Configuring the subscription in Remote Desktop Client automatically

Brass Contributor

Hi there

Is there currently any way of automating the subscription config in Remote Desktop, so that our users don't have to?

 

We want to silently install the client on the users device, automatically set up the subscription against WVD without requiring any user intervention, so when the users click an application, with SSO, they will automagically be able to start the application on WVD.

 

With the native "remoteapp and desktop connections" we were able to configure this with GPO, so users wouldn't have to input anything, but as I understand, this is not supported with WVD. (Even though it still works at the moment)

 

Anyone with experience around this? Or know about any roadmap plans?

29 Replies
Thank you for sharing your requirement Ola! I will take your feedback to the product team for consideration. If possible, can you please share how many client devices/users are you setting up for WVD?
Thank you!
We have approx 19.000 users in our organization, which we would like to automate the process of connecting to WVD.

@Soo Kuan Teo 

 

Hi Soo Kuan, do you have any update on this one? We have multiple projects where WVD will be used for environments between 250 and 1000. 

 

Thank you in advance!

Hi All,

 

On the other hand we have a similar, but opposite problem.

We would like to centrally remove the WVD Client subscription as some users inevitably will leave configured clients around potentially with saved credentials.

 

Additionally, is there a way to force Multi Factor Authentication *each time* a user logs into WVD?

It seems that due to financial sector auditors request we need to verify each and every WVD desktop login with more than one credential factor. At the moment the security side of WVD is a concern as once the user subscribed (and potentially saved credentials) anyone can click an unattended client device and be logged on WVD without further challenge... handy but scary.

 

Thank you very Much

Nicola

 

Hi @nicoladv I know this is not exactly what you are asking but I would recommend checking out the solutions of our wvd partner DeviceTrust (devicetrust.com/wvd) : they add a lot of value to WVD in terms of contextual security.  

@Ola Holtberget 

 

Hey Ola,

I actually have the exact same need. We have been implementing a WVD solution, and I have been tasked with configuring Azure Intune Autopilot to deploy in such a way that all our helpdesk will have to do is give the user a laptop and the setup should be completely automated. The Windows Virtual Desktop app works great, but I can't find any way to automate the subscription process. Theoretically this should be do-able in Intune, but I'm unable to find any settings to govern it.

@JimCopeland63 Thanks for the feedback Jim. We've been looking at different ways to improve the initial subscription flow, at least for cases where the user's AAD token is already available for us to use (ex: AADJ or workplace joined devices).

 

One option is similar to RDS, where we'd add a policy/regkey like AutoSubscribeURL that when present would try to automatically subscribe the user using their existing AAD token. This workspace would not be removable by the user, contrary to manually added ones.

 

Thoughts on this?

@David Belanger 
It sounds like that would solve our immediate problem for sure.
Together with the Remote Desktop client itself starting in the background, and SSO, the users startmenu would populate automatically with assigned applications from WVD, without the users even having to see the client!

@David Belanger 

 

Could you tell us where this policy \ reg key is located?

@Soo Kuan Teo I have this requirement too.  I'm working with multiple UK public sector clients.  The two I'm working with right now are 50K users and 140K users.

I also have kind of that opposite need that I want the Remote Desktop client to UNSUBSCRIBE ever time it is closed so that MFA is actually forced each time a user logs in.  Any other way to force MFA ever time a user logs in to their Wvd?

@David Belanger 

That's an interesting idea, which regkey would need to be configured?

@Jeff Gustafson 

 

Maybe you can configure the Sign-in frequency for this and set it to 1 hour.

@David Belanger on the same boat, could you share that GPO\key that can help us with that?

@David Belanger any development on this?

 

Cheers

M.

@David Belanger  Please do this. We have shared thin clients that we want to keep subscribed.

@David Belangerany news for the automation of the subscription config in the "Windows Desktop Client"?

Or has anyone found a workaround for this task?

 

Thanks a lot!

@David Belanger Is there an update on this regkey solution or another solution to automatically subscribe users? Thank you

@dhavalg Anything you can share on this topic?