Це відео не доступне.
Перепрошуємо.
The Feature EVERY AVD Admin Has Been Waiting For...
Вставка
- Опубліковано 2 сер 2024
- Are you TIRED Of Signing In To AVD? The Most Requested Azure Virtual Desktop feature is NOW Available, 100% Cloud Native Azure AD Single Sign-On!!! EVERY AVD Admin NEEDS SSO So DON'T WAIT!!! ACT NOW...and the setup is so easy the Helpdesk could do it! 😁
🔥AFTER THIS 👉 • Identity Is The New Co... 👈
▬▬▬▬▬▬ C H A P T E R S 📲 ▬▬▬▬▬▬
0:00 Azure AD Join SSO
2:24 Hybrid Join SSO
3:57 Identity Security
5:08 WebAuthN & Azure Virtual Desktop
7:15 Wrap Up
▬▬▬▬▬▬ R E S O U R C E S 📡 ▬▬▬▬▬▬
► Hybrid Create AAD Kerberos: docs.microsoft.com/en-us/azur...
► WebAuthN Test: webauthn.io/
►Annoucement Blog: techcommunity.microsoft.com/t...
▬▬▬▬▬▬ S U P P O R T 💰 ▬▬▬▬▬▬
► Become a Learner TODAY: tinyurl.com/AzureAcademy-Subs...
► Twitter: / msazureacademy
► LinkedIn: / dean-cefola-2902934b
#TheAzureAcademy #AzureVirtualDesktop #AzureAD
This just got interesting... Thanks for sharing..
Love your work.
Happy to share, and thanks for watching!
What other things would make this more interesting?
hahaha🤣 after the Walter > Wonder Woman is leading this space hahaha you crack me up every single time ...great vid ;)🥰
Thanks as always Tim!
Gems 💎 keep them coming. Thanks
NICE! Thanks for watching!
Thanks for sharing, Dean!
Happy to help Steve!
this is excellent news! hopefully support for other builds of Windows 10/11 will be available soon as well. I remember for anyone that is a Nerdio user the now legacy NFA product would deploy an ADFS proxy server to handle the double login.
That’s right Bill ADFS is needed for classic AD join and support for windows 10 is coming
You're the best! I look forward to the video on how to update the W10 custom image to the W11. I have a lot of software installed there…
It’s gunna be great!
Updating host and updating images are 2 different things. For the image I would use Azure Image Builder to automate the whole process…makes it SO easy!
This is awesome, thank you!!!!
My users and I thank you!!! (OK, and the Microsoft product team, too...)
You are very welcome! I will pass it on to the team ☺️
Hi Rob, I’m David and I own this feature on the Azure Virtual Desktop team. You're welcome from the product group side 🙂 Feel free to leave feedback on the forum post at after giving it a try: techcommunity.microsoft.com/t5/azure-virtual-desktop/insider-preview-single-sign-on-and-passwordless-authentication/m-p/3608842
👍👍
So need it!!
Enjoy!
Hi, and congratulations for your channel! I've one question about performance and compatibility of Windows 11 vs Windows 10 in AVD environment. Actually I use only 21h2 Windows 10, is Windows 11 more heavy? Thanks!
Win 11 does have high requirements
Win10: 1 cpu core 1gb Ram
Win11: 2 cpu core 4gb Ram
Excellent
Thanks!
Nice many thanks for this Information.
It works only with Azure AD joined Host Pools and not with Active Directory ore Azure AD DS joined Hostpools?
Thanks for watching! This solution Works with Azure AD Joined and Hybrid Joined VMs.
Traditional AD joined needs my ADFS solution
And Azure AD Domain Services joined does not now and will not support single sign on
Yet 2 years on and they still haven't fixed the black screen issue at sign in. When you'll connect to the AVD and it will get stuck, loading the profile. Or you'll get disconnected and the AVD user profile will get stuck disconnected, again with the black screen issue.
That issue was fixed a long time ago. It’s the version of the image you are using.
Great news! Will it ever be available for Windows 10 multisession?
Yes multisession is supported right now!
Could you please make a video on how to configure Hello for Buissness in AVD? I have a hybrid avd env and I am accessing the avd from my local device, do I need to domain join my local device as well to use the hello for buisness auth for AVD ?
In a Hybrid environment you would setup Win Hello first then your VMs ONLY do a traditional domain join.
There should be a GPO in AD that will do the Cloud join after.
