Forum Discussion
PUBLIC PREVIEW: Announcing public preview of Azure AD joined VMs
- Jul 15, 2021End-to-end single sign-on is definitely something we are working on but isn't available in the first release due to the protocol we are using. We know how important that feature it.
Would just like to confirm that you can access/login to AAD-Joined session hosts from an Azure AD Registered Device using your AAD credentials?? The docs state it below (third point) but when I have tested this it doesn't work; it does however work fine when the local PC is AAD Joined.
Does it need to be a certain edition of Windows 10?
Connect using the Windows Desktop client
The default configuration supports connections from Windows 10 using the https://docs.microsoft.com/en-us/azure/virtual-desktop/user-documentation/connect-windows-7-10. You can use your credentials, smart card, https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust or https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs to sign in to the session host. However, to access the session host, your local PC must meet one of the following conditions:
- The local PC is Azure AD-joined to the same Azure AD tenant as the session host
- The local PC is hybrid Azure AD-joined to the same Azure AD tenant as the session host
- The local PC is running Windows 10, version 2004 and later, and is Azure AD registered to the same Azure AD tenant as the session host
To enable access from Windows devices not joined to Azure AD, add targetisaadjoined:i:1 as a https://docs.microsoft.com/en-us/azure/virtual-desktop/customize-rdp-properties to the host pool. These connections are restricted to entering user name and password credentials when signing in to the session host.
https://docs.microsoft.com/en-us/azure/virtual-desktop/deploy-azure-ad-joined-vm
- Rald_11Mar 09, 2022Copper Contributor
ahart3 Make sure you have assigned these AAD users in the RBAC roles(e.g. Virtual Machine Contributor or Virtual Machine User Login) of the VMs
- ahart3Mar 09, 2022Brass ContributorI did make that change. I've tested again this morning and all seems to be working fine now, strange but hey that is a good result 🙂
- Rald_11Mar 10, 2022Copper Contributor
ahart3 Cool! nice to know. You can then corporate these AAD joined VMs to Intune for added security its like a GPO but a flat structure. Also Virtual Machine Administrator Login role will assign a local admin privileges for that user on the session host, as for Virtual Machine User Login, it will only assign as a non admin role inside the session host.