For Azure Virtual Desktop (based on Azure Resource Manager), you can configure MFA on these different apps:
-
Azure Virtual Desktop (app ID
9cdead84-a844-4324-93f2-b2e6bb768d07), which applies when the user subscribes to Azure Virtual Desktop, authenticates to the Azure Virtual Desktop Gateway during a connection, and when diagnostics information is sent to the service from the user's local device.Tip
The app name was previously Windows Virtual Desktop. If you registered the Microsoft.DesktopVirtualization resource provider before the display name changed, the application will be named Windows Virtual Desktop with the same app ID as Azure Virtual Desktop.
-
Microsoft Remote Desktop (app ID
a4a365df-50f1-4397-bc59-1a1564b8bb9c) and Windows Cloud Login (app ID270efc09-cd0d-444b-a71f-39af4910ec45). These apply when the user authenticates to the session host when single sign-on is enabled. We recommended you match conditional access policies between these apps and the Azure Virtual Desktop app, except for the sign-in frequency.Important
-
The clients used to access Azure Virtual Desktop use the Microsoft Remote Desktop Entra ID app to authenticate to the session host today. An upcoming change will transition the authentication to the Windows Cloud Login Entra ID app. To ensure a smooth transition, you need to add both Entra ID apps to your CA policies.
-
Don't select the app called Azure Virtual Desktop Azure Resource Manager Provider (app ID
50e95039-b200-4007-bc97-8d5790743a63). This app is only used for retrieving the user feed and shouldn't have multifactor authentication.
-
Note: Please refer to Azure multifactor authentication for Azure Virtual Desktop - Azure | Microsoft Docs for more info
Comments
0 comments
Please sign in to leave a comment.