title | titleSuffix | description | keywords | author | ms.author | manager | ms.date | ms.topic | ms.service | ms.subservice | ms.localizationpriority | ms.assetid | ms.reviewer | ms.suite | search.appverid | ms.custom | ms.collection | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Configure single sign-on for Windows 365 |
How to configure single sign-on for Windows 365 |
ErikjeMS |
erikje |
dougeby |
11/16/2023 |
how-to |
windows-365 |
high |
davidbel |
ems |
MET150 |
intune-azure; get-started |
|
This article explains the process of configuring single sign-on (SSO) for Windows 365 by using Microsoft Entra authentication. When you enable SSO, you can use passwordless authentication and third-party Identity Providers that federate with Microsoft Entra ID to sign in to your Cloud PC. When enabled, this feature provides a single sign-on experience both when authenticating to the Cloud PC and inside the session when accessing Microsoft Entra ID-based apps and websites.
For information on using passwordless authentication within the session, see In-session passwordless authentication.
To get started, following the steps to Configure single sign-on for Azure Virtual Desktop with the following caveats:
- If the Kerberos Server object isn't present for Microsoft Entra hybrid joined provisioning policies, a new error appears in your Azure Network Connection (ANC) health check for single sign-on.
- If you have conditional access policies that apply when accessing Windows 365, review the recommendations to set conditional access policies for Windows 365 to make sure users have the expected experience.
- SSO can be enabled on any provisioning policies. You can find the Use Microsoft Entra single sign-on option under the Join type on the General page. This can be done when creating a new provisioning policy or when editing an existing provisioning policy, with an option to apply SSO to existing Cloud PCs.
- Check out In-session passwordless authentication to learn how to enable passwordless authentication.