Scribd
Upload
14 views

Authentication+and+Identity+Management

Uploaded by

Cojocariu CATALIN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views

Authentication+and+Identity+Management

Uploaded by

Cojocariu CATALIN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Azure Virtual Desktop

Authentication and Identity Management


examlabpractice.com
Identity Type Considerations
On-premises identities
• Since users must be discoverable through Azure Active Directory (Azure AD) to
access the Azure Virtual Desktop, user identities that exist only in Active Directory
Domain Services (AD DS) aren't supported.
Hybrid Identities
• Azure Virtual Desktop supports hybrid identities through Azure AD, including those
federated using AD FS. You can manage these user identities in AD DS and sync them
to Azure AD using Azure AD Connect. You can also use Azure AD to manage these
identities and sync them to Azure AD Domain Services (Azure AD DS).
Cloud-only identity
• Azure Virtual Desktop supports cloud-only identities when using Azure AD joined
VMs. These users are created and managed directly in Azure AD.
Third-party identity providers
• If you're using an Identity Provider (IdP) other than Azure AD to manage your user
accounts, you must ensure that:
• Your IdP is federated with Azure AD.
• Your session hosts are Azure AD-joined or Hybrid Azure AD-joined.
• You enable Azure AD authentication to the session host.
External identity
• Azure Virtual Desktop currently doesn't support external identities.
Identities
Azure Virtual Desktop supports different types of identities
depending on which configuration you choose.
• Azure Virtual Desktop doesn't support signing in to Azure AD
with one user account, then signing in to Windows with a
separate user account.
• Signing in with two different accounts at the same time can lead
to users reconnecting to the wrong session host, incorrect or
missing information in the Azure portal
Authentication Methods
Service authentication
• To access Azure Virtual Desktop resources, you must first authenticate to
the service by signing in with an Azure AD account. Authentication
happens whenever you subscribe to a workspace to retrieve your
resources and connect to apps or desktops.
Multi-factor authentication
• MFA can be enforced with the help of conditional access policies
Passwordless authentication
• You can use any authentication type supported by Azure AD, such as
Windows Hello for Business and other passwordless authentication
options (for example, FIDO keys), to authenticate to the service.
Smart card authentication
• To use a smart card to authenticate to Azure AD, you must first configure
AD FS for user certificate authentication or configure Azure AD certificate-
based authentication.
Session Host Authentication
If you haven't already enabled single sign-on or saved your credentials locally, you'll also need to
authenticate to the session host when launching a connection. The following list describes which types
of authentication each Azure Virtual Desktop client currently supports.
• The Windows Desktop client supports the following authentication methods:
• Username and password
• Smart card
• Windows Hello for Business certificate trust
• Windows Hello for Business key trust with certificates
• Azure AD authentication
• The Windows Store client supports the following authentication method:
• Username and password
• The web client supports the following authentication method:
• Username and password
• The Android client supports the following authentication method:
• Username and password
• The iOS client supports the following authentication method:
• Username and password
• The macOS client supports the following authentication method:
• Username and password
• Smart card: support for smart card-based sign in using smart card redirection at the
Winlogon prompt when NLA is not negotiated.

You might also like