Aug 24 2022 03:41 PM - last edited on Sep 29 2022 02:28 PM by Eva Seydl
Today we’re announcing the Insider preview for enabling an Azure AD-based single sign-on experience and support for passwordless authentication, using Windows Hello and security devices (like FIDO2 keys). With this preview, you can now:
Getting started
This new functionality is currently available in Insider builds of Windows 11 22H2, available in the Azure Gallery when deploying new session hosts in a host pool.
Stay tuned for news about the upcoming public preview which will add support for Windows 10 and current Windows 11 hosts.
Aug 26 2022 06:22 AM
@David Belanger
First of all, This is great. We were awaiting this feature for some time now.
Great to see it coming to light. We of course went right ahead and deployed it to our test pool.
- VM Login AAD only
- Azure Files AAD only
- Intune enabled
- now running 22h2 :)
We had a small issue though, we are allowing the Azure Virtual Desktop application outside of the compliant device policies. However it seems like the exemption we made for the Enterprise application "Azure Virtual Desktop" doesn't include this, the application is called.
Please add this to the FAQ :)
Also I seem to need to give consent my login on the VM.
I cannot find the admin consent button for the Enterprise application.
please provide instructions on this :)
Sep 16 2022 03:55 AM
Sep 16 2022 06:02 AM
@Andrew_Woo I think this SSO feature is only working for Windows atm yeah
Sep 16 2022 09:48 AM
Sep 21 2022 03:27 PM
Sep 21 2022 03:32 PM
Sep 22 2022 07:57 AM
Does this support AADDS joined AVD ? Specifically where users sign in with "email address removed for privacy reasons" and the AVD are joined to AADDS "domain.onmicrosoft.com"?
The key here being joined to AzaureAD Directory Services, with users coming in from AzureAD, no Hybrid, no syncing on on-prem users.
Sep 22 2022 07:58 AM
Sep 22 2022 03:55 PM
Sep 22 2022 03:58 PM
Sep 23 2022 12:59 AM
@David Belanger Hi, I got some feedback on the feature regarding the SSO feature for Azure AD joined devices.
How SSO to on-premises resources works on Azure AD joined devices - Microsoft Entra | Microsoft Lear...
Since the authentication protocol has changed. We do not receive a Kerberos ticket from the onPrem DCs anymore. breaking some fileservers and other resources that are needed for the end users.
Are you guys aware of this change? and is it going to be a supported scenario when this will go into GA?
Sep 23 2022 04:16 PM
@dikkekip20 Was the Kerberos Server Object created to provide access to on-prem resources?
Configure single sign-on for Azure Virtual Desktop - Azure | Microsoft Learn
David
Nov 24 2022 05:21 AM
Dec 13 2022 10:40 AM
Dec 15 2022 09:08 AM
@Roger1175 I am seeing your issue but only on VM's that we have failed over as part of D/R testing.
I put a comment in as well to David B asking if there is a missing config to address the D/R AVD once a failover has been triggered for AVD have not see a response yet.
Jan 27 2023 08:32 AM - edited Jan 30 2023 02:46 AM
Regarding reply from: @dikkekip20 Any updates regarding consent login on the VM? We are getting the same prompt which is new.
Can we give admin consent to this client_id=a85cf173-4192-42f8-81fa-777a763e6e2c so that users won't be bothered with this?
We already consented server & client app with Welcome Admin - RDWeb (microsoft.com)
Feb 12 2023 11:57 PM
May 23 2023 07:22 PM
May 23 2023 11:44 PM