Forum Discussion
WVD Single Sign On / Double Authentication
[Edit] I know this is not the non-ADFS solution people were hoping for, but for the ones that do have it rolled out/plan to roll it out, I just wanted to mention this in this thread.
After a lot searching, I found some documentation that can help -> https://docs.microsoft.com/en-us/azure/virtual-desktop/configure-adfs-sso
I was able to implement it with a test environment in Azure on a single subnet with dedicated VMs for ADCS, ADDS, ADFS and one workstation. VM images used were Windows Server 2022 and Windows 10 21H1. AVD was set up with one session host with Windows 11. I used the certificate method to configure the key vault for AVD. To set up the prerequisites, I followed the Hybrid AD Certificate Trust model for Windows Hello for Business (WHfB) found here -> https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install . If you fully configure WHfB, you can reuse the enrollment certificate template to deploy the ADFS SSO certificate.
It took a bit of work to set it up so if you bump into issues, just reply to me and i'll try to help the best way i can.
Jeffrey Aucaywe have hybrid set up and ad-connect job runs regularly on an OU so as machines are built they are synced. We have a few GPOs for browsers as well and from my testing, it looks like we can log in as our domain account and need to do nothing more than push the 2fa for the MS account related needs, no double auth. Pretty sweet.