Windows Hello support available with our Remote Desktop client for Windows!

%3CLINGO-SUB%20id%3D%22lingo-sub-501196%22%20slang%3D%22en-US%22%3EWindows%20Hello%20support%20available%20with%20our%20Remote%20Desktop%20client%20for%20Windows!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-501196%22%20slang%3D%22en-US%22%3E%3CP%3EWindows%20Hello%20authentication%20to%20the%20session%20host%20(including%20Smartcard%20and%20PIN)%20is%20now%20supported.%20This%20feature%20requires%20that%20the%20user%E2%80%99s%20device%20has%20line%20of%20sight%20to%20the%20Domain%20Controller%20that%20can%20validate%20the%20credentials%2C%20for%20example%20from%20the%20corporate%20network%20or%20connected%20over%20VPN.%20When%20connecting%20from%20an%20external%20network%2C%20users%20still%20need%20to%20use%20their%20username%20and%20password.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EUpdate%20to%20the%20latest%20version%20of%20our%20app%20today!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHaven't%20used%20our%20client%20yet%3F%20Follow%20this%20link%20for%20more%20information%3A%3C%2FP%3E%0A%3CP%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-desktop%2Fconnect-windows-7-and-10%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-desktop%2Fconnect-windows-7-and-10%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-775097%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20support%20available%20with%20our%20Remote%20Desktop%20client%20for%20Windows!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-775097%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F139744%22%20target%3D%22_blank%22%3E%40Eva%20Seydl%3C%2FA%3E%26nbsp%3BHello%2C%20are%20there%20plans%20to%20get%20windows%20virtual%20desktop%20to%20work%20without%20a%20password%3F%26nbsp%3B%20We're%20trying%20to%20test%20going%20passwordless%20in%20Azure%20(no%20password%20hash%20sync%2C%20using%20fido2%20keys%2C%20adfs%2C%20ect).%26nbsp%3B%20Right%20now%20windows%20virtual%20desktop%20seems%20to%20behave%20like%20a%20legacy%20domain%20device%20and%20we%20can't%20seem%20to%20both%20test%20the%20virtual%20desktop%20preview%20at%20the%20same%20time%20as%20going%20passwordless.%26nbsp%3B%20I%20feel%20it'd%20be%20great%20if%20these%20windows%2010%20virtual%20desktops%20were%20to%20be%20connected%20directly%20to%20Azure%20AD%20for%20native%20Azure%20AD%20authentication%20over%20setting%20up%20Azure%20AD%20Domain%20Services%20for%20a%20legacy%20style%20domain%20environment.%3CBR%20%2F%3E%3CBR%20%2F%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-775322%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20support%20available%20with%20our%20Remote%20Desktop%20client%20for%20Windows!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-775322%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F229210%22%20target%3D%22_blank%22%3E%40Mike%20McConnell%3C%2FA%3E%26nbsp%3B%3A%20We%20definitely%20want%20to%20support%20both%20Azure%20AD%20Join%20and%20Passwordless%20going%20forward%20to%20align%20on%20those%20initiatives.%20These%20may%20end%20up%20being%20separate%20features%2C%20or%20may%20end%20up%20being%20intrinsically%20tied.%20However%2C%20this%20is%20not%20something%20we%20are%20planning%20for%20GA%2C%20as%20there%20are%20a%20bunch%20of%20moving%20parts%20we%20are%20investigating%20to%20handle%20this.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHowever%2C%20feel%20free%20to%20upvote%20or%20make%20these%20suggestions%20on%20our%20%3CA%20href%3D%22https%3A%2F%2Fwindowsvirtualdesktop.uservoice.com%2Fforums%2F921118-general%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EUserVoice%20forum%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-918657%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20support%20available%20with%20our%20Remote%20Desktop%20client%20for%20Windows!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-918657%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F139744%22%20target%3D%22_blank%22%3E%40Eva%20Seydl%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EWhen%20will%20support%20for%20Windows%20Hello%20key%20trust%20model%20be%20available%3F%3CBR%20%2F%3EWe%20are%20all%20moving%20towards%20a%20modern%20desktop%20approach%20with%20Azure%20AD%20and%20Intune.%3CBR%20%2F%3ESo%20It%E2%80%99s%20a%20real%20showstopper%2C%20if%20we%20still%20need%20legacy%20ADFS%20to%20use%20PIN%2FFingerprint%20for%20this%20new%20great%20WVD%20service.%3CBR%20%2F%3E%3CBR%20%2F%3E%2FJesper%20Ravn%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-918822%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20support%20available%20with%20our%20Remote%20Desktop%20client%20for%20Windows!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-918822%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F127318%22%20target%3D%22_blank%22%3E%40Jesper%20Ravn%3C%2FA%3E%26nbsp%3B%3A%20We%20do%20not%20have%20dates%20yet%20for%20RDP%20to%20support%20the%20Key%20Trust%20Model%20for%20Windows%20Hello.%20As%20mentioned%2C%20we're%20working%20on%20supporting%20Azure%20AD%20Join%20and%20some%20of%20that%20work%20likely%20will%20make%20its%20way%20into%20RDP.%20However%2C%20can%20you%20file%20an%20item%20on%20our%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fwvdfbk%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EUserVoice%3C%2FA%3E%20so%20we%20can%20specifically%20track%20this%20request%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1549351%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20support%20available%20with%20our%20Remote%20Desktop%20client%20for%20Windows!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1549351%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%20can%20I%20able%20to%20use%20latest%20WVD%20image%20for%20pass%20wordless%20login%20like%20using%20FIDO%20device%2C%20PIN%20and%20smart%20card%20%3F.%20Or%20RDP%20for%20windows%20will%20support%20WVD%202004%20build%20%3F%26nbsp%3B%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F139744%22%20target%3D%22_blank%22%3E%40Eva%20Seydl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1674595%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20support%20available%20with%20our%20Remote%20Desktop%20client%20for%20Windows!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1674595%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F741911%22%20target%3D%22_blank%22%3E%40Deepu_k%3C%2FA%3E%26nbsp%3BWVD%20does%20support%20PIN%20and%20smartcards%20today%20for%20the%20Windows%20client%20as%20long%20as%20the%20user's%20device%20has%20line%20of%20sight%20to%20the%20domain%20controller%2C%20so%20on%20the%20local%20network%20or%20using%20VPN.%20Need%20to%20check%20on%20FIDO%20support.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1704965%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20support%20available%20with%20our%20Remote%20Desktop%20client%20for%20Windows!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1704965%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F139744%22%20target%3D%22_blank%22%3E%40Eva%20Seydl%3C%2FA%3E%26nbsp%3B%2C%20I'm%20getting%20below%20error%20if%20we%20use%20PIN%20(Windows%20Hello%20enabled%20on%20workstation)%20%26amp%3B%20I%20assume%2C%20this%20is%20because%20I'm%20not%20on%20VPN%20to%20access%20domain%20controller%20from%20workstation%20to%20validate%20the%20credentials%3F%20Or%20Do%20I%20need%20to%20configure%20anything%20on%20WVD%2FAzure%20AD%2FWindows%20hello%3F%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Udayabhanu2020_0-1600891383972.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F221600iDB6FD0C7DBF1FF80%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22Udayabhanu2020_0-1600891383972.png%22%20alt%3D%22Udayabhanu2020_0-1600891383972.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1705684%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20support%20available%20with%20our%20Remote%20Desktop%20client%20for%20Windows!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1705684%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F617562%22%20target%3D%22_blank%22%3E%40Udayabhanu2020%3C%2FA%3E%26nbsp%3BIf%20you%20don't%20have%20line%20of%20sight%20to%20the%20domain%20controller%20it%20would%20be%20a%20different%20error%20that%20would%20indicate%20something%20along%20those%20lines.%20This%20error%20seems%20to%20indicate%20a%20problem%20with%20one%20of%20the%20certificate.%20You%20could%20see%20what%20that%20certificate%20is%20and%20replace%20it%20with%20one%20that%20is%20trusted.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1705996%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20support%20available%20with%20our%20Remote%20Desktop%20client%20for%20Windows!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1705996%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F217952%22%20target%3D%22_blank%22%3E%40David%20Belanger%3C%2FA%3E%26nbsp%3B%2C%20certificate%20issuer%20is%20WVD%20session%20host.%20This%20works%20if%20I%20use%20domain%20credentials.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Microsoft

