Forum Discussion

DavidBelanger's avatar
DavidBelanger
Icon for Microsoft rankMicrosoft
Aug 24, 2022

Insider Preview: Single sign-on and passwordless authentication for Azure Virtual Desktop

Today we’re announcing the Insider preview for enabling an Azure AD-based single sign-on experience and support for passwordless authentication, using Windows Hello and security devices (like FIDO2 k...
AVDUpdate
dikkekip20's avatar
dikkekip20
Copper Contributor
Aug 26, 2022

DavidBelanger 

DavidBelanger 

First of all, This is great. We were awaiting this feature for some time now. 

Great to see it coming to light. We of course went right ahead and deployed it to our test pool.

- VM Login AAD only
- Azure Files AAD only
- Intune enabled
- now running 22h2 🙂

We had a small issue though, we are allowing the Azure Virtual Desktop application outside of the compliant device policies. However it seems like the exemption we made for the Enterprise application "Azure Virtual Desktop" doesn't include this, the application is called. 

  • Microsoft Remote Desktop (app ID a4a365df-50f1-4397-bc59-1a1564b8bb9c), which applies when the user authenticates to the session host when https://docs.microsoft.com/en-us/azure/virtual-desktop/configure-single-sign-on is enabled.

https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa

 

Please add this to the FAQ 🙂


Also I seem to need to give consent my login on the VM. 
I cannot find the admin consent button for the Enterprise application.
please provide instructions on this 🙂

 

  • deanbox's avatar
    deanbox
    Copper Contributor
    Jan 27, 2023

    Regarding reply from: dikkekip20 Any updates regarding consent login on the VM? We are getting the same prompt which is new.

    Can we give admin consent to this client_id=a85cf173-4192-42f8-81fa-777a763e6e2c so that users won't be bothered with this?

    We already consented server & client app with https://rdweb.wvd.microsoft.com/

     

    • Anonymous's avatar
      Anonymous
      Feb 13, 2023
      Any updates on this issue? This behavior currently completely destroy SSO experience for the and user when connecting to larger host pools or after a host pool refresh
  • Andrew_Woo's avatar
    Andrew_Woo
    Iron Contributor
    Sep 16, 2022
    The above work only for WIndows ?
    How about MAC?
    Apps : a4a365df-50f1-4397-bc59-1a1564b8bb9c
    The above apps is not working for MAC and web
    • DavidBelanger's avatar
      DavidBelanger
      Icon for Microsoft rankMicrosoft
      Sep 16, 2022
      Hi Andrew, the feature is currently only working using the Windows client. Support for the web client should be available soon. Other clients like macOS, iOS and Android will come later but are in development.
      • Marius Sandbu's avatar
        Marius Sandbu
        Brass Contributor
        Nov 24, 2022
        When I've configured this it works for some users that are sitting on Windows Azure AD only machines. However end-users with machines that are part of Active Directory are not able to logon using SSO, is there a limitation with seamless SSO that can affect the authentication process?
    • dikkekip20's avatar
      dikkekip20
      Copper Contributor
      Sep 16, 2022

      Andrew_Woo I think this SSO feature is only working for Windows atm yeah

      • Andrew_Woo's avatar
        Andrew_Woo
        Iron Contributor
        Sep 21, 2022
        Thanks for the reply. We hope to see it in MacOS soon. Thanks

Resources