Add Windows Cloud Login application to Conditional Access automated

Single Sign On (SSO) for Azure Virtual Desktop (AVD) gives users a seamless login experience from their Windows 10 or Windows 11 device to AVD. This feature is available for a while and most people have configured this feature already. Also, most are also using Conditional Access (CA) (I hope). To make Single Sign On work for AVD in combination with CA policies you need to add the applications Microsoft Remote Desktop (a4a365df-50f1-4397-bc59-1a1564b8bb9c) to your CA policies. Based on your situation the applications are in- or excluded. Now, Microsoft announced that the Single Sign On traffic will be transitioned from the Microsoft Remote Desktop app to Windows Cloud Login. This means you have to add this application to your CA policies. This can be done manually, but I prefer to automate this. In this blog post, I will show you how to add the Windows Cloud Login application to your CA policies automated.

Continue Reading

Monitor Security Baseline Insights Recommendations

Microsoft has updated their security baselines in Microsoft Intune which you can read in the What is new in Intune. A part of the updates is that Microsoft has added recommended settings based on your organisation. In this blog post, I show how to monitor these recommendations that are part of the security baseline and generate a response when a setting does not met Microsoft’s recommendation.

Continue Reading

Configure AVD clipboard transfer direction automated

Using the clipboard between Azure Virtual Desktop and the users client is a great way to send data back and forth. But it is also could big leak into the system. So maybe you want to limit the use of the clipboard or get more control on how the clipboard could be used between the user and the Azure Virtual Desktop enviroment.

Continue Reading

Schedule image update Azure Virtual Desktop host pool

When you want to update session hosts in a host pool with automated management, you use session host update. Session host update enables you to update the underlying virtual machine (VM) image, size, disk type, and other configuration properties. It does this by deleting or deallocating the existing virtual machine and creating a new one with the updated configuration stored in the session host configuration. I’m realy exited abou this new feature. In this blog, I explain this new feature in how it works, where to think of when using it and, how to manage this (in an automated way).

Continue Reading

Find specific Azure Virutal Desktop assigned user

Recently I saw a question on X (Twitter) where someone was looking for a way to filter for a specific Azure Virtual Desktop assigned user using the Azure management API. For some reason, the filter option is not working in this API. Where in the end it was not possible to find the correct user directly from an API request. In this post, I show a different, also more efficient way, to find the correct user assigned to an Azure Virtual Desktop session host.

Continue Reading