Single-Sign On
After troubleshooting an issue for a customer, we determined that the prerequisites for enabling SSO at the AVD host pool level is not strictly enforced when a user goes to execute the SSO workflow from MSRDC or the Windows App. Meaning, that if an administrator does not enable the -IsRemoteDesktopEnabled flag on the Service Principals "Microsoft Remote Desktop" and "Windows Cloud Login" respectively. Setup: Deploy Entra ID Joined session hosts to a host pool and enable the "Microsoft Entra single sign-on" RDP property to "Connections will use Microsoft Entra authentication to provide single sign-on" or update the RDP connection string with 'enablerdsaadauth:i:1'. Result: User will not receive the 'Windows Security' dialog box to access the session host with their Entra ID credentials. Caveat: Be aware that to sign in with Entra ID credentials, minimally, the host pool RDP settings must contain 'targetisaddjoined:i:1'. Microsoft states this is going away and blending into 'enablerdsaadauth:i:1', which also enables SSO. It seems a bit odd of a move in my opinion and having two separate RDP properties makes sense if a company does not want SSO. But it is in alignment with Microsoft's push for passwordless authentication. For the Microsoft AVD team, why does this behavior exist and is it on the roadmap to be fixed if it's a known gap?Azure AD Sync Error 0xcaa10001 in access work or school settings
Hi everyone I have a problem with my AAD connection on my BYOD. Has anyone seen this error code and managed it to solve? It is an annoying error. Around 3-4 times a day I also get a toast notification that prompts me to fix the accounts I'm using on my device. Have a look on the attachments. I have an Education and a Work Account and most times it works all but I want to solve this issue, so that the notification disappears. My BYOD is AADR, and I signed in first with my Work account so the policies from my work applies on the device. I can also make an RDP Connection to my AADJ Desktop at my work, so I think the registration process worked fine on my BYOD. Also in the Apps that are using one or both of my business accounts I exprience no problems. I can't find any related discussions or docs to this error. Btw I'm a Global Admin at my work so if anyone has a solution which requires admin privileges, I got it. Thanks for every reply ❤️
