Azure Virtual Desktop (AVD) and Multi-Factor Authentication (MFA)

Table of Contents



It's possible to configure MFA for AVD. This can be done via a Conditional Access policy in Microsoft Entra ID (previously called Azure AD).



  1.  Under 'Cloud apps or actions', include the following apps:
    • Workspace SSO App registration
    • AVD app
  2. You can always exclude certain apps from this Conditional Access policy, or assign specific users and/or groups to the policy. 


  3. Under 'Conditions', select Client apps.
  4. Make sure 'Browser' and 'Mobile apps and desktop clients' are selected.
  5. Click Done.


  6. Under Grant, select Require multi-factor authentication.


  7. You may configure the 'Sign-in frequency', this defines the time period before a user is asked to sign in again when attempting to access a resource. 
  8. When you're done defining this policy, enable it by choosing 'On'.
  9. Click Create

Back to top