AVD Authentication Type

Copper Contributor

I have just completed a setup with Azure AVD for remote desktop and an application and I'd like to know if there's a way to change the authentication or login type when using Azure AVD.  Or if a prompt can be enabled in the settings of AVD.  We only have 10 users spread across 2 AVD VMs.  I have a Windows Server AD virtual machine running in my Azure tenant on the same vnet as the AVD setup.  These were domain joined using the AVD deployment process and assigned to a specific OU in my domain.  My Active Directory is using .local usernames and my Azure tenant does have an authenticated and valid domain for users and email.  I did expand my AD to include the UPN alternative suffixes and I've adjusted the accounts so that my Office365 tenant logins match the AD logins.  However, when I connect to my AVD workspace using Remote Desktop App, I cannot connect and it sends an error of 0x83886163 during the configuring gateway process.  The Session Desktop and my app is published properly to the Remote Desktop App, but I simply cannot connect.  

 

Basically, is it possible to adjust AVD to prompt for a username once I click on the Session Desktop or my published application?  I did locate some authentication settings in the RDP properties and connection information of the host pool.  

 

Thanks for any suggestions or input.

4 Replies

@Ken_Shep 

 

What authentication or user experience you are looking for?

I'd like to get prompted for a standard username/password once I open the SessionHosts or my published app so that I can then enter domain\username or username@domain.local. Basically, AVD is trying to force SSO but I don't want to use SSO because I cannot change some of the UPN settings on my domain AD user accounts to match the UPN of the Office365 email accounts that are used to perform the initial login for Azure AVD.
Part of the process, when you click on connect the AVD service perform a check who is connecting and allocate local RDP user role to the user on ad-hoc basis.

For example, if the shared desktop is assigned to user A then Azure service will check whether this user is assigned in the assigned group and then move forward with opening up authentication dialogue box.

It seems like what you are trying to do is not officially supported or feasible.
In short, it is not possible. Check the prerequisites for Identity listed here https://learn.microsoft.com/en-us/azure/virtual-desktop/prerequisites?tabs=portal#identity.