AVD issue connection is giving me error. user is not authenticated check the user i have the user listed in azure.

Question

AVD issue connection is giving me error. user is not authenticated check the user i have the user listed in azure.

Altaf Ingar 0

Manish Deshpande 1,330 Reputation points Microsoft External Staff Moderator

2025-12-09T19:58:28.01+00:00
Hello @Altaf Ingar

Thank you for contacting us about the AVD issue.

The most likely cause of this issue is that users are assigned to an application group in AVD, but not to the Virtual Machine User Login RBAC role for the VM that hosts the application group. This may happen because of one or more of the following reasons:

The RBAC role assignment was not created or updated when the application group was created or updated.

The RBAC role assignment was deleted or modified by mistake or by another administrator.

The RBAC role assignment was not propagated or synchronized properly across Azure regions or subscriptions.

To resolve this issue, follow these steps:

Verify that users are assigned to an application group in AVD. You can do this by using one of the following methods:

In the Azure portal, go to Azure Virtual Desktop > Application groups and select the application group that users are trying to access. Then go to Assignments and check if users are listed there.

In PowerShell, run the Get-AzWvdApplicationGroupUser cmdlet and specify the name and resource group of the application group that users are trying to access. For example:
Get-AzWvdApplicationGroupUser -ResourceGroupName

If you are not assigned to an application group in AVD, you need to add them by using one of the following methods:

In the Azure portal, go to Azure Virtual Desktop > Application groups and select the application group that users need to access. Then go to Assignments and click Add. Select Users or user groups and search for users by name or email address. Then click Select and Save.

In PowerShell, run the Add-AzWvdApplicationGroupUser cmdlet and specify the name and resource group of the application group that users need to access, as well as their user principal names (UPNs). For example:
Add-AzWvdApplicationGroupUser -ResourceGroupName

Verify that you are assigned to the Virtual Machine User Login RBAC role for the VM that hosts the application group. You can do this by using one of the following methods:

In the Azure portal, go to Virtual machines and select the VM that hosts the application group that users are trying to access. Then go to Access control (IAM) and check if users are listed there with the role of Virtual Machine User Login.

In PowerShell, run the Get-AzRoleAssignment cmdlet and specify the resource ID of the VM that hosts the application group that users are trying to access, as well as the role definition name of Virtual Machine User Login. For example:
Get-AzRoleAssignment -Scope

If You are not assigned to the Virtual Machine User Login RBAC role for the VM, you need to add them by using one of the following methods:

In the Azure portal, go to Virtual machines and select the VM that hosts the application group that users need to access. Then go to Access control (IAM) and click Add > Add role assignment. Select Virtual Machine User Login as the role and search for users by name or email address. Then click Save.

In PowerShell, run the New-AzRoleAssignment cmdlet and specify the resource ID of the VM that hosts the application group that users need to access, as well as their UPNs and the role definition name of Virtual Machine User Login. For example:
New-AzRoleAssignment -Scope

Test if you can connect to an AVD resource successfully by using one of their preferred clients. If they still encounter errors or issues, check for other possible causes such as network connectivity problems, firewall settings, licensing requirements, etc.

References
https://v4.hkg1.meaqua.org/en-us/azure/virtual-desktop/azure-ad-joined-session-hosts
https://v4.hkg1.meaqua.org/en-us/entra/identity/devices/howto-vm-sign-in-azure-ad-windows?pivots=identity-extension-vm
https://v4.hkg1.meaqua.org/en-us/azure/virtual-desktop/rbac

Thanks,
Manish Deshpande.
Manish Deshpande 1,330 Reputation points Microsoft External Staff Moderator

2025-12-10T19:03:02.0266667+00:00

Hello @Altaf Ingar

I wanted to check if my last response made sense. I’d be glad to assist further or explain anything in more detail and please accept as Yes and upvote if the answer is helpful so that it can help others in the community.

1 answer

Your answer

Manish Deshpande 1,330 Reputation points Microsoft External Staff Moderator

2025-12-10T19:03:02.0266667+00:00

Hello @Altaf Ingar

I wanted to check if my last response made sense. I’d be glad to assist further or explain anything in more detail and please accept as Yes and upvote if the answer is helpful so that it can help others in the community.

Answer 1

If you are encountering an authentication error when trying to connect to Azure Virtual Desktop (AVD), there are a few steps you can take to troubleshoot the issue:

Check User Role Assignment: Ensure that the user account has been assigned the Virtual Machine User Login role on the virtual machines (VMs). This role is necessary for the user to authenticate and connect successfully.
Verify Credentials: Make sure that the user is using the correct credentials. If the user continues to receive an authentication error, double-check the following:
- The user has the necessary role-based access control (RBAC) permissions assigned to the VM or resource group.
- The Conditional Access policy does not require multifactor authentication for the Azure Windows VM sign-in cloud application.
Conditional Access Policies: If the user is subject to Conditional Access policies, ensure that these policies allow access to the Azure Virtual Desktop and Windows 365 apps. If the user is trying to sign in with Microsoft Entra-based single sign-on, confirm that they have access to the Windows Cloud Login app as well.
Check for External Identity Restrictions: If the user is an external identity, verify that the cross-tenant access settings allow them to connect to the tenant where the AVD is hosted.

By following these steps, you should be able to identify and resolve the authentication issue with the Azure Virtual Desktop connection.

Share via

AVD issue connection is giving me error. user is not authenticated check the user i have the user listed in azure.

1 answer

Your answer