Once that is setup then your AVD users will need to setup WebAuthN to use windows Hello pass through in their AVD sessions
Hi Dean, loving the videos and tutorials. But for once i hit a road block. We have on-prem AD joined AVD session hosts. AVD with Windows 10 22h2 multi session. AVD session hosts are synced and hybrid azure ad joined. We have Created the ADKerberosServer object in on-prem AD. We enabled the sso aad option in rdp properties. Even disabled mfa. Added VM user login role. User is not in domain admin group. We use latest AVD/RD client but no SSO , we get a verification/authentication error. Also we cannot logon via web client anymore , we have to disable the aad sso rdp property so we can login again.
I haven’t run into that issue but sounds like you aren’t getting the Kerberos auth.
Check the AD computer object for Azure AD Kerberos, verify that it is working properly
What about Windows365 since it uses AVD and the Remote Desktop Client? I've been wanting this so much for W365
Excellent question…not yet but soon. Stay tuned and I’ll have a video about it
Any idea if / when will be possible to log in with AAD from MacOs e.g. with fingerprint? Currently, this new Remote Desktop client is only allowing to log in with login name and password and only option to log in is to use Windows 11 with virtual TPM ( and it's not working perfectly... sometimes it's working, sometimes not 😔)
Are you asking when will the MAC client support Azure AD Join Single Sign on???
Not sure. Windows client is the only one today that supports this…but I know support for other clients is being worked on
Hello Dean, is AVD Hybrid Join SSO still require the preview build as of February 2023?
That or newer
Good news ! Thanks Dean
How could we get Azure Virtual Desktop T-shirt ? xD
I got this from Microsoft when I co-hosted the last AVD Master class
@@AzureAcademy hey Dean, do you know why targetisaadjoined does not work anymore ? thank you
It does now
I was super excited till you got to the requirement of a preview build of Window 11.
Will this ever be available for Windows 10?
I hear ya Paul. Remember how I said a ton of work went into windows to make this so easy…to do that workin win 10…let’s just say I will not hold my breath but many have commented asking for it…so I will go to the PG and push for it, just for you! ☺️
Hi Paul, I’m David and I own this feature on the Azure Virtual Desktop team. Thanks for the feedback and interest. Stay tuned for Windows 10, it's coming.
Thanks David!
@@davidbelanger8440 that IS good news. Thankyou.
👍
I created win 11 22H2 version build and enabled RDP settings as well as created AD account for Kerberos auth. Still its asking for password
Since you setup the Kerberos Auth...I assume you have a Hybrid Join environment?
If that is the case...did you configure Azure AD Connect for Hybrid Join and do you have a Group policy configured for Hybrid and Single Sign On?
Is there a way for split brain domain customers to take advantage of this? When you have mismatched domain names ( one domain name for internal and one for Azure) you always get a pop up box to sign in no matter what type of SSON you try to use. Once you put in the domain name that matches your azure tennant at least you dont have to enter in the password. However, total SSON with no pop up would be great. Love the chanel! Do you have a slack or other chat group?
Thanks for watching and the question!
Because the domain names are different true SSO would not be able to work. The domain name uses something called home realm discovery, which looks up the name and sees what services like SSO are enabled. If it can’t find it or read the services because it isn’t registered with Azure it prompts for creds.
I do not currently have a discord or slack…not enough hours in the day…BUT if I am able to go full time UA-camr then I would add lots of services ☺️one day soon I hope!
@@AzureAcademy In my case it's because i followed MS practice many years to have your on prem domain be .local. So mad at them for that. I wish Azure could say if its coming from trusted domain x.x.x.x its already syncing with AD then yeah, .internal is cool and replace it on the azure side.
Yeah…at the time it was a good security practice to segment your internet presence from your on prem
But the cloud changed to many things…now we want to extend on prem to the cloud…and that requires a single domain name, and .local just doesn’t do it.
I know how it feels to make this change
I have had to do it myself and with many customers…it’s a pain but it does give you benefits like SSO
Is this supported on Windows10 Single and Multi session OS? Version 21H2.
Windows 10 is NOT supported at this time.
Hi Dean, can this be used on a non AAD or domain joined client? I want to use a Windows 10 IoT thin client running with a kiosk account and using the Remote Desktop Client, subscribe to my resources but when opening a desktop or application remove the second Windows Security prompt. Should that be possible with what you have described in the video? Thanks in advance 👍
This feature is only for Azure AD joined hosts
There is another single sign on method using ADFS see here
👉 ua-cam.com/video/_VOEi0cMBvQ/v-deo.html
@@AzureAcademy Hi Dean, thanks for the prompt reply. So does the ADFS method work with non domain joined hosts, which would be ideal for a kiosk way of working. Just confirming before going down that route and setting up as I had read some comments from people complaining having to use ADFS as saw is as outdated. Many thanks and great content as always. 👍
No, SSO requires some kind of Join
ADFS requires domain join.
