Forum Discussion
DavidBelanger
Microsoft
MicrosoftPUBLIC PREVIEW: Announcing public preview of Azure AD joined VMs
We are excited to announce the public preview of Azure AD joined VMs support for Azure Virtual Desktop. This feature allows customers to easily deploy Azure AD joined session hosts from the Azure portal and access them from all clients. VMs can also be automatically enrolled in Intune for ease of management. Support for storing FSLogix profiles on Azure files will be available in a future update.
Getting started:
The documentation to deploy Azure AD joined session hosts will guide you through the key steps needed to enable this functionality.
- End-to-end single sign-on is definitely something we are working on but isn't available in the first release due to the protocol we are using. We know how important that feature it.
DavidBelanger Hi, I created a new host pool with AAD, it is a validation hostpool. I tried to access the AVD but getting error a "login attempt failed" error. I am trying with my UPN to login to the Azure AD VM. I have added myself as "Virtual machine user login" RBAC role but still no luck. Anyone experiencing the same issue?.
amal_azurewvd I have the same issue. I followed all the steps at this location and still got the error.
- I finally got it working from webclient. I added targetisaadjoined:i:1 into customrdpproperties and it started working.
That's pretty cool - even for cloud-only companies. I used the evening to build it into my community tool 😃
DavidBelanger
Can someone please explain this statement from the documentation?
"Azure Virtual Desktop doesn't currently support single sign-on for Azure AD-joined VMs."The whole point of setting up Azure AD Joined VM for me is to achieve single sign on end-to-end including my apps like Office, Teams etc.
FYI - SUPER DUPER Excited to get rid of domain controllers now ! This is great progress. Loving it.
JasjitChopraI think it means that users will get promoted to login twice ..one to the service, one to the VM
- DavidBelangerEnd-to-end single sign-on is definitely something we are working on but isn't available in the first release due to the protocol we are using. We know how important that feature it.
- David, I am looking to use AVD AAD joined as base for a secure virtual workstation. Would it be an appropriate secure setup, if admins will be asked for for MFA for all cloud apps excluding „Azure Windows VM sign-in“? Therefore would attacker be able to bypass MFA to access the virtual desktop?
- I believe the correct answer is, "This preview version ... Certain features might not be supported or might have constrained capabilities." when it leaves preview, or during the preview that capability might be added.
DavidBelanger Wohoo!
How does this fit with the recent announcement about Cloud PC?
https://www.youtube.com/watch?v=V14Ia2uwrtk
Trying to figure out if we are better off with AVD "Personal" machines. vs a CloudPC.
- I'm also interested to have a good story to consult customers to use AVD (Flexibility) and Windows365 (Simplicity). I guess that one important point is the price of W365 (which I don't know)
