Azure Windows VM and Azure Virtual Desktop

Azure Virtual Desktop is a desktop and app virtualization service that runs on the cloud. MFA + AAD enabled feature can be very helpful to improve you security.

Similarly Organizations can improve the security of Windows virtual machines (VMs) in Azure by integrating with Azure Active Directory (Azure AD) authentication. You can now use Azure AD as a core authentication platform to RDP into Windows.

Last but not the least :- With Azure RBAC we can

• Specify who can log in to a VM as a regular user or with administrator privileges.
• When users join or leave your team, you can update the Azure RBAC policy for the VM to grant access as appropriate.
• When employees leave your organization and their user accounts are disabled or removed from Azure AD, they no longer have access to your resources.

key references:

Log in to a Windows virtual machine in Azure by using Azure AD - Microsoft Entra

What is Azure Virtual Desktop? - Azure

We plan to create

1. Windows VM and RDP to it using AAD (Using Conditional Access policy) + RBAC.
2. Azure Virtual Desktop and login via web browser using AAD + RBAC.

lets begin:-

START USE CASE 1 — — — — — — — — — — — — — — — — — — — — — — — — — —

Login to the portal with MFA enable via MS Authenticator App.

Microsoft Authenticator method selected.

Post MFA able to login to the Portal and view the resources.

Resources created in two RSG, one for Virtual Desktop and Another for testing AAD on Windows VM.

Conditional access setup to exclude MFA for Windows AAD login as shown below:-

Azure AD login to Windows VM via RDP.

Successful login

Validate AAD join and AAD

End OF USE CASE 1 — — — — — — — — — — — — — — — — — — — — — — — — — —

START USE CASE 2 — — — — — — — — — — — — — — — — — — — — — — — — — —

Setup AVD referring below doc:-

Tutorial to create and connect to a Windows 11 desktop with Azure Virtual Desktop - Azure Virtual…

Then update RDP properties at the end with “enablerdsaadauth:i:1”

Confirm MFA Enabled for the UPN — schaskar.

Connect to Virtual Desktop via — https://client.wvd.microsoft.com/arm/webclient

Asking for MFA — approved on MS Authenticator App

Got below error because RBAC is not setup

Once you give Virtual machine User/Administrator role to the user via IAM, you should be able to login to the Azure Virtual Desktop via

azuread\upn and password.

Confirming Azure AD join is successful.

End OF USE CASE 2— — — — — — — — — — — — — — — — — — — — — — — — — —

That's about Azure Windows VM and Azure Virtual Desktop about ……Lets keep learning together .. Lets sail together.