Forum Discussion
Windows Virtual Desktop Announcements at Microsoft Ignite
We hope you are all enjoying the https://myignite.microsoft.com/home conference. Here are some announcements on Windows Virtual Desktop that you will be hearing during the event.
Azure Moni...
Would be nice if Microsoft gave some indication when WVD will support Azure AD join for those who have AAD only environments - this is a real roadblock for numerous organizations who bought in to the cloud only realm. Or what about SSO for WVD if you don’t use AD-FS? That too would be pretty handy.
Quentin Gerlach it is extremely easy to Deploy and integrate AADDS for your session hosts and Azure Files enrolment. Additional cost, yes $100/month for the smallest SKU that will work for a several hundred users environment. SSO option with AD-connect was around for a few months now, also really easy to implement, have a look.
- Again, ease isn’t the problem. The problem is that one is in essence going backwards - going to the cloud only, and now embracing legacy methods of domain authentication. And as others have pointed out, this comes with some large caveats.
As for SSO for WVD, as far as I’m aware, this is only supported for AD-FS environments - https://docs.microsoft.com/en-us/answers/questions/35827/single-sign-on-with-windows-virtual-desktop-for-of.html If you have a MS doc link or something describing setup of SSO for WVD via PTA/PHS, please share - that would be a great help.- Completely agree, the option of AAD as the only Identity source should be available for WVD.
As per the end-to-end SingleSO it is not supported: https://docs.microsoft.com/en-us/azure/virtual-desktop/authentication#single-sign-on-sso
SameSO functionality with both PTA/PHS and saving credentials on the client provides the most friction-free functionality. Some colleagues resort to ADFS just to ensure on-prem DC's authenticate users and my point was that for SameSO Pass-Through is often a better option.
- Problem starts arising when you have multiple regions to deploy in as AADDS is single region and you can only have one per tenant. That means that you will have single point for failure even if you have WWD in multiple regions.
Besides that, it just feels odd to build new in the cloud and then have to rely on on-prem technology. Currently we do AD to AAD to AADDS to WWD which doesn't feel right... :S- CloudCasper AADDS multi-region (replica sets) were around for some time now: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/concepts-replica-sets
As per the AD to AAD to AADDS, how much time have you spend on AADDS management (genuine question)? In my experience right operational approach with scoped sync makes it pretty much "set and forget".
BTW, I fully agree that option with AAD as the only Identity source for WVD should be available and will make a lot of difference for small deployments in particular.
