If I set up sign-in frequency with Azure Conditional Access on my AVD, does it stop using the session host and prompt me to log in? Or do I get a login window when I turn off and reconnect the virtual machine?
If I set up sign-in frequency with Azure Conditional Access on my AVD, does it stop using the session host and prompt me to log in? Or do I get a login window when I turn off and reconnect the virtual machine?
Hello, @lily-3557!
I'm in the process of confirming this but I believe that:
The session host is still used
There is a prompt for login (email + authenticator)
Login challenge frequency is configured with conditional access setup, and the recommendation is to include frequent credential checks: https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa
Then when the login and MFA authenticator prompt appears, the session host will not turn off, but will it be unavailable for a while until I log in again?
Hello, @lily-3557!
I checked with the product group and our understanding is that you can still keep working once you are logged on in a Windows Client/Server session. The only way your connection could be interrupted is if the gateway actively checks whether your Azure AD token has expired (which would cause it to be dropped) but we're not aware of a process in place that does that.
Hello, @lily-3557!
How does setting up multifactor authentication (MFA) and configuring sign-in frequency affect my login?
Wrapping up everything we've covered in the comments, setting up multifactor authentication (MFA) and configuring sign-in frequency will result in a prompt for login (email + authenticator). You will be challenged if you log in after the specified amount of time has passed but if your use extends past the period of time set for your sign-in frequency, you should be able to keep working as you are already logged on in a Windows Client/Server session.
There is a possibility that your connection could be interrupted if the gateway actively checks whether your Azure AD token has expired (which would cause it to be dropped) but we're not aware of a process in place that does that.
References:
8 people are following this question.