Continuing with our Azure Virtual Desktop deployment using Azure AD authentication today, we will focus on the access layer to AVD.
If you missed part 1 of this blog post, click here to read more.
Because we are using Azure AD as the authentication mechanism, we need to take a few extra steps to allow users to access AVD virtual desktops.
Create Azure User Group
To follow best practices and streamline adding users to AVD, I recommend you create two user groups in Azure AD. One group for normal non-admin users and another admin group for users who will manage AVD and need local admin access inside AVD virtual desktops.
In my case, I will create the following groups.
- AVD Users
- AVD Admins
After you create the groups, Add your users to the above groups.
Now it is time to give users access to the AVD Virtual Desktop pool. to do so, open the Azure portal
Click on Azure Virtual Desktop
From the left menu, click on Application groups
Click on the application group located in the centre of the screen
Once in the Application Group screen, click on Assignments as shown below.
Click on Add and add the two Azure AD Groups created in the above step.
We configured access to the AVD Application Group; however, we are not done since there are two more security layers to configure.
Tomorrow we will cover the remaining two security layers.