Azure App Authentication issue on remote Desktop Services

mc999 1 Reputation point
2022-10-05T11:58:30.917+00:00

Firstly I have to apologise, I am not a developer, but have inherited an Azure app from my predecessor.

The application run's fine from any workstation, when we open it we get the Azure prompt for authentication, enter the details and away we go.

We want to use the same app on our RDS farm, but on any server with the RDS role installed, we never see the authentication prompt.

Does anyone know of any reason why we wouldn't get the authentication prompt.

Not sure how relevant this is but on the application we are only allowing "accounts in this organizational directory only" and we only have the oauth2/nativeclient tick box selected

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,282 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,767 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Olga Os - MSFT 5,836 Reputation points Microsoft Employee
    2022-10-05T18:43:04.57+00:00

    Hello @mc999 ,

    Welcome to the MS Q&A Forum.

    Could you please provide more details about the issue you are facing?
    Are you able to connect to your app from the remote desktop? Do you get any specific failure? What reason of the failure do you see in the sign-in logs?
    You could find more details on how to enforce MFA for Azure Virtual Desktop by looking into this article=> Enforce Azure Active Directory Multi-Factor Authentication for Azure Virtual Desktop using Conditional Access.

    As, example,

    Azure AD joined session host VMs
    For connections to succeed, you must disable the legacy per-user multi-factor authentication sign-in method. If you don't want to restrict signing in to strong authentication methods like Windows Hello for Business, you'll also need to exclude the Azure Windows VM Sign-In app from your Conditional Access policy.

    Hope above answers your questions and concerns.

    --------------------------------------------------------

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

    Sincerely.
    Olga Os

    0 comments No comments

  2. mc999 1 Reputation point
    2022-10-06T15:36:52.107+00:00

    Thank you for getting back to me, there isn't any error as such, we just normally get the modern authentication box. No logs, but it its an in house developed application.

    As it happens no MFA is configured for this new customer, although that's going to change very soon.

    it just appears that something is blocking the modern authentication box for this application for servers with the RDS role installed. I wonder is there a way that I can force the modern authentication box so the credentials are cached before opening the app?


  3. mc999 1 Reputation point
    2022-10-10T19:13:20.723+00:00

    unfortunately that relates to using MFA for Remote Desktop Services. Just to avoid any confusion we do not face a problem with MFA, the problem seems to be with a Modern Authentication prompt for users accessing a Remote Desktop Server

    0 comments No comments