How to allow External users to connect to Azure Virtual Desktop?

Alex Kwitny · ‎Mar 08 2023

I'm trying to get external users to connect to my Azure Virtual Desktop instance, but nothing seems to work?

I've "Enrolled" my subscription in "Per-user access pricing" as specified here, invited/assigned the external user to an application group, and even made the external user a Global Administrator and I'm still not able to see any resources?

I'm testing this with an Azure Dev/Test subscription, which has an "Azure AD Free" license, before doing anything in our primary tenant ("Azure AD Premium P1"). Does this matter?

GoGoGadgetCommunity · ‎Mar 08 2023

Are you trying to use external identities? That's documented as unsupported.

https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/identities

it's also mentioned on the page you link to.

Alex Kwitny · ‎Mar 08 2023

I'm not sure? We have random companies trying to sell us things, but they need access to our environment and instead of creating them temporary accounts (i.e. email address removed for privacy reasons), we were hoping we could just add them in AAD via "Invite external user". Is that not an external user?

GoGoGadgetCommunity · ‎Mar 08 2023

That is an external identity (B2B) and thus won't work.

Yes, the terminology is confusing.

Alex Kwitny · ‎Mar 08 2023

What is an "external user" then in the AVD supported sense?

Alex Kwitny · ‎Mar 08 2023

A user in an organization that is not in your organization. It's a legal/licensing distinction, not a technical one.

"External users aren't members of your organization, such as customers of a business." (https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/licensing)

From a technical viewpoint, you'd use users local to an Azure AD tenant you control (the docs say best practice is a tenant per external company but nobody does that). You'd put the AVD environment in that tenant. But the users are all local to that tenant, not in their own tenants.

see also https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/identities

Alex Kwitny · ‎Mar 08 2023

Ah, I see now. That's unfortunate because it would have been a nice/easy solution to temporary accounts.

Alex Kwitny · ‎Mar 08 2023

A user in an organization that is not in your organization. It's a legal/licensing distinction, not a technical one.

"External users aren't members of your organization, such as customers of a business." (https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/licensing)

From a technical viewpoint, you'd use users local to an Azure AD tenant you control (the docs say best practice is a tenant per external company but nobody does that). You'd put the AVD environment in that tenant. But the users are all local to that tenant, not in their own tenants.

see also https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/identities

View solution in original post

How to allow External users to connect to Azure Virtual Desktop?

How to allow External users to connect to Azure Virtual Desktop?

Re: How to allow External users to connect to Azure Virtual Desktop?

Re: How to allow External users to connect to Azure Virtual Desktop?

Re: How to allow External users to connect to Azure Virtual Desktop?

Re: How to allow External users to connect to Azure Virtual Desktop?

Re: How to allow External users to connect to Azure Virtual Desktop?

Re: How to allow External users to connect to Azure Virtual Desktop?

Re: How to allow External users to connect to Azure Virtual Desktop?

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

How to allow External users to connect to Azure Virtual Desktop?