You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-desktop/configure-single-sign-on.md
+16-17Lines changed: 16 additions & 17 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ manager: femila
7
7
8
8
ms.service: virtual-desktop
9
9
ms.topic: how-to
10
-
ms.date: 09/22/2022
10
+
ms.date: 12/06/2022
11
11
ms.author: helohr
12
12
---
13
13
# Configure single sign-on for Azure Virtual Desktop using Azure AD Authentication
@@ -19,40 +19,38 @@ ms.author: helohr
19
19
20
20
This article will walk you through the process of configuring single sign-on (SSO) using Azure Active Directory (Azure AD) authentication for Azure Virtual Desktop (preview). When you enable SSO, you can use passwordless authentication and third-party Identity Providers that federate with Azure AD to sign in to your Azure Virtual Desktop and Remote Applications.
21
21
22
-
For additional passwordless functionality within the session, see the **Next Steps** section for configuring in-session passwordless authentication below.
22
+
For additional passwordless functionality within the session, see the [**Next Steps**](#next-steps) section for configuring in-session passwordless authentication below.
23
23
24
24
> [!NOTE]
25
25
> Azure Virtual Desktop (classic) doesn't support this feature.
26
26
27
27
## Prerequisites
28
28
29
-
**Single sign-on is available on session hosts using the following operating systems:**
29
+
Single sign-on is available on session hosts using the following operating systems:
30
30
31
-
- Windows 11 Enterprise single or multi-session with the [2022-09 Cumulative Updates for Windows 11 Preview (KB5017383)](https://support.microsoft.com/kb/KB5017383) or later installed.
32
-
- Windows 10 Enterprise single or multi-session, versions 20H2 or later with the [2022-09 Cumulative Updates for Windows 10 Preview (KB5017380)](https://support.microsoft.com/kb/KB5017380) or later installed.
33
-
- Windows Server 2022 with the [2022-09 Cumulative Update for Microsoft server operating system preview (KB5017381)](https://support.microsoft.com/kb/KB5017381) or later installed.
31
+
- Windows 11 Enterprise single or multi-session with the [2022-09 Cumulative Updates for Windows 11 Preview (KB5017383)](https://support.microsoft.com/kb/KB5017383) or later installed.
32
+
- Windows 10 Enterprise single or multi-session, versions 20H2 or later with the [2022-09 Cumulative Updates for Windows 10 Preview (KB5017380)](https://support.microsoft.com/kb/KB5017380) or later installed.
33
+
- Windows Server 2022 with the [2022-09 Cumulative Update for Microsoft server operating system preview (KB5017381)](https://support.microsoft.com/kb/KB5017381) or later installed.
34
34
35
-
**Session Hosts must be Azure AD or Hybrid Joined**
35
+
Session hosts must be Azure AD-joined or [Hybrid Azure AD-Joined](https://learn.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan).
36
36
37
-
**You must [Create a Kerberos Server object](../active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md#create-a-kerberos-server-object) when your session host is:**
37
+
> [!NOTE]
38
+
> Azure Virtual Desktop doesn't support this solution with VMs joined to Azure AD Domain Services or Active Directory only joined session hosts.
39
+
40
+
You must [Create a Kerberos Server object](../active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md#create-a-kerberos-server-object) when your session host is:
38
41
39
42
- Hybrid Azure AD-joined. Azure AD Kerberos is needed to complete the authentication to the domain controller.
40
-
- Azure AD-joined and your environment contains Active Directory Domain Controllers. Azure AD Kerberos is required in this case for users to access on-premises resources, like SMB shares, and Windows-integrated authentication to websites. For information on Azure AD joined Sessions Hosts using FSLogix, see [Create a profile container with Azure Files and Azure Active Directory](create-profile-container-azure-ad.md)
43
+
- Azure AD-joined and your environment contains Active Directory Domain Controllers. Azure AD Kerberos is required in this case for users to access on-premises resources, like SMB shares, and Windows-integrated authentication to websites.
41
44
42
-
**Connections currently supported:**
45
+
Clients currently supported:
43
46
44
-
-[Windows Desktop client](users/connect-windows.md) on local PCs running Windows 10 or later. There's no requirement for the local PC to be joined to a domain or Azure AD.
45
-
-[Web client](users/connect-web.md).
46
-
47
-
> [!NOTE]
48
-
> Azure Virtual Desktop doesn't support this solution with VMs joined to Azure AD Domain Services or Active Directory only joined Session Hosts.
47
+
-[Windows Desktop client](users/connect-windows.md) on local PCs running Windows 10 or later. There's no requirement for the local PC to be joined to a domain or Azure AD.
48
+
-[Web client](users/connect-web.md).
49
49
50
50
## Enable single sign-on
51
51
52
52
To enable SSO on your host pool, you must [customize an RDP property](customize-rdp-properties.md). You can find the **Azure AD Authentication** property under the **Connection information** tab in the Azure portal or set the **enablerdsaadauth** property to **1** using PowerShell.
53
53
54
-
For additional reference: [Deep dive: How Azure AD Kerberos works](https://techcommunity.microsoft.com/t5/itops-talk-blog/deep-dive-how-azure-ad-kerberos-works/ba-p/3070889)
55
-
56
54
> [!IMPORTANT]
57
55
> If you enable SSO on your Hybrid Azure AD-joined VMs before you create the Kerberos server object, you won't be able to connect to the VMs, and you'll see an error message saying the specific log on session doesn't exist.
58
56
@@ -63,6 +61,7 @@ When enabling single sign-on, you'll currently be prompted to authenticate to Az
63
61
## Next steps
64
62
65
63
- Check out [In-session passwordless authentication (preview)](authentication.md#in-session-passwordless-authentication-preview) to learn how to enable passwordless authentication.
64
+
- For more information about Azure AD Kerberos, see [Deep dive: How Azure AD Kerberos works](https://techcommunity.microsoft.com/t5/itops-talk-blog/deep-dive-how-azure-ad-kerberos-works/ba-p/3070889)
66
65
- If you're accessing Azure Virtual Desktop from our Windows Desktop client, see [Connect with the Windows Desktop client](./users/connect-windows.md).
67
66
- If you're accessing Azure Virtual Desktop from our web client, see [Connect with the web client](./users/connect-web.md).
68
67
- If you encounter any issues, go to [Troubleshoot connections to Azure AD-joined VMs](troubleshoot-azure-ad-connections.md).
0 commit comments