In continuing from Part 1, I will go through the post deployment steps needed to support the design and the ability for an end user to login into the virtual desktop environment.
Previously I have deployed the Azure virtual desktop host pool, next I need to configure an RDP property to as targetisaadjoined:i:1.
To access Azure AD-joined VMs using the web, Android, macOS and iOS clients, you must add targetisaadjoined:i:1 as a custom RDP property to the host pool. These connections are restricted to entering user name and password credentials when signing in to the session host.
You can read further details of this at https://learn.microsoft.com/en-us/azure/virtual-desktop/azure-ad-joined-session-hosts
Next, I create an Azure AD Group called Azure Virtual Desktop users to assign a set of Azure AD users to access and login into the virtual desktop environment.
I add a role assignment between this AAD group and the host pool.
I grant the role Desktop Virtualization Machine Contributor to the AAD group. The Desktop Virtualization Virtual Machine Contributor role allows the Azure Virtual Desktop Resource Provider to create, delete, update, start, and stop virtual machines. This may be optional but I found this to have less friction when it comes to logging into the virtual desktop.
And I added another role assignment with the role Virtual Machine user Login. To allow a user to log in to the VM over RDP, you must assign the Virtual Machine User Login role.
I go back to the Application Group and click on Assignments blade, select the Azure Virtual Desktop Users AAD group.
I am now ready to have a user that is part of the AAD group attempt to login into the virtual desktop environment by going to https://client.wvd.microsoft.com/arm/webclient/index.html. The user will be prompted with Azure AD credentials and the workspace along with the application named SessionDesktop appears.
The user will be prompted again for credentials at the level of a windows login.
And is able to start the login
To recap, I have shown a basic walkthrough to setup AVD and have an end user login. To further advance this design with more capabilities to meet real world enterprise scenarios, there is so much more to learn and read about at the AVD microsoft documentation.