Azure Secure Admin Workstation posts:
- Part 1 – VDI Environment
- Resource Group, Host pool, Workspace, Application Group, created an Entra Group with the ‘Desktop Virtualization User’ role and tie them all together.
- Part 2 – Firewalls and VNets
- Vnets, Subnets, IPs AzureFirewalls, Routes, FW rules etc.
- Part 3 – Session hosts and access
- Adding our SAW VM to the HostPool, connecting and authenticating
- Part 4 – Configuring Entra SSO
- Solving authentication and session establishment issues
- Getting Entra SSO working!
- Public GitHub project:
Context and References
- After deploying a session host, was able to connect with the local administrator created with the VM, but not the Entra users in the group created.
- Got things working after reading these docs and applying the following:
Troubleshooting and Errors
- After not being able to sign in with an Entra user, took a look at:
Error: Unable to connect right now
- Likely related to the AVD VM’s ability to talk to required Entra endpoints
- An easy way to validate this is to add a temporary allow all outbound TLS