how to sign in on azure virtual desktop with azure ad credentials

Question

I have created an Azure Virtual Desktop, that I am accessing through AzureBastion within the portal.
The trouble I having is:

A: I can't login using my azure ad credentials even though I have assigned myself Virtual Machine Admin access.

• I am also a global admin if that helps.

B: I am only able to login using the local admin account of the virtual desktop.

• The virtual desktop is in a vnet that has Azure Domain Services enabled.

How can I accomplish connecting to my virtual desktop by using azure ad credentials instead of local admin?

Answer 1

Hi @Chris Parker ,

is it possible that I somehow created both a regular Azure VM and a Windows Virtual Desktop of the same name?

This could be possible ... not sure what you have done so far.

If both VMs with the same computer name (in OS) are in the same vNet, it won't work properly (same like 2 computers in the same on-premises network)
If both VMs with the same computer name (in OS) are joined to the same domain, it won't work because the second VM joined to the AD domain will destroy the first computer account in the AD domain.

A WVD host is technically nothing else than a normal Azure VM with a OS Disk, a NIC, a VM Sku, connected to a subnet of an Azure vNet.

The special thing of a WVD Host VM is:

• The VM is related/associated to one WVD Host Pool (during deployment)
• The VM is AD joined (during deployment)

That's it with the VM.

Maybe this is helpful as well:
https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

Answer 2

@Andreas Baumgarten This is for an Azure Windows Virtual Desktop. It was deployed through a host pool.

Answer 3

@Andreas Baumgarten Thank you. Now that I am looking deeper into this, is it possible that I somehow created both a regular Azure VM and a Windows Virtual Desktop of the same name?

When attempting to add those groups shown in your screenshot 2, I found that "AFWVD-0" is unavailable.

Answer 4

Thank you @Andreas Baumgarten .

We are actually a cloud only environment.
I started playing with Azure Active Directory Domain Services for the sole purpose of trying to setup a radius server to authenticate with an on premise radius server that is associated with the UDMPro.

Fast forward a few days and the organization needed a quick solution to create 8 virtual desktops for contractors who are working over seas.

I created the WVD through the "create a pool wizard" but it had some issues joining the domain once the virtual desktops were being created (probably do to needing to reset my domain join account password). I also created a Windows 2019 Server in the same subnet as the other WVD to attempt to join azure domain services, I received a message stating that it already belonged to the domain.

The WVD nic dns is pointing to the IPs of the Azure Domain Services.
Once inside of the Virtual Desktop AFWVD-0 it still says i'm in a default workgroup.

It might be time to destroy and rebuild using your very helpful provided links to educate me.

Answer 5

@Andreas Baumgarten

Found this error for the session host. So this is probably the root of my trouble.

healthCheckName": "DomainJoinedCheck",
"healthCheckResult": "HealthCheckFailed",
"additionalFailureDetails": {
"message": "SessionHost unhealthy: SessionHost is not joined to a domain",
"errorCode": -2147467259,
"lastHealthCheckDateTime": "2021-06-25T01:59:20.2700414Z"