how to sign in on azure virtual desktop with azure ad credentials

Chris Parker 21 Reputation points
2021-06-25T14:55:54.533+00:00

I have created an Azure Virtual Desktop, that I am accessing through AzureBastion within the portal.
The trouble I having is:

A: I can't login using my azure ad credentials even though I have assigned myself Virtual Machine Admin access.

  • I am also a global admin if that helps.

B: I am only able to login using the local admin account of the virtual desktop.

  • The virtual desktop is in a vnet that has Azure Domain Services enabled.

How can I accomplish connecting to my virtual desktop by using azure ad credentials instead of local admin?

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
971 questions
Accepted answer
  1. Andreas Baumgarten 67,616 Reputation points MVP
    2021-06-25T18:11:37.283+00:00

    Hi @Chris Parker ,

    is it possible that I somehow created both a regular Azure VM and a Windows Virtual Desktop of the same name?

    This could be possible ... not sure what you have done so far.

    If both VMs with the same computer name (in OS) are in the same vNet, it won't work properly (same like 2 computers in the same on-premises network)
    If both VMs with the same computer name (in OS) are joined to the same domain, it won't work because the second VM joined to the AD domain will destroy the first computer account in the AD domain.

    A WVD host is technically nothing else than a normal Azure VM with a OS Disk, a NIC, a VM Sku, connected to a subnet of an Azure vNet.

    The special thing of a WVD Host VM is:

    • The VM is related/associated to one WVD Host Pool (during deployment)
    • The VM is AD joined (during deployment)

    That's it with the VM.

    Maybe this is helpful as well:
    https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    1 person found this answer helpful.

9 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andreas Baumgarten 67,616 Reputation points MVP
    2021-06-25T15:10:02.26+00:00

    Hi @Chris Parker ,

    are you talking about a "normal" Azure VM?

    Or are you talking about Azure Windows Virtual Desktop? ( https://azure.microsoft.com/en-us/services/virtual-desktop/ )

    If the first option: Did you join the Azure VM to your AAD?
    https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows

    If the second option: At the moment it's not possible to use an AAD user account for login. You need a synced on-premises domain or Azure AD DS to login. Which option do you have?
    https://learn.microsoft.com/en-us/azure/virtual-desktop/overview#requirements

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    1 person found this answer helpful.
  2. Andreas Baumgarten 67,616 Reputation points MVP
    2021-06-25T16:37:04.987+00:00

    Hi @Chris Parker ,

    ok.

    If it's an Azure WVD environment you have to use a user that exists in your on-premises AD or Azure AD Domain Service.
    Als make sure the user got the permission to logon in your WVD environment.

    This can be done on the Application Group Settings (Screenshot shows 2 groups):

    109472-image.png

    The members of both groups are allowed to login to the WVD Host.

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    1 person found this answer helpful.
  3. Andreas Baumgarten 67,616 Reputation points MVP
    2021-06-25T19:25:20.043+00:00

    Hi @Chris Parker ,

    that might be.

    To troubleshoot this:

    • Login to the VM via RDP
    • Open a cmd
    • Ping <your AD domain name> (for instance thingy.local)

    See if the name is resolved by DNS - IP should be one of the AD DCs

    See if ping works

    If this is working the VM should be joined in the AD domain.

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    1 person found this answer helpful.
  4. Andreas Baumgarten 67,616 Reputation points MVP
    2021-06-25T20:22:50.207+00:00

    Hi @Chris Parker ,

    this was at the beginning of the thread.
    Sometimes people ask if WVD is working without any AD, no "AD in sync with AAD" and no AAD DS.
    This is not working at the moment.
    I
    The requirements related AD for WVD are:

    An Azure Active Directory.
    A Windows Server Active Directory in sync with Azure Active Directory. You can configure this using Azure AD Connect (for hybrid organizations) or Azure AD
    Domain Services (for hybrid or cloud organizations).

    As you are running an AAD DS in sync with AAD you are fine.
    The users from AAD are synced to the AAD DS.
    This way it's possible to login with your AAD user at WVD Host. But the WVD Host joined to the AAD DS will use the synced user from AAD. For the user it doesn't make a difference. he should be able to log with his UPN (peter@thingy.whatever) and his password.

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    1 person found this answer helpful.