Lock down of Windows Virtual desktop

Copper Contributor

Is there a possibility of locking down of Azure Windows virtual desktop to be accessible from Corporate office ?

Is conditional access supported and if yes, how to enable it?

8 Replies

@Jasmer Yes, because Windows Virtual Desktop is a registered application in Azure AD you can configure conditional access. Follow the steps here (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-based-mfa) and use the “Windows Virtual Desktop Client” app.”

@Eva Seydl somehow I can't get it to work, configured everything but neither the app nor the webinterface are blocking me from acessing with my non-MFA account, anything I am missing here?

@A_priori_superior : Can you clarify what you mean by "with my non-MFA account"? Has this account never required MFA? I'm not sure of the direct interaction, but you may need to enable MFA for this user first: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates .

@Christian_MontoyaThis account has never been enabled for MFA, correct. But that's the whole reason to set a conditional access policy, to prevent user not meeting the criteria, in this case having MFA enabled, to access certain resources. If I enable MFA for the users manually or automatically, there is no reason to define a conditional access rule for certain apps.

Btw it's working for other applications, but not WVD.

@A_priori_superior : It's working on other applications by individually listing them, like you tried with Windows Virtual Desktop Client? Can you add Windows Virtual Desktop to the list of apps? Or Replace the client with this one, and let us know if that works?

@Christian_MontoyaAdding WVD as well did the trick :)

@A_priori_superior : Perfect! If you actually replace the "Windows Virtual Desktop Client" and only have "Windows Virtual Desktop", does that also work for you? This is the catch-all approach and likely what we will be documenting on our docs site.

@Christian_Montoya Yes it did work with Windows Virtual Desktop only as well. Thanks