Windows Virtual Desktop Integration with AuthPoint

Deployment Overview

This document describes how to set up multi-factor authentication (MFA) for Windows Virtual Desktop with the AuthPoint mobile app. This integration requires users to activate a Microsoft software token in the AuthPoint mobile app.

Windows Virtual Desktop must already be configured and deployed before you set up MFA with AuthPoint.

This integration was tested with Windows Virtual Desktop Spring 2020 Release.

Before You Begin

Before you begin these procedures, make sure that:

  • You have an Azure Active Directory global administrator account within the Azure Active Directory tenant
  • You have an active Azure subscription
  • You have an Azure Directory tenant associated with your Azure subscription
  • You have an Azure Active Directory user account with an Azure Active Directory Premium P1 or P2 license
  • You have an AuthPoint user account and have downloaded the AuthPoint mobile app

Configure MFA for Windows Virtual Desktop

  1. Log in to Azure Portal with the global administrator account.
  2. Navigate to Azure Active Directory.

Screenshot of the Azure Active Directory overview page.

  1. Select Security > Conditional Access.
  2. Click New Policy.

Screen shot of Azure Active Directory, picture2

  1. In the Name text box, type a name for the policy.
  2. In the Assignments section, select Users and groups.
  3. Select Include.
  4. Select Select users and groups, then select the Users and groups check box.
  5. Select the groups and users that will authenticate with MFA.

Screenshot of the settings for a conditional access policy.

  1. In the Assignments section, select Cloud apps or actions.
  2. Select Include.
  3. Select Select apps.
  4. Choose the Windows Virtual Desktop.
  5. Click Select.

Screen shot of Azure Active Directory, picture4

  1. In the Access controls section, select Grant.
  2. Select Grant access, then select the Require multi-factor authentication check box.
  3. Click Select.

Screen shot of Azure Active Directory, picture5

  1. In the Access controls section, select Session.
  2. Select the Sign-in frequency check box.
  3. Set the value to 1 and the unit to Hours.
  4. Click Select.

Screen shot of Azure Active Directory, picture6

  1. For Enable policy, select On.
  2. Click Create.
  3. In a browser, navigate to the Azure Resource Manager-integrated version of the Windows Virtual Desktop web client.

    You can also use the Windows Desktop client, Android client, macOS client, or the iOS client to connect to Windows Virtual Desktop resources. For more information, see the Microsoft documentation.

  4. In the Email, phone, or Skype text box, type the email address or phone number associated with your Azure Active Directory user.
  5. Click Next.
  6. Type your password.
  7. Click Sign in.
  8. Click Next.
  9. From the drop-down list, select Mobile app.
  10. Select Use verification code.

Screen shot of web client, picture7

  1. Click Set up.
  2. Click Configure app without notifications.

Screen shot of web client, picture8

  1. Open the AuthPoint app on your mobile device and tap to open the QR code reader.
  2. Scan the QR code on the screen to activate a third-party token for your account. If you have not yet activated a token in the AuthPoint mobile app, tap Activate when you open the app to open the QR code reader.
    Your Windows Virtual Desktop token is activated and listed in Third-Party Tokens on the Token Management screen in the AuthPoint app.

Screen shot of AuthPoint app, picture10

  1. In the browser, click Next.
  2. Click Next.
  3. In the verification text box, type the verification code displayed in the AuthPoint mobile app.

Screen shot of web client, picture11

  1. Click Verify.
  2. From the drop-down list, select your country or region. Type your phone number in the adjacent text box.

Screen shot of web client, picture12

  1. Click Done.

Test the Integration

  1. In a web browser, go to the Windows Virtual Desktop web client.
  2. In the Email, phone, or Skype text box, type the email address or phone number associated with your Azure Active Directory user.
  3. Click Next.
  4. Type your password.
  5. Click Sign in.
  6. In the Code text box, type the one-time password (OTP) for the token that you activated. You can see the OTP for your token in the AuthPoint mobile app.
  7. Click Verify.

Screen shot of web client, picture13

  1. Select the resource.

Screen shot of web client, picture14

  1. Click Allow.

Screen shot of web client, picture15

  1. Type your user name and password.
  2. Click Submit.
    You are successfully logged in to your Windows Virtual Desktop.

Screen shot of web client, picture16