User Profile
AlexShxW1
Copper Contributor
Joined 2 years ago
User Widgets
Recent Discussions
Re: AVD Session host health state 'Unavailable'
Sure you can try to redeploy, but if its failing to join the domain, there is probably a reason why and the next machine will fail too. Are you joining to Entra ID or a Local AD Domain? There were be logs associated the attempt to join the domain for each join type, you should log into the machine with the local admin account and troubleshoot.Re: Windows 365 App wont connect to Cloud PC
You can check the logs in %localappdata%\Temp\DiagOutputDir\Windows365\Logs on the client device for insight on which part is timing out. Azure Virtual Desktop Store App or the Remote Desktop app also seems to connect in a different way that may prove succesfullRe: Different AVD Gateway Region
Decision on which gateway is based on latency/performance during the initial connection so if there is something effecting latency such as internal network or packet loss a user may connect to a sub-optimal gateway. Ideally though, if there arn't any restrictions, you can use UDP shortpath for best virtual desktop experience and gateway performance should not matter.Re: CTFMON hard errors when combining RemoteApp & Remote Desktop
You could possibly have better luck with this, if it was really needed, by setting in the Remote Desktop group policy to log sessions off when they are disconnected and restricting users to a single session as to avoid conflicts between user session types.Visual Glitching / Distortion with AVD RemoteApp Deployment
So I am having this visual distortion and glitching in a RemoteApp I am deploying through Azure (Virtual Desktop.) It is not really possible to deploy this to my users. I have tried everything under the sun: RemoteFX: I have tried disabling, and I have tried every compression setting under the sun. This DOES resolve this visual glitching issue but causes a slew of other issues and doesn't work well with other apps that will be available on the same session host Bitmap Caching: Having bitmap caching on seems to make it a bit worse but having it off doesn't resolve. Various Display settings: Tried every single on available to us Various redirected settings: Tried disabling all redirections, doesn't help Session host/Base Machine Visual Effects Performance options: Tried turning off/on, doesnt help. Looking for any assistance under the sun! Thank you,Issues with setting up AiTM phish prevention using conditional access
We are a managed IT company and AiTM phishes (the ones that reverse proxy the true sign in page and steal session cookies) have been everywhere. We've started experimenting with User-Risk and Sign-In risk policies, and what I thought we had set up made sense to me, but I was doing some more indepth testing and found that what I set up has been basically useless/harmful? We have the basic conditional access environment: MFA: MFA enforced for every sign in Sign-In Risk: MFA Enforced for Risk Signing with Session Control "Every Time" for all levels of sign-in risk User-Risk: Require password change for Medium/High Risk My understanding was that particularly, the sign in risk policy, would apply an "Every Time" control to the session cookie, that way when it was stolen via a reverse-proxy, and re-imported to their browser it would request them to sign in again, because in my mind every time their session is reevaluated it should ask them to sign in. This document says to use this control when I want to reauthenticate everytime, which is what I want to have happen when the session has risk. Issue is it looks like it doing in my environement instead: User signs in to reverse proxy link that was sent to them in a phish Microsoft sees that there is sign in risk, processes the Sign-In Risk conditional access policy Requires Grant Controls "MFA" Bad actor at this point would be given this authentication cookie Microsoft marks the Sign-in and its associated risk as Remediated because the user "passed mfa". Bad actor imports the session cookie to their browser Bad actor signs in fine and goes about their day ruining everyone elses These subsequent sign ins do not show up as "risky" because the risk associated with it was "remediated" -- which is talked about here All I am trying to do is impose stringent session controls on these AiTM/reverse-proxy phishing and now I worry that I have been doing more harm than good because I basically set it to "remediate" the risk the very second it occurred. Any help in pointing me in the right direction is greatly appreciated.
