Forum Discussion
Single-Sign On
After troubleshooting an issue for a customer, we determined that the prerequisites for enabling SSO at the AVD host pool level is not strictly enforced when a user goes to execute the SSO workflow f...
This behavior exists because the current implementation doesn't strictly validate prerequisite settings (like -IsRemoteDesktopEnabled on the service principals) when initiating SSO via MSRDC or the Windows App. It's a known gap tied to the transition from targetisaadjoined:i:1 to enablerdsaadauth:i:1, as Microsoft streamlines toward passwordless and Entra ID-based SSO.
While Microsoft hasn't publicly confirmed a fix, it's likely part of ongoing improvements to align with their identity-first and seamless access roadmap. For now, admins should ensure all prerequisites are manually validated to avoid silent failures in SSO.