Conditional Access per Hostpool under the same AD tenant

%3CLINGO-SUB%20id%3D%22lingo-sub-2945889%22%20slang%3D%22en-US%22%3EConditional%20Access%20per%20Hostpool%20under%20the%20same%20AD%20tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2945889%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20would%20like%20to%20create%20a%20AVD%20farm%20that%20consists%20of%20a%20number%20of%20hostpools%20for%20different%20user%20access%20(e.g.%2C%20internal%20users%2C%20partners%2C%20and%20etc...)%20within%20the%20company%20or%20for%20partners.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20instance%2C%20we%20can%20apply%20IP-whitelisting%20for%20a%20hostpool%20that%20only%20allows%20internal%20users%20to%20access%20from%20their%20office%20network%3F%26nbsp%3B%20And%2C%20setup%20another%20hostpool%20for%20partners%20that%20can%20be%20accessed%20from%20internet.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrently%2C%20we%20can%20only%20apply%20the%20conditional%20access%20as%20a%20global%20policy%20for%20%22Azure%20Virtual%20Desktop%22.%26nbsp%3B%20May%20I%20know%20whether%20and%20when%20Azure%20Virtual%20Desktop%20and%20Remote%20App%20will%20include%20the%20%22per%20hostpool%22%20policy%20as%20part%20of%20the%20features.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2946753%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20per%20Hostpool%20under%20the%20same%20AD%20tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2946753%22%20slang%3D%22en-US%22%3EHey%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1213513%22%20target%3D%22_blank%22%3E%40yywong%3C%2FA%3E%2C%3CBR%20%2F%3EWhy%20not%20put%20the%20conditional%20access%20policy%20on%20security%20group%3F%20Like%20this%20you%20can%20put%20other%20policies%20on%20the%20external%20users.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2946863%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20per%20Hostpool%20under%20the%20same%20AD%20tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2946863%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F211527%22%20target%3D%22_blank%22%3E%40Johan%20Vanneuville%3C%2FA%3E%2C%20thanks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20mean%20to%20use%20different%20NSG%20for%20different%20Hostpool%3F%26nbsp%3B%20Is%20it%20possible%20as%20the%20Hostpool%20in%20that%20NSG%20are%20internal%20IP-address%3F%26nbsp%3B%20Should%20it%20be%20the%20Azure%20Virtual%20Host%20gateway%20controlling%20the%20access.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

We would like to create a AVD farm that consists of a number of hostpools for different user access (e.g., internal users, partners, and etc...) within the company or for partners.

 

For instance, we can apply IP-whitelisting for a hostpool that only allows internal users to access from their office network?  And, setup another hostpool for partners that can be accessed from internet.

 

Currently, we can only apply the conditional access as a global policy for "Azure Virtual Desktop".  May I know whether and when Azure Virtual Desktop and Remote App will include the "per hostpool" policy as part of the features.

 

Thanks.

2 Replies
Hey @yywong,
Why not put the conditional access policy on security group? Like this you can put other policies on the external users.

@Johan Vanneuville, thanks.

 

Do you mean to use different NSG for different Hostpool?  Is it possible as the Hostpool in that NSG are internal IP-address?  Should it be the Azure Virtual Host gateway controlling the access.

 

Thanks.