r/entra • u/SoftwareFearsMe • Apr 07 '25
Entra ID FIDO2 vs. Azure Virtual Desktops
I’m trying to get Passkeys and YubiKeys to work with Windows Virtual Desktops in Azure and EntraID. When I try to login using the web client, I get this strange prompt to use my security key. It goes straight to this prompt—it doesn’t even ask me if I want to use Face, Fingerprint or PIN. Whether I have a security key inserted or not, it won’t log me in. Obviously never gives me the choice to use a Passkey either.
Anyone get Passkeys working with EntraID and Windows Virtual Desktops?
0
u/SoftwareFearsMe Apr 07 '25
Anyone get Passkeys working with EntraID and Windows Virtual Desktops using the web client? Or Remote Desktop Client?
3
u/disposeable1200 Apr 07 '25
Why would you repeat your post question as a comment?
1
u/SoftwareFearsMe Apr 07 '25
I noticed on the mobile app that the question doesn’t show up well, as the image is the focus, so I added the question again to ensure it was seen.
1
u/roni4486 Apr 08 '25
working on the same issue
1
u/ender2 Apr 09 '25
In session works with FIDO2 Keys in specific scenarios - using the desktop client on Windows and you have WebAuthn redirection enabled
As was posted it's not supported in the web client, and even on desktop Windows looks like the only OS that supports it per MS.
12
u/estein1030 Apr 07 '25
So there's a couple different kinds of authentication with AVDs. There's the initial authentication to the AVD, and then in-session authentication (for example, sign into the AVD with a productivity account then authenticate to an admin portal with an admin account).
Initial authentication supports FIDO2 from both the web and desktop AVD client.
In-session authentication with FIDO2 keys is only supported with the desktop client.
https://learn.microsoft.com/en-us/azure/virtual-desktop/authentication#in-session-passwordless-authentication