Forum Discussion
DavidBelanger
Microsoft
Hi folks, disconnecting a session when it locks is the expected behavior when enabling Azure AD authentication either in Azure Virtual Desktop with the RDP property above or in MSTSC on the Advanced tab by checking the option "Use a web account to sign to the remote computer".
I will add this to the documentation, but this was done for security reasons. The user is signing in to the session host using an Azure AD token and this allows the use of passwordless authentication and ensures CA/MFA policies are applied. The lock screen in Windows does not support passwordless and doesn't enforce CA/MFA policies. So users who sign using passwordless would not be able to unlock the session and another user could unlock the session, bypassing all CA/MFA policies. With SSO enabled, users should be able to easily launch the resource again and be connected.
Appreciate any feedback on this.
Thank you.
I will add this to the documentation, but this was done for security reasons. The user is signing in to the session host using an Azure AD token and this allows the use of passwordless authentication and ensures CA/MFA policies are applied. The lock screen in Windows does not support passwordless and doesn't enforce CA/MFA policies. So users who sign using passwordless would not be able to unlock the session and another user could unlock the session, bypassing all CA/MFA policies. With SSO enabled, users should be able to easily launch the resource again and be connected.
Appreciate any feedback on this.
Thank you.
CM42
Feb 14, 2023Copper Contributor
Experiencing this same thing in Windows 365 VDI desktops and found no documentation around it. Is there at least a way to extend the timeout? I am so far unable to find one and it seems very short, maybe 5 minutes. Yes, it's easy to get back in but it seems like you turn around to have a conversation at your desk and you are disconnected. At least the session does not appear to ever actually log you off or kill open items.