Azure Virtual Desktop – You can enable single sign-on and password less for AVD (preview)

These features are currently in preview and is currently available only on Windows 11 22H2 Enterprise Preview (mono and multi session) X64 Gen 2 as session host

image

AVD SSO

This can be enable for both Azure AD Joined and Hybrid Joined (Active Directory) virtual machines; it does not support Azure AD Domain Services joined virtual machines

If you are using Hybrid Joined VM, you first need to have enabled Azure AD for Kerberos support (https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises#create-a-kerberos-server-object)

SSO is currently only supported with Windows Desktop Client (always ensure you are using the latest version – https://docs.microsoft.com/en-us/azure/virtual-desktop/user-documentation/connect-windows-7-10#install-the-windows-desktop-client).

Once you have a supported session host, you can enable SSO by customizing the RDP property by setting the Azure AD Authentication to RDP will attempt to use Azure AD Authentication to sign in (enablerdsaadauth:i:1 if you manually edit the RDP properties)

image  image

When logging on the first time on the session host, user will be prompted to authenticate with Azure AD and allow the remote desktop connection

image  image

Azure AD will remember up to 15 hosts for 30 days before a new authentication prompt

AVD Password less

AVD use Windows Hello for Business to enable password less authentication

In addition of the session host supported version listed above, you need to also use one of these version as your local OS

To enable password less, you need to edit your RDP properties to configure the WebAuth redirection option to WebAuth request in the remote session are redirected to the local computer (redirectwebauthn:i:1 if you manually edit the RDP properties)

image

If you want to enable FIDO2 keys, you first need to configure it as an authentication method for your users – see https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key#enable-fido2-security-key-method

Leave a Comment

Your email address will not be published.