Deploy Azure Virtual Desktop With Azure Active Directory Auth – Part 2

Continuing with our Azure Virtual Desktop deployment using Azure AD authentication today, we will focus on the access layer to AVD.

If you missed part 1 of this blog post, click here to read more.

Configuring Access

Because we are using Azure AD as the authentication mechanism, we need to take a few extra steps to allow users to access AVD virtual desktops.

Create Azure User Group

To follow best practices and streamline adding users to AVD, I recommend you create two user groups in Azure AD. One group for normal non-admin users and another admin group for users who will manage AVD and need local admin access inside AVD virtual desktops.

In my case, I will create the following groups.

  • AVD Users
  • AVD Admins

After you create the groups, Add your users to the above groups.


Now it is time to give users access to the AVD Virtual Desktop pool. to do so, open the Azure portal

Click on Azure Virtual Desktop

From the left menu, click on Application groups

Click on the application group located in the centre of the screen

Once in the Application Group screen, click on Assignments as shown below.

Click on Add and add the two Azure AD Groups created in the above step.

We configured access to the AVD Application Group; however, we are not done since there are two more security layers to configure.

Tomorrow we will cover the remaining two security layers.