cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows Desktop (AVD & Windows365) Client on Thin Client

jherber
Copper Contributor

‎Jan 10 2023 04:26 AM

‎Jan 10 2023 04:26 AM

Windows Desktop (AVD & Windows365) Client on Thin Client

Hi all,

 

Currently i'm struggeling with the an issue regarding the new Windows Remote Desktop Client for AVD & W365. We are using thin clients with an persistant desktop which are used by part time users.

 

When subscribing trough the client the user credentials are logged locally, there are only removed then the Thin Client's are rebooted (write protection).

 

The case is that when Person A leaves a Thin Client and closes the connection, and Person B want to start a session with there own AAD Account (in the AVD Client, TC had 1 logged on user) it doesn't require signing in again or mfa. So potentially Person B could just log on to the session of Person A without any interference.. 

 

For now, I created an CA-Policy to use Session Control for the Azure Virtual Desktop Application trough MCAS (Defender for Cloudapps) in combination with an Activity Policy linked to this Specific application with an governance action for all apps and office365 for: Require user to sign in again.

 

All with not the expected result.. How can we accomplish that a user is prompted to sign in again everytime they want to open a session or to remove current subscription when closing a current session.

 

Could someone please be our helper in need? :)

 

Geetz Jordy

3,252 Views
0 Likes
3 Replies
Reply
3 Replies
Henrik82

‎Jan 10 2023 06:02 AM

‎Jan 10 2023 06:02 AM

Re: Windows Desktop (AVD & Windows365) Client on Thin Client

Sounds like the user session is still running after they log off the Thin client? Are the user session in fact logged off? Or maybe it is just disconnected.

Depending on your user-scenario, adjusting these settings might help you:
MaxIdleTime
MaxConnectionTime
MaxDisconnectionTime
RemoteAppLogoffTimeLimit

The Thin client config/settings might also help you. I know for example Dell Thin clients have possibility to clear username on log off.
0 Likes
Reply
Kugan Nadaraja

‎Jan 10 2023 07:36 PM

‎Jan 10 2023 07:36 PM

Re: Windows Desktop (AVD & Windows365) Client on Thin Client

In Azure Virtual Desktop, you can configure the remote desktop session host to prompt users to sign in again when they open a new session or when they close their current session. This can be done using the following steps:

1. In the Azure portal, navigate to the Virtual Desktop service that you want to configure.
2. Under "Settings," select "Session Hosts."
3. Select the session host pool that you want to configure.
4. Under "Authentication," select "Prompt for credentials on new connection." This will prompt users to enter their credentials when they start a new session.
5. Under "Authentication," select "Prompt for credentials on reconnection." This will prompt users to enter their credentials when they reconnect to a disconnected session.
6. (Optional) If you want the user to sign-out and close the current subscription when closing the current session: Under "Session" select the "End session" and select "Sign-out"

Note that this configuration can also be done via PowerShell script and azure API, Also this configuration is valid for the entire session host pool, so all users in the session host pool will be prompted for credentials when they start a new session or reconnect to a disconnected session.
0 Likes
Reply
jherber

‎Jan 11 2023 01:48 AM

‎Jan 11 2023 01:48 AM

Re: Windows Desktop (AVD & Windows365) Client on Thin Client

Thank you for the response! But we have Windows365 instead of AVD..so no session hosts for us..
0 Likes
Reply