Forum Discussion
Windows Remote Desktop Client - You were disconnected because your session was locked
Good day, I see a behavior with Remote Desktop client that once the machine inactivity timeout is passed , the remote session will be disconnection with a message " You were disconnected because you...
DavidBelanger
Microsoft
MicrosoftHi folks, disconnecting a session when it locks is the expected behavior when enabling Azure AD authentication either in Azure Virtual Desktop with the RDP property above or in MSTSC on the Advanced tab by checking the option "Use a web account to sign to the remote computer".
I will add this to the documentation, but this was done for security reasons. The user is signing in to the session host using an Azure AD token and this allows the use of passwordless authentication and ensures CA/MFA policies are applied. The lock screen in Windows does not support passwordless and doesn't enforce CA/MFA policies. So users who sign using passwordless would not be able to unlock the session and another user could unlock the session, bypassing all CA/MFA policies. With SSO enabled, users should be able to easily launch the resource again and be connected.
Appreciate any feedback on this.
Thank you.
I will add this to the documentation, but this was done for security reasons. The user is signing in to the session host using an Azure AD token and this allows the use of passwordless authentication and ensures CA/MFA policies are applied. The lock screen in Windows does not support passwordless and doesn't enforce CA/MFA policies. So users who sign using passwordless would not be able to unlock the session and another user could unlock the session, bypassing all CA/MFA policies. With SSO enabled, users should be able to easily launch the resource again and be connected.
Appreciate any feedback on this.
Thank you.
Imagine how this “for security” reasons is not secure at all. So my session disconnects rather than locking, then if someone other than the user goes to the client, can SSO into the resource with the other user’s creds. Bring lock back please!