As you might know there currently is no Single Sign On towards the Azure RemoteApp client, based ion locally logged on credentials. When you install and open the Azure RemoteApp client you will be presented with the dialog below. This is an authentication against Azure Active Directory (Azure AD) and based on these credentials the Azure RemoteApp client will retrieve the RemoteApps that have been assigned to you.
Currently into preview in Azure AD is the option to allow users to Azure AD join their devices. If you enable this option, users can join a device to Azure AD and log on to that device using their Azure AD account (which is optionally synced from on premises AD).
To configure this on the Windows 10 client, (this option is only available on Windows 10 you go to Settings and then About. These you click Join Azure AD.
You specify the domain name of your Azure AD. In this case rdsgurus.com
You acknowledge the enrolment and click continue.
Next, specify the account you want to use to join this device. This account obviously has to exist in Azure AD. And this is the account that has been added to the Azure RemoteApp collection, configured in the same Azure AD domain.
Confirm this is the correct organization and click Join.
And that’s it. The Windows 10 device is now joined to your Azure AD.
We can confirm this by going to the AAD in the Azure Portal, browsing to the user and opening the devices tab. Here we’ll see an overview of all the devices that this user joined to AAD.
We’re now able to log on to the device using the corporate (AAD) account.
When opening the Azure RemoteApp client and clicking Get Started, the client automatically signs in with the Azure AD account that is used to log on to the local device!
Obviously, there still is the current limitation to Hybrid scenario’s of Azure RemoteApp where at this point there is no full Single Sign On experience towards actual RemoteApp. This means you will be prompted when opening the 1st RemoteApp (with the option to save those credentials to your local credential store). This is in on roadmap to fix.
But with this experiment, with Windows 10 as an AAD joined device, there is already one authentication prompt less! Now all we need to do is wait for Win10 to go GA! :)
I tried to reproduce this result with our corporate Azure AD and it doesn't seem to work. After clicking Get Started the client prompts me and other users for a password. Did the functionality get lost in an update?
ReplyDelete"prompts me and other users for a password" to be correct, it prompts me for my credentials. The same way as it worked before joining the Azure AD.
DeleteSuch a lovely blog and well crafted, short and crisp.I was really looking for some informative blog like this one for research purpose on single sign on solutions. Thanks for the shoot out.Keep blogging.
ReplyDelete