Share via

User unable to login to virtual desktop

George Mathews 45 Reputation points
2026-01-20T03:46:44.3666667+00:00

Hi Support team,

I have created azure virtual desktop with Entra ID users but I am unable to connect host pool vm's .
I need a quick assistance can someone help me out of this.

Thank you.

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
0 comments
Answer accepted by question author
  1. Nikhil Duserla 9,515 Reputation points Microsoft External Staff Moderator
    2026-01-20T06:07:15.52+00:00

    Hello @George Mathews ,

    Firstly, enable the role for the user with the Virtual Machine User Login.

    To troubleshoot AVD VM that are in a Running state but report a Shutdown health status, begin by restarting the VM from the Azure portal to resolve any potential state inconsistencies. Additionally, verify the Azure VM Agent status to ensure it is running and up to date. If issues persist, consider resetting or upgrading the agent following the recommended steps provided in the Azure documentation.

    Please follow the below given steps-

    1. Navigate to the VM\Extensions + applications
    2. Note the Version, for Win11ms, I would expect 2.2.0.0.
    3. Click the Uninstall button.
    4. Reboot the VM
    5. Once the VM is back online after reboot, open Cloud Shell
    6. Run the following in Cloud Shell substituting in your Resource Group name, VM name, and Location.

    Azure PowerShell

    Set-AzVMExtension -ResourceGroupName "<RESOURCE GROUP NAME>" -VMName "<VM NAME>" -Name "AADLoginForWindows" -Location "<LOCATION>" -Publisher "Microsoft.Azure.ActiveDirectory" -Type "AADLoginForWindows" -TypeHandlerVersion "2.2"

    In the Azure portal, go to AVD VM > Select Access Control (IAM) > Select Role Assignments > Confirm that the user account has been granted either the Virtual Machine User Login or Virtual Machine Administrator Login role.

    Ensure that the RDP property targetisaadjoined:i:1 was added to the AVD host pool. To do this, navigate to the Azure portal > Select the host pool configured for Azure AD Join > Select the RDP Properties blade > Select the Advanced Tab > Add targetisaadjoined:i:1.

    Disable security defaults by navigating to Entra ID > Manage > Properties > Manage Security Defaults > Disable.

    Add Conditional Access policies to exclude the VM from MFA by adding the user.

    Enable Conditional Access policies and exclude the users and groups as needed.

    If any additional questions come up, please feel free to reach out. I’m always here to support.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-01-20T03:46:53.09+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To troubleshoot your issue with connecting to the Azure Virtual Desktop host pool VMs using Microsoft Entra ID users, consider the following steps:

    1. Check User Roles: Ensure that the user accounts have been assigned the Virtual Machine User Login role on the virtual machines. Without this role, users will not be able to connect.
    2. Verify Credentials: If you're encountering login issues, double-check that the credentials being used are correct. Make sure that the user has the appropriate access permissions and that there are no issues with multifactor authentication (MFA) if it is enabled.
    3. Conditional Access Policies: Review any Conditional Access policies that might be blocking access. Users may be subject to policies that restrict access to Azure Virtual Desktop resources. Ensure that the policies allow the necessary access for the users trying to log in.
    4. Network Security Settings: Confirm that the security policy Network security: Allow PKU2U authentication requests to this computer to use online identities is enabled on both the server and the client.
    5. Sign-in Logs: If you have integrated Microsoft Entra logs with Azure Monitor logs, check the sign-in logs for any errors or issues related to the login attempts. This can provide insights into what might be going wrong.

    By following these steps, you should be able to identify and resolve the issue preventing you from connecting to the VMs in your Azure Virtual Desktop environment.

    References:

    0 comments
  2. SUNOJ KUMAR YELURU 17,806 Reputation points MVP Volunteer Moderator
    2026-01-20T05:08:44.5166667+00:00

    Hello @George Mathews,

    Thanks for using Q and A forum.

    To connect to Azure Virtual Desktop VMs that are joined to Microsoft Entra ID, ensure that you have enabled single sign-on.

    Additionally, you need to assign the Virtual Machine User Login role to the users who need access to the VMs. This role is crucial for allowing users to log in to the virtual machines. Furthermore, check your multifactor authentication policies to ensure they do not prevent users from signing in. If users are still unable to connect, verify that their accounts are configured correctly and that they meet all the necessary requirements for access.

    Troubleshoot connections to Microsoft Entra joined VMs

    If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.