![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 69%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 21%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
Use the following checks to troubleshoot why the user in the Azure Virtual Desktop (AVD) pool cannot connect:
- Confirm the user has app group assignments
- Even if the user is in the host pool, they must be assigned to one or more AVD application groups (Desktop or RemoteApp) to see and launch resources.
- Run in PowerShell (with Az module and appropriate permissions):
Get-AzRoleAssignment -SignInName <userUPN> - Verify that the user is assigned to the correct AVD application group(s). If not, assign the user (or a supported security group) to the app group and have the user refresh the workspace.
- Verify the correct account and cached credentials
- Ensure the user signs in with the same Microsoft Entra account that was assigned to the AVD application group.
- If using the web client, clear cached credentials or use an InPrivate/Incognito browser session, then have the user sign in again and refresh the workspace.
- Check group type in Microsoft Entra ID
- If the user is assigned via a group, confirm the group is a security group, not a distribution group. AVD does not support Microsoft Entra distribution groups for app group assignment.
- If it is a distribution group, create or use a security group instead, add the user, and assign that security group to the AVD application group.
- If the user recently moved tenants or subscription changed ownership
- If the subscription or user was moved between Microsoft Entra tenants, user assignments may be tied to the old tenant. Reassign the user to the AVD application groups in the current tenant.
- If a CSP provider created the subscription and it was later transferred, re-register the AVD resource provider:
- In Azure portal, go to Subscription → select the subscription.
- Select Resource provider.
- Find Microsoft.DesktopVirtualization and select Re-register.
After these steps, have the user refresh the AVD workspace (or sign out and sign back in) and attempt to connect again.
References: