How to allow External users to connect to Azure Virtual Desktop?

Brass Contributor

I'm trying to get external users to connect to my Azure Virtual Desktop instance, but nothing seems to work?


I've "Enrolled" my subscription in "Per-user access pricing" as specified here, invited/assigned the external user to an application group, and even made the external user a Global Administrator and I'm still not able to see any resources?


I'm testing this with an Azure Dev/Test subscription, which has an "Azure AD Free" license, before doing anything in our primary tenant ("Azure AD Premium P1"). Does this matter?

6 Replies
Are you trying to use external identities? That's documented as unsupported.

it's also mentioned on the page you link to.
I'm not sure? We have random companies trying to sell us things, but they need access to our environment and instead of creating them temporary accounts (i.e. email address removed for privacy reasons), we were hoping we could just add them in AAD via "Invite external user". Is that not an external user?
That is an external identity (B2B) and thus won't work.

Yes, the terminology is confusing.
What is an "external user" then in the AVD supported sense?
best response confirmed by Alex Kwitny (Brass Contributor)
A user in an organization that is not in your organization. It's a legal/licensing distinction, not a technical one.

"External users aren't members of your organization, such as customers of a business." (

From a technical viewpoint, you'd use users local to an Azure AD tenant you control (the docs say best practice is a tenant per external company but nobody does that). You'd put the AVD environment in that tenant. But the users are all local to that tenant, not in their own tenants.

see also
Ah, I see now. That's unfortunate because it would have been a nice/easy solution to temporary accounts.