Azure AD SSO requires AADJoin or hybrid
AVD requires some kind of join option in general
And there is no SSO log in support for RDP without some kind of join
@@AzureAcademy Thanks Dean. Appreciate your help with these answers. 😀
Anytime
Hello Dean,
I have trouble now to deploy usual AVD Azure AD Join : Login failed
RDP argument "targetisaadjoined" does not work and "enablerdsaadauth" does fix it the Azure AD user login :(
Do you have idea good idea ?
Thanks,
I assume you have BOTH of those RDP Properties set
targetisaadjoined:i:1 & enablerdsaadauth:i:1
do you ALSO have the RBAC permissions set to allow Virtual Machine login?
@@AzureAcademy Yep. Even in the Microsoft Doc, targetisaadjoined argument RDP Properties is not anymore listed. Azure Portal does not allow targetisaadjoined but Powershell cmd still does :)
I checked on this, targetisaadjoined:I:1 is added to the RDP properties advanced screen now
You do not mention needing Azure Active Directory Domain Services. does AVD still require AD DS?
Also, have you done a video regarding Azure Netapp files? I am the under the assumption that ANF does not require AD DS.
What are your thoughts?
Thank you for your hard work.
Thanks for watching! Azure AD Domain Services does not work with ANY Single Sign On method.
AVD Does NOT require Active Directory. You can implement Azure AD Join for your VMs, which means you only need Azure AD
Azure NetApp Files does NOT require Active Directory but it does make things easier.
Here is my video on ANF - Happy Learning!
👉ua-cam.com/video/bswIbTB62mY/v-deo.html
@@AzureAcademy Excellent. 👍
👍👍
@@AzureAcademy Hi, the problem is that we cannot go full AZure AD join as we are using azure file shares with Azure AD Domain Services for security. there is no support for Azure AD to setup security at the moment for Azure file share or is there a solution?
As a cloud only authenticated file share…yes it can…but not with NTFS like permissions…for that you need a domain controller
Do you have official Microsoft websites announcing this feature? I didn't find any yet. Does it work with Windows 10?
Windows 10 is NOT supported at this time.
Hi Milos, I’m David and I own this feature on the Azure Virtual Desktop team. The official announcement was just posted on our Azure Virtual Desktop Forum. Windows 10 support is in progress but needs a Windows update. Stay tuned. techcommunity.microsoft.com/t5/azure-virtual-desktop/insider-preview-single-sign-on-and-passwordless-authentication/m-p/3608842
👍👍
You mention Windows 22H2, can this work with Win10 21H2? Will see tomorrow but wanted to check as we will be 9 months before 22H2
This is exclusive to Windows 11
Windows 10 is NOT supported at this time.
@@AzureAcademy thanks for letting me know. Booo.... least it gives me more reasons why we should upgrade quicker!
Hi Mike, I’m David and I own this feature on the Azure Virtual Desktop team. Windows 10 support is in progress and will need a Windows update. Stay tuned.
Stay Tuned!
NICE!
How do we get this on Windows 365?
YOU can’t do anything to make this happen…BUT the Win365 product team is working on this…it should be coming soon ☺️
I followed all the instructions and it still not sso for me.
Do you have the windows 11 22h2 preview build like I said to use
And did you set the RDP properties
Yes I've set Windows 11 version 22H2 Enterprise multi-session, had rdp properties set under advanced with enablerdsaadauth:i:1. I also created kerberos object as well. When on RDP client, I select the desktop and it still prompting for a password. Greatly appreciated with you can guide me what I did wrong.
Are you using the windows AVD client and is that client using the latest version?
@@AzureAcademy I am using the remote desktop and its showing "you're up to date".
Remote Desktop??? Do you mean the windows version of the AVD client?
You cannot use the normal RDP client
Will the Kerberos piece work on existing haadj machines for ppl looking to go to aadj full cloud.
Hybrid or AzureAD Join both work as I covered in the video with this new feature. Traditional AD Join will still require ADFS
So…yes 100% cloud works!
Just so I’m asking the question right, I mean window machines not AVD session that are HaDJ. Have client in this state currently but wanting to go full cloud with AADJ away from HAADJ.
This feature for so you can connect to your AVD session hosts with SSO. As for AADJ or Hybrid Join outside of AVD...not sure, I haven't had a chance to try it. but the Hybrid / Azure AD Kerberos PowerShell scripts I was showing are for general use...so try it and please let me know!