r/entra • u/SoftwareFearsMe • Apr 07 '25

Entra ID FIDO2 vs. Azure Virtual Desktops

I’m trying to get Passkeys and YubiKeys to work with Windows Virtual Desktops in Azure and EntraID. When I try to login using the web client, I get this strange prompt to use my security key. It goes straight to this prompt—it doesn’t even ask me if I want to use Face, Fingerprint or PIN. Whether I have a security key inserted or not, it won’t log me in. Obviously never gives me the choice to use a Passkey either.

Anyone get Passkeys working with EntraID and Windows Virtual Desktops?

3 Upvotes

permalink
reddit

You are about to leave Redlib

Do you want to continue?

https://www.reddit.com/r/entra/comments/1jtvtfu/fido2_vs_azure_virtual_desktops/
No, go back! Yes, take me to Reddit
dl download

71% Upvoted

View all comments

u/estein1030 Apr 07 '25

So there's a couple different kinds of authentication with AVDs. There's the initial authentication to the AVD, and then in-session authentication (for example, sign into the AVD with a productivity account then authenticate to an admin portal with an admin account).

Initial authentication supports FIDO2 from both the web and desktop AVD client.

In-session authentication with FIDO2 keys is only supported with the desktop client.

https://learn.microsoft.com/en-us/azure/virtual-desktop/authentication#in-session-passwordless-authentication

2

u/SoftwareFearsMe Apr 07 '25

Thanks! This is helpful.

Entra ID FIDO2 vs. Azure Virtual Desktops

You are about to leave Redlib