Azure Windows VM and Azure Virtual Desktop
Azure Virtual Desktop is a desktop and app virtualization service that runs on the cloud. MFA + AAD enabled feature can be very helpful to improve you security.
Similarly Organizations can improve the security of Windows virtual machines (VMs) in Azure by integrating with Azure Active Directory (Azure AD) authentication. You can now use Azure AD as a core authentication platform to RDP into Windows.
Last but not the least :- With Azure RBAC we can
- Specify who can log in to a VM as a regular user or with administrator privileges.
- When users join or leave your team, you can update the Azure RBAC policy for the VM to grant access as appropriate.
- When employees leave your organization and their user accounts are disabled or removed from Azure AD, they no longer have access to your resources.
key references:
We plan to create
- Windows VM and RDP to it using AAD (Using Conditional Access policy) + RBAC.
- Azure Virtual Desktop and login via web browser using AAD + RBAC.
lets begin:-
START USE CASE 1 — — — — — — — — — — — — — — — — — — — — — — — — — —
Login to the portal with MFA enable via MS Authenticator App.
Microsoft Authenticator method selected.
Post MFA able to login to the Portal and view the resources.
Resources created in two RSG, one for Virtual Desktop and Another for testing AAD on Windows VM.
Conditional access setup to exclude MFA for Windows AAD login as shown below:-
Azure AD login to Windows VM via RDP.
Successful login
Validate AAD join and AAD
End OF USE CASE 1 — — — — — — — — — — — — — — — — — — — — — — — — — —
START USE CASE 2 — — — — — — — — — — — — — — — — — — — — — — — — — —
Setup AVD referring below doc:-
Then update RDP properties at the end with “enablerdsaadauth:i:1”
Confirm MFA Enabled for the UPN — schaskar.
Connect to Virtual Desktop via — https://client.wvd.microsoft.com/arm/webclient
Asking for MFA — approved on MS Authenticator App
Got below error because RBAC is not setup
Once you give Virtual machine User/Administrator role to the user via IAM, you should be able to login to the Azure Virtual Desktop via
azuread\upn and password.
Confirming Azure AD join is successful.
End OF USE CASE 2— — — — — — — — — — — — — — — — — — — — — — — — — —
That's about Azure Windows VM and Azure Virtual Desktop about ……Lets keep learning together .. Lets sail together.