Forum Discussion

Nikonline's avatar
Nikonline
Copper Contributor
Jul 15, 2021

Public Preview - Azure AD & Intune join for AVD - Session host unavailable

Hi All - I am using a public preview feature on Azure Virtual Desktop to join AAD and Intune (Pls see below article), although the VM was AAD registered and Intune enrolled, the session host was unav...
Johan_Vanneuville's avatar
Johan_Vanneuville
MCT
Jul 19, 2021
Did you assign the user the virtual machine user login role on the resource group?
Nikonline's avatar
Nikonline
Copper Contributor
Jul 19, 2021
yes, assigned the role despite being Owner on the RG. Still the same error.
  • Johan_Vanneuville's avatar
    Johan_Vanneuville
    MCT
    Jul 19, 2021
    Is you local security policy disabled to allow cloud accounts to logon to the machine?
    • Nikonline's avatar
      Nikonline
      Copper Contributor
      Jul 20, 2021
      Able to login to standalone VM using Azure AD user account (after disabling CAPs) however still unable to login to the AVD session host. After checking the connection logs i see this error

      AuthenticationLogonFailedAAD (9735) - User credentials did not work. Remote machine is AAD joined. If you are signing in to your work account, try using your work email address.
      23

      Checked on the host VM it does have remote login permission for the user however still failing to Authenticate.
      • Nikonline's avatar
        Nikonline
        Copper Contributor
        Jul 21, 2021
        Was able to login, good starting point https://docs.microsoft.com/en-us/azure/virtual-desktop/deploy-azure-ad-joined-vm
        Summary - Enabled Validation environment, Disabled MFA, CAPs, RDP setting changes at hostpool level.
        So now that makes me feel nervous and in search of securing AVD access... phew!

Resources