Using ADFS to restrict endpoint access to WVD Environment

%3CLINGO-SUB%20id%3D%22lingo-sub-1444148%22%20slang%3D%22en-US%22%3EUsing%20ADFS%20to%20restrict%20endpoint%20access%20to%20WVD%20Environment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1444148%22%20slang%3D%22en-US%22%3E%3CP%3EApologies%20if%20this%20was%20brought%20up%20somewhere%20else%20but%20I%20haven't%20found%20anything%20on%20this%20specific%20subject.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20undergoing%20PCI%20certification%20in%20our%20Azure%20WVD%20environment.%26nbsp%3B%20We%20are%20currently%20using%20a%20physical%20USB%20device%20for%20endpoint%20management%20and%20want%20to%20use%20an%20Access%20Control%20Policy%20in%20ADFS%20to%20limit%20access%20from%20unauthorized%20endpoints.%26nbsp%3B%20However%2C%20we%20still%20want%20to%20allow%20access%20to%20Office%20365%20and%20other%20Azure%20resources%20from%20a%20broader%20spectrum%20of%20devices.%26nbsp%3B%26nbsp%3BRight%20now%2C%20we%20have%20a%20single%20Relying%20Party%20Trust%20covering%20all%20ADFS%20authentication%20through%20Microsoft.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20to%20create%20a%20separate%20RPT%20to%20cover%20just%20WVD%20so%20we%20can%20apply%20a%20corresponding%20ACP%20to%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20want%20to%20stop%20short%20of%20full%20on%20device%20registration%20at%20this%20time%2C%20though%20that%20may%20be%20the%20best%20overall%20choice.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAppreciate%20any%20ideas%20to%20get%20us%20in%20the%20right%20direction!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

Apologies if this was brought up somewhere else but I haven't found anything on this specific subject.

 

We are undergoing PCI certification in our Azure WVD environment.  We are currently using a physical USB device for endpoint management and want to use an Access Control Policy in ADFS to limit access from unauthorized endpoints.  However, we still want to allow access to Office 365 and other Azure resources from a broader spectrum of devices.  Right now, we have a single Relying Party Trust covering all ADFS authentication through Microsoft.

 

Is there a way to create a separate RPT to cover just WVD so we can apply a corresponding ACP to?

 

We want to stop short of full on device registration at this time, though that may be the best overall choice.

 

Appreciate any ideas to get us in the right direction!