cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HOW TO: Hiding the consent prompt for Single Sign-On

David Belanger
Microsoft

‎Nov 03 2023 10:46 AM - edited ‎Nov 03 2023 11:00 AM

‎Nov 03 2023 10:46 AM - edited ‎Nov 03 2023 11:00 AM

HOW TO: Hiding the consent prompt for Single Sign-On

We've been working on the ability to hide the dialog shown to users on first connection to a new session host when Single Sign-On is enabled to allow the remote desktop connection. The steps have now been published. To get started, review the new steps to configure Single Sign-On on your Azure Virtual Desktop Host Pool:
Configure single sign-on for Azure Virtual Desktop using Microsoft Entra authentication - Azure | Mi...

 

 

1,775 Views
4 Likes
13 Replies
Reply
13 Replies
gkolk001

‎Nov 10 2023 12:20 AM

‎Nov 10 2023 12:20 AM

Re: HOW TO: Hiding the consent prompt for Single Sign-On

Thanks David I am going to test the Configure the target device groups as soon as possible
0 Likes
Reply
Andrew Allston

‎Nov 14 2023 06:34 AM

‎Nov 14 2023 06:34 AM

Re: HOW TO: Hiding the consent prompt for Single Sign-On

This is great news, but the instructions, not so much. We could benefit from some more detail.
0 Likes
Reply
David Belanger

‎Nov 14 2023 01:05 PM

‎Nov 14 2023 01:05 PM

Re: HOW TO: Hiding the consent prompt for Single Sign-On

Thank you for the feedback @Andrew Allston. I plan to add a sample step-by-step instruction using Graph Explorer for those less familiar with using Microsoft Graph. Hoping to have it live the week after Thanksgiving at the latest.
1 Like
Reply
Andrew Allston

‎Nov 14 2023 01:06 PM

‎Nov 14 2023 01:06 PM

Re: HOW TO: Hiding the consent prompt for Single Sign-On

Thank you! Much appreciated! Have a happy Thanksgiving! 🦃
1 Like
Reply
gkolk001

‎Nov 14 2023 10:17 PM

‎Nov 14 2023 10:17 PM

Re: HOW TO: Hiding the consent prompt for Single Sign-On

Thanks, that is really nice
1 Like
Reply
Andrew Allston

‎Nov 16 2023 10:29 AM

‎Nov 16 2023 10:29 AM

Re: HOW TO: Hiding the consent prompt for Single Sign-On

@Andrew Allston for anyone else a bit confused and wants to try before the detailed instructions are posted. The available links seem to suggest you need to create these attributes/objects. But you are modifying the SPNs for the two applications listed in the docs. This means PATCH should be used and not POST which is the method which is linked to.

0 Likes
Reply
Sandeep Deo

‎Nov 16 2023 05:48 PM - edited ‎Nov 30 2023 05:37 PM

‎Nov 16 2023 05:48 PM - edited ‎Nov 30 2023 05:37 PM

Re: HOW TO: Hiding the consent prompt for Single Sign-On

@Andrew Allston You are right. To create a remoteDesktopSecurityConfiguration object on a supported Service Principal (RDP resource) you have to use PATCH and set the isRemotedDesktopProtocolEnabled property. Once you have created the RDSC object you have to create targetDeviceGroup object and you can do that by using POST. If you need to add more device groups to the targetDeviceGroup object you can do so one at a time by again doing a POST call. The only time you will use PATCH call on targetDeviceGroup is if you need to update display name for the group. Hope this helps. I will updating the docs shortly to reflect this change from POST to PATCH when creating RDSC object.

1 Like
Reply
Florian_Paternostre

‎Nov 30 2023 04:57 AM - edited ‎Nov 30 2023 04:58 AM

‎Nov 30 2023 04:57 AM - edited ‎Nov 30 2023 04:58 AM

Re: HOW TO: Hiding the consent prompt for Single Sign-On

Hi @David Belanger ,
Could you please do this step-by-step instruction ? I'm not familiar with MS Graph. I spent some time to figure out how to make this work without success... Thanks in advance it will be much appreciated !

0 Likes
Reply
Sandeep Deo

‎Nov 30 2023 05:34 PM

‎Nov 30 2023 05:34 PM

Re: HOW TO: Hiding the consent prompt for Single Sign-On

@Florian_Paternostre see if this article provides you the required information - Use the Microsoft Graph API - Microsoft Graph | Microsoft Learn

0 Likes
Reply
Florian_Paternostre

‎Nov 30 2023 11:41 PM

‎Nov 30 2023 11:41 PM

Re: HOW TO: Hiding the consent prompt for Single Sign-On

@Sandeep Deo Thanks for the article. 
I tried to do it with Graph Explorer without success. 
I verified and assigned all required permissions (my account is global admin and I have consent all required permissions to Graph Explorer).
When doing the POST request to create the setting, I get the following error : 

Florian_Paternostre_0-1701416295124.pngFlorian_Paternostre_1-1701416309250.pngFlorian_Paternostre_2-1701416363685.png

Do I use the correct servicePrincipals ? 

I tried the following IDs :
  • Microsoft Remote Desktop (App ID a4a365df-50f1-4397-bc59-1a1564b8bb9c).
  • Windows Cloud Login (App ID 270efc09-cd0d-444b-a71f-39af4910ec45)
0 Likes
Reply
Andrew Allston

‎Dec 01 2023 04:11 AM

‎Dec 01 2023 04:11 AM

Re: HOW TO: Hiding the consent prompt for Single Sign-On

You need to look up those apps in your Directory and grab the object ID (SPN) for those app IDs and use those and NOT the app IDs themselves.

And since these exist already you need to use PATCH not POST to update the record. You will need to use POST for the next step when creating the group.

And remember you can always test with GET.
2 Likes
Reply
Florian_Paternostre

‎Dec 01 2023 05:45 AM

‎Dec 01 2023 05:45 AM

Re: HOW TO: Hiding the consent prompt for Single Sign-On

Thanks a lot @Andrew Allston, This is exactly the information I needed. 
I was able to configure it :)

0 Likes
Reply
David Belanger

‎Dec 07 2023 03:37 PM

‎Dec 07 2023 03:37 PM

Re: HOW TO: Hiding the consent prompt for Single Sign-On

@Florian_Paternostre / @Andrew Allston / @gkolk001 Thank you for the feedback. I've finished updating the public documentation with additional information, hopefully it's a bit clearer now:
Configure single sign-on for Azure Virtual Desktop using Microsoft Entra ID authentication | Microso...

 

Feel free to provide additional feedback.

0 Likes
Reply