How to set up Conditional Access for Azure Virtual Desktop?


First of all, if you have an AVD environment and you still haven’t enabled CA (Conditional Access). Please do it now!

According to Director of Identity Security at Microsoft

99.9% of hacked accounts didn’t have MFA (multi-factor authentication

I will show you the simplest way of doing it, but you will want to tweak some options depending on your environment. If you need help, please reach out anytime.

First, let’s see what the prerequisites are:

  • Assign users a license that includes Azure Active Directory Premium P1 or P2
  • An Azure Active Directory group with your users assigned as group members. (this is not required, but it is good to use security groups)
  • You need to be a global administrator, security administrator, or Conditional Access administrator.

Now, let’s see how we can enable CA for your AVD user or security group.

  1. Login to your Azure portal –
  2. Open Azure Active Directory > Security > Conditional Access.
  3. Select New Policy.
To create a new policy, click on + New policy.
  1. Give your policy name. I would suggest creating a meaningful standard within your company for the policy names. Example: [app name] GRANT: Require MFA for all users.
  2. Under Assignments, select Users and groups. (in this case, I will select All users, but you can play with this, select only users or security groups)
  3. Under Cloud apps or actions > Include, select apps.
  1. Select the following app:
    • If you’re using Azure Virtual Desktop (classic), choose these apps:
      • Azure Virtual Desktop (App ID 5a0aa725-4958-4b0c-80a9-34562e23f3b7)
      • Azure Virtual Desktop Client (App ID fa4345a4-a730-4230-84a8-7d9651b86739)
    • If you’re using Azure Virtual Desktop, choose this app instead:
      • Azure Virtual Desktop (App ID 9cdead84-a844-4324-93f2-b2e6bb768d07)
As you can see from the picture, I still have Cloud apps with the old name – Windows Virtual Desktop but known as Azure Virtual Desktop. If you can’t find Azure Virtual Desktop, use this.
If your tenant does not have Azure Virtual Desktop, look for Windows Virtual Desktop.
- Windows Virtual Desktop (App ID 9cdead84-a844-4324-93f2-b2e6bb768d07)
- Windows Virtual Desktop (App ID fa4345a4-a730-4230-84a8-7d9651b86739

  1. Go to Conditions > Client apps and switch to Yes. Here select Browser and Mobile apps and desktop clients. Click Done.
Switch the Configuration to Yes and select Browser and Mobile apps and desktop clients.
  1. Once you completed all these steps, under Access controls go to Grant and select Grant access and Require multi-factor authentication.
Select Grant access and check Require multi-factor authentication.

Before hitting Create button, this is how your policy should look like.

This is how your Policy should look like.

If you want to learn more about Conditional Access for Azure Virtual Desktop (old name Windows Virtual desktop). Please check this link.

azure virtual desktop Azure Virtual Desktop RDP Shortpath backup your documents with onedrive backup your pictures with onedrive business it services boston Can I back up files using OneDrive Cloud PC Defender for Office 365 fix your spell check in microsoft teams how to install windows 11 How to limit who can create Microsoft Team sites How to set up MFA for my azure virtual desktop How to set up Microsoft OneDrive backup How to set up spell check Microsoft Teams how to upgrade unifi controller linux Idle session timeout Microsoft Defender for Office 365 Microsoft Lighthouse Microsoft OneDrive backup files Microsoft Teams Microsoft Teams silicon M1 Safe Links Microsoft Teams Setup MFA for WVD AVD spell check not working microsoft teams system requirements for windows 11 Unifi controller upgrade Universal Print windows 11 Windows365 Windows365 Business windows virtual desktop

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.