Jan 23 2022 12:09 PM
Jan 23 2022 12:09 PM
I have just created the Windows Virtual Desktop, with Host Pools and Application groups.
I managed to login to one of two machines successfully with local account that I have declared while creating VM`s in the Host Pool.
I managed to edit the assignments, and my AAD user is assigned to the Application group but the assigned VM`s is zero:
When I tried to assign VM`s to this user is seems that it is impossible for me:
Because I`m assigned to the Application Group I managed to login via web browser option (via Remote Desktop Web Client (microsoft.com)) but only with local account. All the test AAD accounts are failing (my guts feeling is because there are no VM`s assigned).
It seems that all needed prerequisites are in place, but still:
I`m 100% sure that the password is correct.
All checks on the machines are green and it looks like they are connected to the domain:
I`m losing hope, I would be much obliged for any help...
Have a great day ahead!
Jan 23 2022 09:41 PM
Jan 23 2022 11:21 PM
Those machines were build entirely in Azure. The users that I have tested are both AAD users, and guest users from another directory.
One of them is a owner for the entire subscription (where the Host Pool is build).
While creating this Host Pool there was an option to join AD or AAD. I have selected AAD.
I`m not sure it this might be related to missing privilege's for Virtual Machine user login for two reasons. Assigning the users option is grayed out for me before I select any user. So target user that I would like to assign seem to be irrelevant. Also, in our infrastructure we have an old version from 2018 (maintained from PowerShell) that is working perfectly fine, and the same users can login to old VDI machine without any issues just as all necessary permissions were in place.
In great many tutorials that I saw, documentations, and step-by-step instructions people are skipping assigning user step entirely and stop after those "assignments" from Application Development Group - and all seem to be working fine (in you tube tutorials ;) )
Jan 25 2022 11:15 PM
Jan 28 2022 05:47 AM
Thank you for your question, it was a great hint to play around the MFA.
I tried to check the MFA options, I have tested possible configurations that I found on AAD->Users->Per user MFA configuration. Also I checked if there are no Conditional access set up in our environment that could affect it.
Unfortunately - no luck.
After all I think MFA seem to be ok in terms of providing an access. It is allowing me to connect to another host pool (deployed prior to 2018). So probable cause of missing access might be un-related to MFA.
You also asked about the type of deployment - it was "pooled" if I remember correctly. So the VDI is not dedicated to single user - it should be dedicated to whole group.
When it comes to assignment method - I did not change any thing -it should be still set up a default.
Jan 30 2022 04:33 PM - edited Jan 30 2022 04:36 PM
Pooled Desktops cannot be assigned to individual users. They can be logged in and worked in by multiple users at the same time.
Only Personal desktops can be assigned to individual users. User assignment works only in Personal desktops which restricts the personal desktop to the assigned user only.
Hope this helps!