoft rankMicrosoft
Nov 14, 2023
Thank you for the feedback Andrew_Allston. I plan to add a sample step-by-step instruction using Graph Explorer for those less familiar with using Microsoft Graph. Hoping to have it live the week after Thanksgiving at the latest.
  • Florian_Paternostre's avatar
    Florian_Paternostre
    Copper Contributor
    Nov 30, 2023

    Hi DavidBelanger ,
    Could you please do this step-by-step instruction ? I'm not familiar with MS Graph. I spent some time to figure out how to make this work without success... Thanks in advance it will be much appreciated !

      • Florian_Paternostre's avatar
        Florian_Paternostre
        Copper Contributor
        Dec 01, 2023

        Sandeep Deo Thanks for the article. 
        I tried to do it with Graph Explorer without success. 
        I verified and assigned all required permissions (my account is global admin and I have consent all required permissions to Graph Explorer).
        When doing the POST request to create the setting, I get the following error : 

        Do I use the correct servicePrincipals ? 

        I tried the following IDs :
        • Microsoft Remote Desktop (App ID a4a365df-50f1-4397-bc59-1a1564b8bb9c).
        • Windows Cloud Login (App ID 270efc09-cd0d-444b-a71f-39af4910ec45)
  • gertjanvandekolk's avatar
    gertjanvandekolk
    Copper Contributor
    Nov 15, 2023
    Thanks, that is really nice
  • Andrew_Allston's avatar
    Andrew_Allston
    Iron Contributor
    Nov 14, 2023
    Thank you! Much appreciated! Have a happy Thanksgiving! 🦃
    • Andrew_Allston's avatar
      Andrew_Allston
      Iron Contributor
      Nov 16, 2023

      Andrew_Allston for anyone else a bit confused and wants to try before the detailed instructions are posted. The available links seem to suggest you need to create these attributes/objects. But you are modifying the SPNs for the two applications listed in the docs. This means PATCH should be used and not POST which is the method which is linked to.

      • Sandeep Deo's avatar
        Sandeep Deo
        Icon for Microsoft rankMicrosoft
        Nov 17, 2023

        Andrew_Allston You are right. To create a remoteDesktopSecurityConfiguration object on a supported Service Principal (RDP resource) you have to use PATCH and set the isRemotedDesktopProtocolEnabled property. Once you have created the RDSC object you have to create targetDeviceGroup object and you can do that by using POST. If you need to add more device groups to the targetDeviceGroup object you can do so one at a time by again doing a POST call. The only time you will use PATCH call on targetDeviceGroup is if you need to update display name for the group. Hope this helps. I will updating the docs shortly to reflect this change from POST to PATCH when creating RDSC object.

Resources