AVD: Single sign-on using Azure AD authentication

Microsoft have recently announced that Single sign-on (SSO) using Azure AD authentication for Azure Virtual Desktop is in preview.

This is great news as it will also mean that when SSO is enabled that passwordless authentication will work also.

There are some pre-requisites at present which are:

New session hosts must be one of the following images:

  • Windows 11 version 22H2 Enterprise, (Preview) – X64 Gen 2.
  • Windows 11 version 22H2 Enterprise multi-session, (Preview) – X64 Gen2.
  • Also Azure Virtual Desktop doesn’t support this solution with VMs joined to Azure AD Domain Services

Once the host pool is created with the correct Windows VMs then you can enable in one simple step as shown below by changing the Azure AD Authentication to “RDP will attempt to use Azure AD authentication to sign in”

This will add enablerdsaadauth:i:1 to the advanced RDP properties

About the author