Forum Discussion
DavidBelanger
Microsoft
Aug 24, 2022Insider Preview: Single sign-on and passwordless authentication for Azure Virtual Desktop
Today we’re announcing the Insider preview for enabling an Azure AD-based single sign-on experience and support for passwordless authentication, using Windows Hello and security devices (like FIDO2 k...
Roger1175
Sep 21, 2022Brass Contributor
I am excited about this feature but the consent prompt for each new server is certainly not ideal. Hopefully, this is something that is being addressed when it reaches Public Preview! It wouldn't be so bad if it was simply a matter of telling users to click "Yes" when it comes up but we are seeing that users also have to authenticate using their password or some other sign-in method. Is there a reason why Seamless SSO does not work for this?
In the Azure AD sign-in logs we see a sign-in failure saying "The user or administrator has not consented connecting to the target-device: '{identifier}'. Send an interactive authorization request for this user and target-machine." and the user is prompted with a message saying "Because you're accessing sensitive info, you need to verify your password." I have not found any way of getting Seamless SSO to work with this and I am wondering if others are seeing the same issue or there is something I am missing.
In the Azure AD sign-in logs we see a sign-in failure saying "The user or administrator has not consented connecting to the target-device: '{identifier}'. Send an interactive authorization request for this user and target-machine." and the user is prompted with a message saying "Because you're accessing sensitive info, you need to verify your password." I have not found any way of getting Seamless SSO to work with this and I am wondering if others are seeing the same issue or there is something I am missing.
Eric_Keown
Dec 15, 2022Copper Contributor
Roger1175 I am seeing your issue but only on VM's that we have failed over as part of D/R testing.
I put a comment in as well to David B asking if there is a missing config to address the D/R AVD once a failover has been triggered for AVD have not see a response yet.