Hello Tech 1
- Create an Azure AD user account for each user who will be connecting to the session host.
- Assign the
Virtual Machine User Login
role to the Azure AD user accounts in the resource group that contains the session host. - Enable Azure AD authentication for the session host.
Here are the steps involved in each of these tasks:
- To create an Azure AD user account, go to the Azure portal and select Azure Active Directory > Users. Click New user and enter the user's name and email address. Click Create.
- To assign the
Virtual Machine User Login
role to an Azure AD user account, go to the Azure portal and select the resource group that contains the session host. Click Access Control (IAM) > Roles. Select theVirtual Machine User Login
role and click Add. In the Select members dialog box, select the Azure AD user account and click Select. Click Save. - To enable Azure AD authentication for the session host, go to the Azure portal and select Azure Virtual Desktop > Host pools. Select the host pool that you want to enable Azure AD authentication for and click Settings. In the Azure AD authentication section, select Connections will use Azure AD authentication to provide single sign-on. Click Save.
Once you have completed these steps, users will be able to sign into the session host using their Azure AD credentials.
Here are some additional things to keep in mind when setting up Azure session hosts to sign in with Azure AD credentials:
- You can also enable passwordless authentication for Azure session hosts. This will allow users to sign in without having to remember a password.
- You can configure Azure AD conditional access policies to control who can sign in to Azure session hosts.
- You can also use Azure AD Multi-Factor Authentication (MFA) to add an extra layer of security to Azure session hosts.
Article: https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows
I hope this helps! Let me know if you have any other questions.