Azure Virtual Desktop (AVD) and Multi-Factor Authentication (MFA)

Table of Contents

 

Introduction

It's possible to configure MFA for AVD. This can be done via a Conditional Access policy in Microsoft Entra ID (previously called Azure AD).

 

Configuration

  1.  Under 'Cloud apps or actions', include the following apps:
    • Workspace SSO App registration
    • AVD app
  2. You can always exclude certain apps from this Conditional Access policy, or assign specific users and/or groups to the policy. 

    AVD_1.PNG

  3. Under 'Conditions', select Client apps.
  4. Make sure 'Browser' and 'Mobile apps and desktop clients' are selected.
  5. Click Done.

    AVD_2.PNG

  6. Under Grant, select Require multi-factor authentication.

    AVD_3.PNG

  7. You may configure the 'Sign-in frequency', this defines the time period before a user is asked to sign in again when attempting to access a resource. 
  8. When you're done defining this policy, enable it by choosing 'On'.
  9. Click Create

Back to top