Windows Hello authentication to the session host (including Smartcard and PIN) is now supported. This feature requires that the user’s device has line of sight to the Domain Controller that can validate the credentials, for example from the corporate network or connected over VPN. When connecting from an external network, users still need to use their username and password.

 

Update to the latest version of our app today!

 

Haven't used our client yet? Follow this link for more information:

https://docs.microsoft.com/en-us/azure/virtual-desktop/connect-windows-7-and-10

 

9 Replies
Highlighted

@Eva Seydl Hello, are there plans to get windows virtual desktop to work without a password?  We're trying to test going passwordless in Azure (no password hash sync, using fido2 keys, adfs, ect).  Right now windows virtual desktop seems to behave like a legacy domain device and we can't seem to both test the virtual desktop preview at the same time as going passwordless.  I feel it'd be great if these windows 10 virtual desktops were to be connected directly to Azure AD for native Azure AD authentication over setting up Azure AD Domain Services for a legacy style domain environment.

Thanks!

Highlighted

@Mike McConnell : We definitely want to support both Azure AD Join and Passwordless going forward to align on those initiatives. These may end up being separate features, or may end up being intrinsically tied. However, this is not something we are planning for GA, as there are a bunch of moving parts we are investigating to handle this.

 

However, feel free to upvote or make these suggestions on our UserVoice forum.

 

Thanks!

Highlighted

@Eva Seydl 
When will support for Windows Hello key trust model be available?
We are all moving towards a modern desktop approach with Azure AD and Intune.
So It’s a real showstopper, if we still need legacy ADFS to use PIN/Fingerprint for this new great WVD service.

/Jesper Ravn

Highlighted

@Jesper Ravn : We do not have dates yet for RDP to support the Key Trust Model for Windows Hello. As mentioned, we're working on supporting Azure AD Join and some of that work likely will make its way into RDP. However, can you file an item on our UserVoice so we can specifically track this request?

Highlighted

Hello, can I able to use latest WVD image for pass wordless login like using FIDO device, PIN and smart card ?. Or RDP for windows will support WVD 2004 build ?  @Eva Seydl 

Highlighted

@Deepu_k WVD does support PIN and smartcards today for the Windows client as long as the user's device has line of sight to the domain controller, so on the local network or using VPN. Need to check on FIDO support.

Highlighted

@Eva Seydl , I'm getting below error if we use PIN (Windows Hello enabled on workstation) & I assume, this is because I'm not on VPN to access domain controller from workstation to validate the credentials? Or Do I need to configure anything on WVD/Azure AD/Windows hello?

Udayabhanu2020_0-1600891383972.png

 

Highlighted

@Udayabhanu2020 If you don't have line of sight to the domain controller it would be a different error that would indicate something along those lines. This error seems to indicate a problem with one of the certificate. You could see what that certificate is and replace it with one that is trusted.

Highlighted

Hi @David Belanger , certificate issuer is WVD session host. This works if I use domain credentials.