I'm trying to figure out how to create separate conditional access policies for Windows 365 and Azure Virtual Desktop (AVD). Whenever I set the target resource to 'Azure Virtual Desktop', it seems to impact the W365 Cloud PCs as well. I need to restrict AVD access specifically to their Cloud PCs for some external users who already have access to both. If anyone has suggestions or alternative solutions, I'd love to hear them!
2 Answers
If you deploy your Cloud PCs within your own Virtual Network (VNET), you can set up a NAT gateway, which would allow only that specific IP to connect to AVD. Alternatively, using a private link to connect to AVD over a private network might also be a viable option for restricting access.
You might want to check out this article on setting conditional access policies. It has some solid information that might help you'll understand the basics better.
I read through the article, but my issue is that when I set Azure Virtual Desktop as the target resource, it also includes access to the W365 Cloud PCs.
The challenge is that setting a conditional access policy to restrict AVD from certain IPs ends up affecting the Cloud PCs as well.