After deploying the AVD with options of join this device to Azure AD join and Enroll with intune, user Azure AD join user sign in failed

Naveen Murugesan 21 Reputation points
2021-10-13T18:08:50.827+00:00
  1. After deploying the AVD with options of join this device to Azure AD join and Enroll with intune
  2. We are trying with login with one of the corporate credential and shows the below error
  3. OOPS, we couldn't connect to SessionDesktop -- Sign in failed please check your username and password and try again
  4. In MS doc's article we found this line: "Azure AD-joined VMs only supports local user profiles at this time"
  5. By this point AVD is only support local profile even if the device joined into Azure AD join and by using corporate credential we can't sign user profile in the Azure VM Windows 10
Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,362 questions
Hyper-V
Hyper-V
A Windows technology providing a hypervisor-based virtualization solution enabling customers to consolidate workloads onto a single server.
2,538 questions
0 comments
Accepted answer
  1. Limitless Technology 39,351 Reputation points
    2021-10-15T18:38:17.94+00:00

    Hi @Naveen Murugesan

    If you come across an error saying The logon attempt failed on the Windows Security credential prompt, verify the following:

    1. You are on a device that is Azure AD-joined or hybrid Azure AD-joined to the same Azure AD tenant as the session host OR
    2. You are on a device running Windows 10 2004 or later that is Azure AD registered to the same Azure AD tenant as the session host
    3. The PKU2U protocol is enabled on both the local PC and the session host
    4. Per-user MFA is disabled for the user account as it's not supported for Azure AD-joined VMs.

    -------
    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. prmanhas-MSFT 17,886 Reputation points Microsoft Employee
    2021-10-14T14:10:34.02+00:00

    @Naveen Murugesan Apologies for the delay in response and all the inconvenience caused because of the issue.

    Please make sure the users are added to the desktop application group and they have these RBAC roles. For Azure AD-joined VMs, you'll need to do two extra things on top of the requirements for Active Directory or Azure Active Directory Domain Services-based deployments:
    Assign your users the Virtual Machine User Login role so they can sign in to the VMs.
    Assign administrators who need local administrative privileges the Virtual Machine Administrator Login role.

    The error is nothing to do with the profiles. You need to ensure that you have enabled

    1. The users with the Virtual Machine user Login RBAC permission: https://learn.microsoft.com/en-us/azure/virtual-desktop/deploy-azure-ad-joined-vm#assign-user-access-to-host-pools
    2. If using other clients besides MSRDC they need to add targetisaadjoin:i:1 as a RDP property (in advanced): https://learn.microsoft.com/en-us/azure/virtual-desktop/deploy-azure-ad-joined-vm#connect-using-the-windows-desktop-client

    Also we do support personal desktops there is no support for FSLogix yet.

    Hope it helps!!!

    Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.

    0 comments