Forum Discussion
Window 11 enterprise Entra id Joined Session host
Hello Everyone, I hope someone can help me with the issue. We have an AVD environment with domain joined personal pools, everything works well. Now we want to deploy a personal pool with entra id...
It sounds like you're dealing with a frustrating issue regarding Entra ID-joined session hosts in your AVD setup. Based on what you’ve described, here are a few things you might want to try:
Windows Hello for Business:
It’s true that for Entra ID joined VMs, Windows Hello is often recommended. However, if you're sticking to username/password login, ensuring that "targetisaadjoined:i:1" is correctly configured across all Conditional Access policies should help.
Authentication Methods:
It’s worth double-checking whether your MFA settings or other conditional access policies are conflicting with the username/password method. Sometimes, Conditional Access can enforce more stringent policies for Entra ID-joined VMs.
User Role:
You've already added the Virtual Machine User Login role, which is great. Just ensure that this role is correctly propagated to all session hosts.
PKU2U Settings:
Since you mentioned the PKU2U authentication requests are enabled on both the session host and the local PC, I would recommend verifying once again that there’s no mismatch in their configurations.
Windows Hello for Business:
It’s true that for Entra ID joined VMs, Windows Hello is often recommended. However, if you're sticking to username/password login, ensuring that "targetisaadjoined:i:1" is correctly configured across all Conditional Access policies should help.
Authentication Methods:
It’s worth double-checking whether your MFA settings or other conditional access policies are conflicting with the username/password method. Sometimes, Conditional Access can enforce more stringent policies for Entra ID-joined VMs.
User Role:
You've already added the Virtual Machine User Login role, which is great. Just ensure that this role is correctly propagated to all session hosts.
PKU2U Settings:
Since you mentioned the PKU2U authentication requests are enabled on both the session host and the local PC, I would recommend verifying once again that there’s no mismatch in their configurations.