Azure Virtual Desktop; “The sign-in method you’re using isn’t allowed”

Azure Virtual Desktop; “The sign-in method you’re using isn’t allowed”

ADV

Azure Virtual Desktop now has the option to join session hosts to Azure AD in addition to Windows AD and Azure AD Domain Services.  I got the error message below while logging in.

“The sign-in method you’re using isn’t allowed.  Try a different sign-in method or contact your system administrator.”

Sign-in method isn’t allowed

In this case, I logged in with a username and password.  The message indicated that the method I used to log in was not allowed.  Fortunately, there is a simple explanation and a couple solutions.

The error was caused by a conditional access policy that enforces multi-factor authentication for all users and all applications.  The application causing the issue is “Azure Windows VM Sign-in.”  The Azure Windows VM Sign-in application controls how users log in to Azure AD joined devices.  By enforcing MFA on this application, the log in requires smart card or Windows Hello for Business to sign in.

The simple solution is to add the application to an exclusion on the MFA policy. 

Azure Windows FM Sign-In Exclusion

By excluding this App from the MFA policy, users still need MFA to log into the AVD client, such as the Windows Remote Desktop client or the web client.  Once logged into the client, they can use username and password credentials to log into the AVD Client.

As an alternative solution, you can require smart card or Windows Hello for Business to sign-in to the AVD session.

Leave a Comment

Your email address will not be published. Required fields are marked *

December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
Scroll to Top