Jun 11 2019 02:45 PM - edited Jun 11 2019 02:56 PM
Jun 11 2019 02:45 PM - edited Jun 11 2019 02:56 PM
I'm trying to add guest user to my App pool but I always get the following error:
The identity provider for Tenant 'xxxxxxxxxx' did not recognize User '≤xxxxxxxxxx≥'.
Is there any restriction to add guest users?
My guess will be that because the guest user account password hash are not registered in AADDS, it will not be technically possible to enable this service for guest account but I will let the expert confirm....
Thank you for your help.
Jun 12 2019 08:59 AMSolution
@ghonyme : Yes, unfortunately we do not support guest users yet in Windows Virtual Desktops. Users must be sourced from the Azure AD that you specify for your Windows Virtual Desktop tenant.
Jul 12 2019 07:07 AM
@ghonyme Facing the same issue. My WVD tenant with Azure subscription is connected using Vnet Peering to on-prem AD but the UPN is different.
Jul 19 2019 08:16 AM
@Radek V : Actually, we have a current issue right now regarding user connections if the VMs are connected to Azure AD Domain Services and that user is sourced from your on-prem AD (synchronized to Azure AD, then replicated to the Azure AD Domain Services instance): https://techcommunity.microsoft.com/t5/Windows-Virtual-Desktop/Announcement-Connectivity-issues-from... .
We're actively investigating options on how to unblock and fix.
Sep 11 2019 04:56 AM
My users appear as 'guests' in AAD with source being 'external azure active directory' or 'invited user'. When I try to add such an account using the Add-RdsAppGroupUser cmdlet then I get the message "the specfifed UPN does not exist in the AAD associated with the RD tenant". Account that have directly been created in the AAD does work.
Can anyone from Microsoft state if these type of users are or will be supported and if not, how I should proceed??
Sep 12 2019 08:30 AM
@Marcel A' Campo : Currently we do not support Azure AD B2B (guest) users. Primarily, there is no mechanism right now to synchronize them to the on-prem AD that will be recognized by the VM logon. There are some scripts and tools (including Microsoft Identity Manager (MIM) ), but that would also require those B2B users to create a new set of credentials for that on-prem.
We are investigating how to support Azure AD B2B (guest) users, with Azure AD Join as a potential option, but no specific dates as of yet. If this is something that is crucial for your workload, please create/upvote at our Uservoice page .
Nov 11 2019 11:38 AM
Nov 14 2019 09:49 AM
I was wondering on this we got to Azure Domains but have WVD in a separate domain the guest users can not be added as a appgroupuser hoping this is something they are actively working on @Christian_Montoya
Nov 15 2019 02:41 PM
@tommy_barnes : We understand the ask of supporting Azure AD B2B, but unfortunately it's a little challenging at the moment because the user and their credentials are not known from the "inviting" directory.
We're looking at it, but don't expect to have a solution with Azure AD B2B any time soon.
Dec 16 2019 02:52 PM - edited Dec 16 2019 03:33 PM
@Christian_Montoya Is there any other way for a user from a different AAD to log in to a host pool in my AAD tenant? Is B2B / Guest account the only way?
Dec 19 2019 05:07 PM
@Marc98052 : Unfortunately, this is not available at the moment. With Azure AD B2B, the inviting directory never receives the password hash and the on-prem AD never recognizes the user.
Currently, you'll have to create an account for that guest user so that the user is recognized in both AD and Azure AD.
We have taken this feature request (supporting Azure AD B2B )and have it in our backlog, but no specific ETA right now.
Apr 16 2020 03:16 AM
@Christian_Montoya do we have any update on this or any tentative plan to roll out the support for azure ad b2b guest users for wvd? thanks in advance!
Apr 16 2020 07:09 AM
@bhushangawale : No update, and no timelines. I would not expect this feature anytime this calendar year (CY20).
Jun 10 2020 08:09 AM
Hello @Christian_Montoya how about users synced from Active Directory to Azure AD with a .onmicrosoft.com UPN
Jul 22 2020 01:25 AM
I have the same question and in need to have this feature. I was under the impression that, if a guest user can be added to an application according to the documentation then, the feature to add a guest user to application group in a host pool in WVD was also supported.
Our objective is to allow guest users (who are clients) to connect to VM in WVD so that they can use our software (already installed in VM) through Excel add-in. In this way, they can sign in to Excel with their Office 365 credentials (related to their Office 365 license).
If we add a guest user to our Azure AD (as another AD user) then, we have to add Office 365 license for every guest user, which is not acceptable.
Is there any workaround to achieve the objective? This is something, that is needed and expected to be implemented.
Jul 23 2020 02:38 AM - edited Jul 23 2020 03:08 AM
@MisabhMHasan @Christian_Montoya that's exact use case we are also working upon. Extending access to guest users in AD would make more sense and would be a cost effective way to access the WVD environment for end customers as they then could make use of their existing license.
Right now, one needs to create all customers accounts in same Ad tenant as that of WVD setup and then need to procure and assign license to each one of the customer record which does not make sense because end customers essentially end up paying licensing un-necessarily when they do already have valid license within their home AD tenant.
Jul 28 2020 06:38 AM
It's almost 1 year now and WVD spring release is in GA, do we know when it will be available?