Conditional Access per HostPool or RDP properties conditional on clients
Good day all, I am struggling with the RDP properties of our different host pools. Corporate policy states that nothing should be able to be redirected from the local device. Which is fine and for the Full Desktop publishing we have configured this so on the host pool in RDP properties. However, now we have a separate host pool for a remote app. This remote I would only like to be able to connect to from the desktop host pool (nested) and not from the local device. As this is a Remote App the users need to interact with this application with the clipboard. So I want to know if there is a method, and if not, request a feature to make this possible. With kind regards,
Windows Virtual Desktop Sign-in prompt
Hello all, We are getting ready to deploy Windows Virtual Desktops into our prod environment, but I have a few concerns with the authentication process. As of now I have a conditional access policy that will require a user to use MFA when subscribing to our host pool using the Remote Desktop client app. This is great, but the sign in prompts one time, then seems to cache the auth token. I am looking for a way to prompt for sign-in every time, or require the sign in to be available on a certain IP via conditional access. We are a hybrid AD configuration with well established policies to protect our resources requiring all external access to have MFA requirement. This bypasses this requirement. This seems like a potential issue if someone were gain access to a computer and just click right through into the hosted app that is readily available in the RD app. Is there something I might be missing to set this as an option that requires a user to auth every time? Thanks! -SammyF
How can I configure conditional access every time in a client app?
Hello. Even if close the client app, Azure AD credential will remain. Therefore, Azure AD authentication will not occur unless explicitly sign out of the client app. With this specification, conditional access will not useful in most scenarios. Are there any updates planned that accordingly require Azure AD authentication? I also found that I can reset Azure AD authentication by deleting the following registry value: === Registry Key : HKEY_CURRENT_USER\Software\Microsoft\RdClientRadc\https://mrs-prod.ame.gbl/mrs-RDInfra-prod Name : WebAccountIdStore === I will try to avoid this by scheduling a task to reset this value accordingly. What do you think about this? Is there another good way?
