Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,445 questions
Azure virtual desktop session alerts triggered by hostname changes
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHS%3C/text%3E%3C/svg%3E)
Heath Smart Dylan
0
Reputation points
Our Azure virtual desktop keeps raising "pass the ticket" attack alerts when the hostname of our computers changes from <hostname> to <hostname>-<random number>. However, our security logs remain the same inside the SIEM, showing no change in hostname or client IP. As Azure virtual desktop might swap instances, create sessions, or perform backups, I'm assuming this is the reason. Can anyone provide official documentation or a statement to confirm this before we automate a solution?