Deploying RemoteApp to AADJ device

John Nickell 36 Reputation points
2023-06-26T14:02:24.3766667+00:00

I am cross posting from Reddit where I've received no responses so far. Hoping that someone can point me in the correct direction.

Looking for help or advice from anyone who's implemented RemoteApp (on prem equipment) with an AADJ client computer preferably with SSO to the RemoteApp working. We have Azure AD Connect installed and to the best of my knowledge working correctly.

We currently have a small RemoteApp (single app) RemoteApp environment setup and working for our legacy AD joined devices. For those end users the RemoteApp is available from with start menu and if they select it, they are SSO'd directly into the server and the first prompt they see is the application's login screen. Very seamless overall. All components of the RemoteApp are installed on a single box (minus AD,DNS). The server is running 2016 (1607 build 14393.5921)

I have found and configured the settings in Intune I believe are required to support a similar functionality for our AADJ devices, but am having issues. The first issue is that the RemoteApp and Desktop Connections panel does not show the 'connection feed' as being configured.

2023-06-23 09_36_25-Edit profile - Remote App Settings - Microsoft Intune admin center - Work - Micr

configured for https://<internalFQDN>/rdweb/feed/webfeed.aspx

I opened an Microsoft support case and when the agent saw that the registry key (HKCU\Software\Policies\Microsoft\Workspaces\DefaultConnectionURL) was present, he said it wasn't an Intune problem and pointed me to some different (non-MS resources on the web)

I'm unsure if this is contributing to the problem, but if I take the registry value and attempt to manually add it in the RemoteApp feed I receive a prompt saying my credentials didn't work

2023-06-23 09_44_38-PF4BH5ZT - Mirazon Remote Support - Connected

I'm unsure "which" credentials it's trying, however if I enter my AAD UPN (email) and my password. It connects successfully. I suspect that this is a part of the cause, but I don't know for sure.

It's worth pointing out that if I open Edge browser and attempt to open the page (registry value), it automatically downloads the a "WebFeedLogin.aspx" file so I believe some portion of my delegated authentication is working correctly.

Testing SSO to the server for RDP, I can bring up MSTSC and attempt to connect to the server directly. This works exactly as I would expect it. (SSO'd directly to server's desktop).

I think I've got SSO working, and I think I've got the feed pointed to the correct location, yet it's not working. Any pointers would be appreciated.

For the interested, I've setup:

Certificate Thumbprint for the server

Allowed delegation for (to both cname and actual server FQDN, but not a domain wildcard)

default credentials

NTLM

fresh

fresh with NTLM only server

saved

saved with NTLM only server

the URL for the web feed is added to the "zone 1" for trusted sites

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,245 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,336 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 43,941 Reputation points
    2023-06-27T14:52:04.21+00:00

    Hello there,

    To deploy RemoteApp to an Azure Active Directory Joined (AADJ) device, you can follow these general steps:

    Set up Azure Active Directory: Ensure that you have an Azure Active Directory (AAD) tenant set up and properly configured. You will need to have the necessary permissions to manage the AAD resources.

    Configure Azure RemoteApp: Set up and configure Azure RemoteApp in your Azure subscription. This involves creating a RemoteApp collection and defining the applications you want to deploy.

    Join the device to Azure Active Directory: Join the device you want to deploy RemoteApp to the Azure Active Directory. This can be done by navigating to Settings > Accounts > Access work or school, and then adding the device to your AAD.

    Install Remote Desktop client: On the AADJ device, ensure that the Remote Desktop client is installed. You can download and install the Remote Desktop client from the Microsoft Store or the appropriate app store for your device.

    Access RemoteApp: Launch the Remote Desktop client on the AADJ device and enter the RemoteApp collection URL provided by Azure RemoteApp. This URL will typically be in the format of https://<collectionname>.rds.azure.com.

    Authenticate and access applications: Sign in to the Remote Desktop client using your AAD credentials. Once authenticated, you should see the list of RemoteApp applications available. Click on the desired application to launch and access it on the AADJ device.

    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.