conditional access, user actions and registering security information for use of AVD
I work in an org where we do not allow unmanaged devices access to any of our Azure/M365 services. We use both conditional access and tenant restrictions and other methods to secure our environment.
However we are in the process of enabling Azure virtual desktop (AVD) and we DO want to users to be able to use this from an unmanaged device and only in this scenario.
This is probably not an AVD question, but more so on Azure AD and conditional access but hoping in case anyone has attempted this.
We find that since enabling combined registration one of CA policies is blocking access for a user to register their security information either from the legacy workflows or using the combined registration experience.
Using the user actions – register security information to allow from all locations also doesn’t seem to work.
We cannot make any exceptions or remove the conditional access policy, which BTW prevents unmanaged devices to access. We do have another CA policy which does allow AVD from an unmanaged device but mandates MFA. That works great until we force the user to register SSPR security information.
Are you aware of any other options that could help in this scenario?
Answer ( 1 )
I don’t know any solution to this situation. I think there should some exceptions for AVD users that are allowed to use AVD from personal devices. You can put additional controls such as MFA with Azure AD Conditional Access.