Forum Discussion
Guidance on using WVD with MFA user accounts and Azure AD DS?
That is my understanding yes, as per the Microsoft document I sent. If ADDS was set up recently then there is a high possibility that a high proportion of users have not changed there password.
You can test this by dumping out user accounts and last password change to see if you get any sort of correlation.
The sync report may be working but in order for a user to sign into any service that uses AADDS the password hash has to be synced. For that to occur they need to change their password on Azure AD. If that's definitely been done then its not that.
Do you have any condition access policies with MFA?
>> For that to occur they need to change their password on Azure AD
Are you saying that after AADDS is set up all users have to reset their password so a hash gets generated and synced? Again, my non-MFA accounts haven't had a password change and they can login fine.
That is my understanding yes, as per the Microsoft document I sent. If ADDS was set up recently then there is a high possibility that a high proportion of users have not changed there password.
You can test this by dumping out user accounts and last password change to see if you get any sort of correlation.
Well done. The AADDS password hash creation appears to certainly have been the issue. I have an MFA user working now on a stand alone machine. Still some SSO challenges inside the WVD desktop to solve but I'll work those out.
Really appreciate the assist. I wrote up a blog article for others giving you credit as well.
https://blog.ciaops.com/2020/01/17/azure-ad-domain-services-cloud-only-user-passwords/
Thanks again!