How to enable Azure Virtual Desktop Hybrid single sign-on.
NOTE : This currently only work for Windows 11 22h2 insider preview build.
login into the Azure Portal.
Go to Azure Virtual Desktop.
Open one of the created hostpools.
Select RDP Properties.
Configure : RDP will attempt to use Azure AD authentication to sign in
Go to the advanced tab.
The property that has been added is : enablerdsaadauth:i:1
Configure Azure AD Keberos
Azure AD Kerberos
1
2
3
4
5
|
# First, ensure TLS 1.2 for PowerShell gallery access.
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
# Install the Azure AD Kerberos PowerShell Module.
Install-Module -Name AzureADHybridAuthenticationManagement -AllowClobber
|
Select one of the example scenarios that fits your organization, is this blog i used example one.
1
2
3
4
5
6
7
8
9
10
11
12
13
|
# Specify the on-premises Active Directory domain. A new Azure AD
# Kerberos Server object will be created in this Active Directory domain.
$domain = $env:USERDNSDOMAIN
# Enter an Azure Active Directory global administrator username and password.
$cloudCred = Get-Credential -Message 'An Active Directory user who is a member of the Global Administrators group for Azure AD.'
# Enter a domain administrator username and password.
$domainCred = Get-Credential -Message 'An Active Directory user who is a member of the Domain Admins group.'
# Create the new Azure AD Kerberos Server object in Active Directory
# and then publish it to Azure Active Directory.
Set-AzureADKerberosServer -Domain $domain -CloudCredential $cloudCred -DomainCredential $domainCred
|
This script will create a user account and a computer account object in the onprem Active Directory, to redirect all authentication requests over to Azure AD.
Raymond Zaagsma
included in AVD
