You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-desktop/set-up-mfa.md
+10-11Lines changed: 10 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -103,27 +103,26 @@ Here's how to create a Conditional Access policy that requires multifactor authe
103
103
104
104
Sign-in frequency policies enable you to choose the time period before a user must prove their identity again when accessing Microsoft Entra-based resources. This can help secure your environment and is especially important for personal devices, where the local OS may not require MFA or may not lock automatically after inactivity.
105
105
106
-
Sign-in frequency policies will result in different behavior based on the Microsoft Entra app selected:
107
-
-**Azure Virtual Desktop** (app ID 9cdead84-a844-4324-93f2-b2e6bb768d07)
108
-
- Enforces re-authentication when a user subscribes to Azure Virtual Desktop, manually refreshes their list of resources and authenticates to the Azure Virtual Desktop Gateway during a connection.
109
-
- Once the re-authentication period has passed, background feed refresh and diagnostics upload will silently fail, until a user completes their next interactive sign in to Microsoft Entra.
110
-
-**Microsoft Remote Desktop** (app ID a4a365df-50f1-4397-bc59-1a1564b8bb9c) and **Windows Cloud Login** (app ID 270efc09-cd0d-444b-a71f-39af4910ec45)
111
-
- Enforces re-authentication when a user signs in to a session host when [single sign-on](configure-single-sign-on.md) is enabled.
112
-
- Both apps should be configured together as the Azure Virtual Desktop clients will soon switch from using the Microsoft Remote Desktop app to the Windows Cloud Login app to authenticate to the session host.
106
+
Sign-in frequency policies result in different behavior based on the Microsoft Entra app selected:
107
+
108
+
| Microsoft Entra | App ID | Behavior |
109
+
|--|--|--|
110
+
|**Azure Virtual Desktop**| 9cdead84-a844-4324-93f2-b2e6bb768d07 | Enforces re-authentication when a user subscribes to Azure Virtual Desktop, manually refreshes their list of resources and authenticates to the Azure Virtual Desktop Gateway during a connection.<br /><br />Once the re-authentication period has passed, background feed refresh and diagnostics upload silently fails until a user completes their next interactive sign in to Microsoft Entra. |
111
+
|**Microsoft Remote Desktop**<br /><br />**Windows Cloud Login**| a4a365df-50f1-4397-bc59-1a1564b8bb9c<br /><br />270efc09-cd0d-444b-a71f-39af4910ec45 | Enforces re-authentication when a user signs in to a session host when [single sign-on](configure-single-sign-on.md) is enabled.<br /><br />Both apps should be configured together as the Azure Virtual Desktop clients will soon switch from using the Microsoft Remote Desktop app to the Windows Cloud Login app to authenticate to the session host. |
113
112
114
113
To configure the time period before a user is asked to sign-in again:
115
114
116
115
1. Open the policy you created previously.
117
116
1. Under **Access controls** > **Session**, select **0 controls selected**.
118
117
1. On the new pane that opens, select **Sign-in frequency**.
119
118
1. Select **Periodic reauthentication** or **Every time**.
120
-
- If you select Periodic reauthentication, set the value for the time period before a user is asked to sign-in again, and then select **Select**. For example, setting the value to **1** and the unit to **Hours**, will require multifactor authentication if a connection is launched over an hour after the last one.
121
-
- If you select Every time, users will be prompted to re-authenticate after a period or 10 to 15 minutes since the last time they authenticated.
119
+
- If you select **Periodic reauthentication**, set the value for the time period before a user is asked to sign-in again, and then select **Select**. For example, setting the value to **1** and the unit to **Hours**, requires multifactor authentication if a connection is launched over an hour after the last one.
120
+
- If you select **Every time**, users are prompted to re-authenticate after a period or 10 to 15 minutes since the last time they authenticated.
122
121
1. At the bottom of the page, under **Enable policy** select **Save**.
123
122
124
123
> [!NOTE]
125
-
> - Re-authentication only happens when a user must authenticate to a resource. Once a connection is established, users will not be prompted even if the connection lasts longer than the sign-in frequency you've configured.
126
-
> - Users will need to re-authenticate if there is a network disruption that forces the session to be re-established after the sign-in frequency you've configured. This could lead to more frequent authentication requests on unstable networks.
124
+
> - Re-authentication only happens when a user must authenticate to a resource. Once a connection is established, users aren't prompted even if the connection lasts longer than the sign-in frequency you've configured.
125
+
> - Users need to re-authenticate if there is a network disruption that forces the session to be re-established after the sign-in frequency you've configured. This can lead to more frequent authentication requests on unstable networks.
0 commit comments