avd sign-in frequency

Question

avd sign-in frequency

김경림 106

If I set up sign-in frequency with Azure Conditional Access on my AVD, does it stop using the session host and prompt me to log in? Or do I get a login window when I turn off and reconnect the virtual machine?

kobulloc-MSFT 26,811 Reputation points Microsoft Employee Moderator

2022-05-02T18:48:56.927+00:00
Hello, @Anonymous !

I'm in the process of confirming this but I believe that:

The session host is still used

There is a prompt for login (email + authenticator)

Login challenge frequency is configured with conditional access setup, and the recommendation is to include frequent credential checks: https://learn.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa
김경림 106 Reputation points

2022-05-03T14:48:56.973+00:00

Then when the login and MFA authenticator prompt appears, the session host will not turn off, but will it be unavailable for a while until I log in again?
kobulloc-MSFT 26,811 Reputation points Microsoft Employee Moderator

2022-05-05T06:26:40.027+00:00

Hello, @Anonymous !

I checked with the product group and our understanding is that you can still keep working once you are logged on in a Windows Client/Server session. The only way your connection could be interrupted is if the gateway actively checks whether your Azure AD token has expired (which would cause it to be dropped) but we're not aware of a process in place that does that.

Accepted answer

0 additional answers

Your answer

kobulloc-MSFT 26,811 Reputation points Microsoft Employee Moderator

2022-05-02T18:48:56.927+00:00

Hello, @Anonymous !

I'm in the process of confirming this but I believe that:

The session host is still used

There is a prompt for login (email + authenticator)

Login challenge frequency is configured with conditional access setup, and the recommendation is to include frequent credential checks: https://learn.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa
김경림 106 Reputation points

2022-05-03T14:48:56.973+00:00

Then when the login and MFA authenticator prompt appears, the session host will not turn off, but will it be unavailable for a while until I log in again?
kobulloc-MSFT 26,811 Reputation points Microsoft Employee Moderator

2022-05-05T06:26:40.027+00:00

Hello, @Anonymous !

I checked with the product group and our understanding is that you can still keep working once you are logged on in a Windows Client/Server session. The only way your connection could be interrupted is if the gateway actively checks whether your Azure AD token has expired (which would cause it to be dropped) but we're not aware of a process in place that does that.

Answer 1

Hello, @Anonymous !

How does setting up multifactor authentication (MFA) and configuring sign-in frequency affect my login?
Wrapping up everything we've covered in the comments, setting up multifactor authentication (MFA) and configuring sign-in frequency will result in a prompt for login (email + authenticator). You will be challenged if you log in after the specified amount of time has passed but if your use extends past the period of time set for your sign-in frequency, you should be able to keep working as you are already logged on in a Windows Client/Server session.

There is a possibility that your connection could be interrupted if the gateway actively checks whether your Azure AD token has expired (which would cause it to be dropped) but we're not aware of a process in place that does that.

References:

Share via

avd sign-in frequency

0 additional answers

Your answer