Azure Insights: Windows Virtual Desktop security; PowerShell remote sessions; Azure AD Connect; MFA; Network Security Groups

March 28 2020

Microsoft Azure pros share their latest thoughts on Windows Virtual Desktop security, PowerShell remoting, Azure AD Connect, multi-factor authentication and more.

Boosting Windows Virtual Desktop security

Christiaan Brinkhoff explored the role of Azure multi-factor authentication (MFA) for protecting Windows Virtual Desktop (WVD). As a desktop virtualization service, WVD centralizes VDI infrastructure components, and permits extra security with Azure including MFA, Conditional Access and AD Premium. He wrote:

The easiness to activate Azure MFA and gain access based on Conditional Access is as easy it can be. It will decrease the percentage of being hacked with 99,9%...and adds the benefits of simplifying your management layer as top layer for your operations. Long story short, combine this all together and your new virtual workspace on Azure is ready to serve your user session – in a secure fashion!

Azure MFA works with Azure AF for free, but lacks some of the more granular Conditional Access controls. Brinkhoff listed a series of SKUs needed for conditional access and explained how to activate MFA through Azure portal. In subsequent logins to WVD, a wizard opens to guide users through the process. One option in some scenarios is to whitelist users based on trusted IPs.

Generating PowerShell remote sessions

About MSDW Reporter

More about MSDW Reporter