This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 39%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Hi All,
I am trying to explore the azure virtual desktop with azuread joined in it (not azure AD DS).
here are the steps I have followed
I have gone through multiple documents, various troubleshooting forums , but still not getting any solution. can you please advise what I should check to make this work.
thanks in advance.
khsarvaiya-6096
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Have you completed all of the steps outlined here: https://learn.microsoft.com/en-us/azure/virtual-desktop/deploy-azure-ad-joined-vm#assign-user-access-to-host-pools
Also, this section is very important. Make sure you have everything in place as below:
thanks @Alan Kinane for reply. appreciate it.
yes I have gone though this link as well.
then I tried with "azuread\username@keyman .com" , "AzureAD\username@keyman .com" , "username@keyman .com"
but it is not working and shows same error.
Sorry for asking, but you mentioned you have MFA enabled. So have you performed these steps also?
If possible, maybe temporarily disable MFA for this account so MFA can be ruled out as an issue.
Also, have you rebooted the session host(s) since adding the RDP property: targetisaadjoined:i:1
thanks @Alan Kinane for the immediate response on this, really appreciate it.
yes I have rebooted that vm.
for MFA, I understood that we can use MFA in this setup, so we dint disturb that for this setup.
But for disabling the MFA, I would need to check with our org admin. as this is applied to all org users and to check its impact.
I will check and update.
thanks.
You can still use MFA but you will need to apply MFA through conditional access policies instead of through the Microsoft 365 per-user MFA system.
thanks,
I have just confirmed, we have per user MFA is disabled.
and MFA is enabled with conditional access only in our organization.
If you could it might be good to rule out MFA by taking the user out of the CA policy temporarily to test.
Another thing to check is that the PKU2U protocol is enabled on both your own local device and on the session host - see here: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/azure-virtual-desktop-azure-active-directory-join#protocol-and-client-options
thanks @Alan Kinane , we have excluded windows-vm sign-in from the CA policy and now it started working.
@khsarvaiya
Thank you for following up on this and I'm glad that @Alan Kinane 's answers helped resolve your issue!
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.