Forum Discussion
MicrosoftPUBLIC PREVIEW: Announcing public preview of Azure AD joined VMs
- End-to-end single sign-on is definitely something we are working on but isn't available in the first release due to the protocol we are using. We know how important that feature it.
David, this solution doesn’t seem to comply with the Microsoft Partner Agreement security standards.
I didn't have the time to test the solution on my end yet, but this a long-waited feature that we will start to deploy as soon it is GA.
As stated in this article, all sign-ins must be MFA:
https://docs.microsoft.com/en-us/partner-center/partner-security-requirements-faq
Can conditional access be used to meet the MFA requirement?
Yes, you can use conditional access to enforce MFA for each user, including service accounts, in your partner tenant. However, given the highly privileged nature of being a partner we need to ensure that each user has an MFA challenge for every single authentication. This means you won't be able to use the feature of conditional access that circumvents the requirement for MFA.
Can you confirm that you have any plans to support Windows Hello/Full SSO support without MFA exceptions? If the only way planned to sign-in is to exclude the app in the conditional access, are we still compliant as a Microsoft Partner?
Thank you!
Microsoftfmartel MFA is already supported with this solution. You do have to configure it on the "Windows Virtual Desktop" app and not the "Azure Windows VM Sign-In" app. I updated the documentation here to call this out: https://docs.microsoft.com/en-us/azure/virtual-desktop/deploy-azure-ad-joined-vm#enabling-mfa-for-azure-ad-joined-vms