Hey everyone! I've recently set up an AVD environment for a business that only uses Entra ID, and things are mostly working well. Users can sign in with their Entra credentials and access AVD via Single Sign-On using the Microsoft guidance. However, I've been receiving complaints that user sessions are locking up after a period of inactivity, and when they attempt to unlock, they're getting a 'password is incorrect' message. This doesn't happen when I disable SSO, making me wonder if this issue is expected behavior. I'd prefer if sessions would simply disconnect on timeout so users could reconnect without the hassle of a password prompt at every turn, but some employees use dictation software that runs in the AVD session and it stops working after 15 minutes of inactivity. I'm at a loss about the best approach to take here. Any advice?
1 Answer
This situation is pretty common. The integration between Entra ID and AVD isn't fully matured yet, so you'll often run into issues like this. A workaround is to exclude Azure VM sign-ins from your MFA, which might help with those incorrect password errors. Unfortunately, that does mean navigating some compromises, but it's where we are right now. Plus, it would be great if Microsoft put more effort into improving these integrations instead of chasing the latest trends like AI.
I hear you on the frustrations! It can be disheartening when you're so close to having a solution. If MFA isn't working with SSO enabled, you might have to turn SSO off completely to avoid the password issues. It's a tough choice between user experience and security.