Sign-in in Azure Virtual Desktop not possible with new MFA

Question

Sign-in in Azure Virtual Desktop not possible with new MFA

Samuel Solin 0

Hello,

We have an Azure Virtual Desktop with access through the Microsoft Remotedesktop app. We were forced last week to change Sign-in through MFA and can't since login to our Server. We were able to troubleshoot a bit and were able to solve the problem for some of our users, but although the problem is the same for all users it still doesn't work for all of them.

The error we had in the beginning (but doesn't show anymore since working on it) is CA20004; AADSTS650052. Log-in works if you disable the security defaults in AAD, but this isn't a sustainable solution.

Does anybody have a solution to this? Any help would be great

vipullag-MSFT 26,522 Reputation points Moderator

2023-04-04T09:43:32.27+00:00

Hello Samuel Solin

Welcome to Microsoft Q&A Platform, thanks for posting your query here.

Can you share more info to assist you better on this.

Which app are you exactly using to connect?

Does it work with MSRDC?

https://learn.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa

Is it working using the web client?
Salah 251 Reputation points

2023-04-05T06:17:16.82+00:00

You can use Conditional Access to configure policies similar to security defaults, but with more granularity. Conditional Access policies allow selecting other authentication methods and the ability to exclude users, which aren't available in security defaults. If you're using Conditional Access in your environment today, security defaults won't be available to you.
vipullag-MSFT 26,522 Reputation points Moderator

2023-05-04T04:20:42.1533333+00:00

Hello Samuel Solin

Any update on the issue?

Just checking in to see if you got a chance to see previous response.

1 answer

Your answer

vipullag-MSFT 26,522 Reputation points Moderator

2023-04-04T09:43:32.27+00:00

Hello Samuel Solin

Welcome to Microsoft Q&A Platform, thanks for posting your query here.

Can you share more info to assist you better on this.

Which app are you exactly using to connect?

Does it work with MSRDC?

https://learn.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa

Is it working using the web client?
Salah 251 Reputation points

2023-04-05T06:17:16.82+00:00

You can use Conditional Access to configure policies similar to security defaults, but with more granularity. Conditional Access policies allow selecting other authentication methods and the ability to exclude users, which aren't available in security defaults. If you're using Conditional Access in your environment today, security defaults won't be available to you.
vipullag-MSFT 26,522 Reputation points Moderator

2023-05-04T04:20:42.1533333+00:00

Hello Samuel Solin

Any update on the issue?

Just checking in to see if you got a chance to see previous response.

Answer 1

Hello Samuel Solin

Welcome to Microsoft Q&A Platform, thanks for posting your query here.

It seems like you are having trouble logging in to your Azure Virtual Desktop due to MFA. The error message you mentioned, CA20004; AADSTS650052, indicates that there is an issue with the user's authentication.

To resolve this issue, you can try below troubleshooting steps:

Ensure that the user has registered for MFA.
Check if the user is using the latest version of the Microsoft Remote Desktop app. If not, ask them to update it to the latest version.
Ensure that the user is using the correct sign-in method. If you have set up Conditional Access policies restricting access, please check previous comment.
If the issue persists, you can try resetting the user's MFA settings.

If none of these steps work, it is possible that there is an issue with your Azure Virtual Desktop configuration.

Hope this helps.

If you need further help on this, tag me in a comment. I have also shared details on opening a support case in my previous comment.

Share via

Sign-in in Azure Virtual Desktop not possible with new MFA

1 answer

Your answer