How to set up Azure session host to sign in with Azure AD credentials?

Tech 1 0 Reputation points
2023-08-25T18:44:01.47+00:00

Deployed a host pool and session host in Azure Virtual Desktop. I can RDP in to it with the local admin credentials I created. I configured it to use Azure AD for authentication and have added the Virtual Machine User Login RBAC to the Resource group in which the VDI infrastructure is contained. Not sure what else to do.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,061 questions
Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,349 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Tech-Hyd-1989 5,741 Reputation points
    2023-08-29T05:01:15.0533333+00:00

    Hello Tech 1

    1. Create an Azure AD user account for each user who will be connecting to the session host.
    2. Assign the Virtual Machine User Login role to the Azure AD user accounts in the resource group that contains the session host.
    3. Enable Azure AD authentication for the session host.

    Here are the steps involved in each of these tasks:

    1. To create an Azure AD user account, go to the Azure portal and select Azure Active Directory > Users. Click New user and enter the user's name and email address. Click Create.
    2. To assign the Virtual Machine User Login role to an Azure AD user account, go to the Azure portal and select the resource group that contains the session host. Click Access Control (IAM) > Roles. Select the Virtual Machine User Login role and click Add. In the Select members dialog box, select the Azure AD user account and click Select. Click Save.
    3. To enable Azure AD authentication for the session host, go to the Azure portal and select Azure Virtual Desktop > Host pools. Select the host pool that you want to enable Azure AD authentication for and click Settings. In the Azure AD authentication section, select Connections will use Azure AD authentication to provide single sign-on. Click Save.

    Once you have completed these steps, users will be able to sign into the session host using their Azure AD credentials.

    Here are some additional things to keep in mind when setting up Azure session hosts to sign in with Azure AD credentials:

    • You can also enable passwordless authentication for Azure session hosts. This will allow users to sign in without having to remember a password.
    • You can configure Azure AD conditional access policies to control who can sign in to Azure session hosts.
    • You can also use Azure AD Multi-Factor Authentication (MFA) to add an extra layer of security to Azure session hosts.

    Article: https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows

    I hope this helps! Let me know if you have any other questions.

    0 comments No comments