Azure Virtual Desktop Authentication

Rajitha Wickramasinghe 6 Reputation points
2023-03-02T12:21:44.3833333+00:00

Firstly, all your advice and recommendations are greatly appreciated.

This seems to be a common issue but I dont seem to be able to get it to work.

I've deployed a Virtual Desktop on Azure and all is well long as the MFA is disabled for the user.

Excluding the user from the CA policy doesnt work either.

I have selected "All Cloud Apps" and excluded Azure Virtual Desktop and Azure Windows VM sign in.

How do I make sure that authentication works while having MFA turned on?

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,409 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Markinson Collet 85 Reputation points
    2023-04-04T05:56:24.2633333+00:00
    • Here's how to create a Conditional Access policy that requires multi-factor authentication when connecting to Azure Virtual Desktop:
    • Sign in to the Azure portal as a global administrator, security administrator, or Conditional Access administrator.
    • In the search bar, type Azure Active Directory and select the matching service entry.
    • Browse to Security > Conditional Access.
    • Select New policy > Create new policy.
    • Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
    • Under Assignments, select Users or workload entities.
    • Under the Include tab, select Select users and groups and tick Users and groups. On the right, search for and choose the group that contains your Azure Virtual Desktop users as group members.
    • Select Select.
    • Under Assignments, select Cloud apps or actions.
    • Under the Include tab, select Select apps.
    • On the right, select one of the following apps based on which version of Azure Virtual Desktop you're using.

    Also, to know about Virtual Desktop Cloud, visit CloudDesktopOnline.

    1 person found this answer helpful.
    0 comments No comments

  2. Lee Hubble 15 Reputation points
    2023-03-02T14:34:08.2866667+00:00

    Hi Rajitha

    To use MFA with Azure Virtual Desktop, you need to ensure that Per-User MFA is disabled for any user attempting to sign in and instead use only conditional access.

    Enforce Azure Active Directory Multi-Factor Authentication for Azure Virtual Desktop using Conditional Access

    Per-User MFA is not compatible with Virtual Desktop as mentioned in this artictle: Azure AD joined session host VMs

    Many thanks
    Lee