Share via

Can I connect to an AVD using SSO via Entra External ID?

Anonymous
2024-10-02T00:50:51.3766667+00:00

I am trying to understand if a user invited into an Extra External ID directory will be able to use SSO to access a domain joined Azure Virtual Desktop.

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments
Answer accepted by question author
  1. Raja Pothuraju 44,905 Reputation points Microsoft External Staff Moderator
    2024-10-07T22:14:54.9866667+00:00

    Hello @Sam Price,

    Thank you for posting your query on Microsoft Q&A.

    To log in to AVD using Microsoft Entra ID accounts, users must be part of the same directory. Currently, users invited through external identities, such as Microsoft Entra Business-to-Business (B2B) or Business-to-Consumer (B2C), are not supported. This is a known limitation.

    The reason for this limitation is that in order to log into AVDs using Entra accounts, the virtual machine (VM) must be Azure-joined, specifically Microsoft Entra-joined. Only users created in your tenant can log into Entra-joined machines to achieve Single Sign-On (SSO) behavior. Guest or external accounts cannot log in to these Entra-joined machines, as their accounts are created in a different directory, while the device they are trying to access is enrolled in your directory.

    User's image

    This limitation is by design. For more details, please refer to the following documentation:

    Known Limitations of Azure AD Joined Session Hosts

    External Identity Authentication for AVD

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Thanks,
    Raja Pothuraju.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Abiola Akinbade 30,470 Reputation points Volunteer Moderator
    2024-10-02T07:24:51.27+00:00

    Hello Sam Price

    Thanks for your question

    Azure Virtual Desktop currently doesn't support external identities.

    See: https://learn.microsoft.com/en-us/azure/virtual-desktop/authentication#external-identity

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

    0 comments
  2. Cristina Oprea 0 Reputation points
    2025-05-01T06:00:21.6933333+00:00

    Entra External ID is different to External users, no?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.