Why can't I login to AVD using my AAD credentials?

Glenn Horton 15 Reputation points
2023-09-26T13:50:08.6733333+00:00

I used the portal to create a host pool, application group and VM for Azure Virtual Desktop. I indicated I wanted the machine joined to our AAD. I added the targetisaadjoined:i:1 property to the Host Pool. I assigned the
Virtual Machine User Login role to my account. When I try to login to AVD via the RDP client I get "The credentials that were used to connect to xxx.xxx.xxx.xxx did not work. Please enter new credentials". If I use the web client the error is "Sign in failed. Please check your username and password and try again.". For both the RDP and web clients the only account that works is the admin account that was specified in the portal when the VMs were created.

If I look at the devices listed in Entra, the AVD VM is listed as "Enabled" and "Azure AD joined".

Does anyone have suggestions on how to diagnose the problem?

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,544 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Richard Redgrave 895 Reputation points Microsoft Employee
    2023-09-28T08:21:23.36+00:00

    Hi Glenn,

    It sounds like you have checked the obvious things there, but can you also double check that either of these two RBAC roles are assigned to the Virtual Machines/Resource group?

    • Virtual Machine Administrator Login
    • Virtual Machine User Login You will need to be a member of one of these roles to login via AAD.

    Thanks

    1 person found this answer helpful.

  2. David K 0 Reputation points Microsoft Employee
    2023-09-29T18:04:47.98+00:00

    Hi Glenn,

    When you say you're using the RDP client, do you mean you're using the Windows inbox MSTSC client and connecting using an IP address? If so, that's not a supported way to connect to Azure Virtual Desktop. You need to use a supported client (https://learn.microsoft.com/en-us/azure/virtual-desktop/users/remote-desktop-clients-overview) and subscribe to the workspace.

    In addition to the assigning the RBAC roles to the users, you also need to add it to the application group (this is the way it shows up as a resource in one of the supported clients).

    Hope that helps.


  3. Prrudram-MSFT 24,546 Reputation points
    2023-10-10T14:17:01.55+00:00

    Hi @Glenn Horton

    It sounds like you may have "per user MFA" enabled - which does not work with AVD, as per:  Log in to a Windows virtual machine in Azure by using Microsoft Entra ID - Microsoft Entra | Microsoft Learn - you want to use a conditional access policy instead.

    If this does answer your question, please accept it as the answer as a token of appreciation.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.