Azure Virtual Desktop - Internal Azure AD Users

Copper Contributor

Hi Team,

 

I have deployed Azure Virtual Desktop for POC and assigned few users access to the Virtual Desktop App Pool. These users are local Azure AD users and do not have any licenses which make them eligible for Azure Virtual Desktop. Also, the per-user access pricing configuration is disabled on the AVD subscription.

 

These users are still able to login to the Azure Virtual Desktop successfully which I am not able to figure out how. I would really appreciate if someone could provide an expert guidance.

 

Thanks!

4 Replies

@Sibba_Sailor By default, only users who have been assigned an AVD license are able to access the virtual desktops. If the per-user access pricing configuration is disabled, it means that users who don't have a license assigned to them should not be able to access the virtual desktops.

 

It's possible that the users are logging in using a shared account, which may have an AVD license assigned. It's also possible that the users are logging in using a temporary account that has been granted access to the virtual desktops, but this account should have been removed or its access revoked once the POC was complete.

 

To resolve this issue, you can follow these steps:

  1. Verify the licenses: Check the licenses assigned to the users who are logging into the virtual desktops successfully. Ensure that they have an AVD license assigned.

  2. Check for shared accounts: Check for shared accounts that may have been used to access the virtual desktops. Ensure that these accounts have an AVD license assigned.

  3. Check for temporary accounts: Check for temporary accounts that may have been granted access to the virtual desktops. Ensure that these accounts have been removed or their access revoked.

  4. Review the AVD configuration: Review the AVD configuration and ensure that the per-user access pricing configuration is enabled and that the correct licensing model is being used.

.

Hi @Robina 

 

Thanks for looking into this!

I do not have per-user licensing enabled for the AVD deployment which I am using for POC. Neither do I have any AVD licenses assigned to the test user temporarily/permanently. The user is still able to login to the VDI VM.

This is a temporary test user account I created within the Azure AD tenant (onmicrosoft.com domain).

 

  1. Verify the licenses: Check the licenses assigned to the users who are logging into the virtual desktops successfully. Ensure that they have an AVD license assigned. - The test user account has no AVD licenses assigned to it.

  2. Check for shared accounts: Check for shared accounts that may have been used to access the virtual desktops. Ensure that these accounts have an AVD license assigned. - The test user account is not a shared account.

  3. Check for temporary accounts: Check for temporary accounts that may have been granted access to the virtual desktops. Ensure that these accounts have been removed or their access revoked. - No temporary/permanent access given to this test user account. 

  4. Review the AVD configuration: Review the AVD configuration and ensure that the per-user access pricing configuration is enabled and that the correct licensing model is being used. - Per-user access pricing is disabled for AVD.

Using AVD is a licensing entitlement so you don't assign the license perse, it's more of a trust based system.