Forum Discussion
MicrosoftInsider Preview: Single sign-on and passwordless authentication for Azure Virtual Desktop
In the Azure AD sign-in logs we see a sign-in failure saying "The user or administrator has not consented connecting to the target-device: '{identifier}'. Send an interactive authorization request for this user and target-machine." and the user is prompted with a message saying "Because you're accessing sensitive info, you need to verify your password." I have not found any way of getting Seamless SSO to work with this and I am wondering if others are seeing the same issue or there is something I am missing.
Roger1175 I am seeing your issue but only on VM's that we have failed over as part of D/R testing.
I put a comment in as well to David B asking if there is a missing config to address the D/R AVD once a failover has been triggered for AVD have not see a response yet.- DavidBelangerRoger1175 we are working on removing the consent prompt for connections to Azure Virtual Desktop VMs for the reasons you mentioned. We won't consider this feature generally available for pooled environments until we do so. Note that this will not yet be addressed in the upcoming Public Preview which will add support for Windows 10 and Windows 11, as we want to understand if there are other issues that need to be addressed before GA and want to get as much feedback as possible on the feature.
- Hoping to hear some good news out of MS Build that this is ready to go generally available!
Let's hope so..
- DavidBelanger I am getting the same error as Roger1175 but a little different issue, signing in to the AVD for a personal pool works without any issues. However when we do a failover to another region we are getting the "The user or administrator has not consented connecting to the target-device: '{identifier}'. Send an interactive authorization request for this user and target-machine." message when we try to sign in to it even though it is showing up active and available after the failover.
I am wondering if this is because we have allowed the RDP access in the main region and in the new it is trying to ask for it again. Do you have any thoughts? When I look at the log for the attempt I see the below text under the authintication details, but can find no documentation on what a "Results Detail" of other is
Date Authentication method Authentication method detail Succeeded Result detail Requirement
12/9/2022 Password Password in the cloud false Other
12/9/2022 Mobile app notification true MFA completed in Azure AD
So again any thoughts?DavidBelanger , do you know if there are any updates about the SSO for Azure Virtual Desktop, according to the popups the user gets from every AVD servers " You are attempting to connect to a remote devices with the following details: <AVD-servername>
I hope this is GA soon and fixed without all the prompts.
Thanks Gertjan van de Kolk
DavidBelanger Hi, I got some feedback on the feature regarding the SSO feature for Azure AD joined devices.
https://learn.microsoft.com/en-us/azure/active-directory/devices/azuread-join-sso
Since the authentication protocol has changed. We do not receive a Kerberos ticket from the onPrem DCs anymore. breaking some fileservers and other resources that are needed for the end users.Are you guys aware of this change? and is it going to be a supported scenario when this will go into GA?
- DavidBelanger
dikkekip20 Was the Kerberos Server Object created to provide access to on-prem resources?
Configure single sign-on for Azure Virtual Desktop - Azure | Microsoft Learn
David
