This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 44%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
I am trying to understand if a user invited into an Extra External ID directory will be able to use SSO to access a domain joined Azure Virtual Desktop.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Hello @Sam Price,
Thank you for posting your query on Microsoft Q&A.
To log in to AVD using Microsoft Entra ID accounts, users must be part of the same directory. Currently, users invited through external identities, such as Microsoft Entra Business-to-Business (B2B) or Business-to-Consumer (B2C), are not supported. This is a known limitation.
The reason for this limitation is that in order to log into AVDs using Entra accounts, the virtual machine (VM) must be Azure-joined, specifically Microsoft Entra-joined. Only users created in your tenant can log into Entra-joined machines to achieve Single Sign-On (SSO) behavior. Guest or external accounts cannot log in to these Entra-joined machines, as their accounts are created in a different directory, while the device they are trying to access is enrolled in your directory.
This limitation is by design. For more details, please refer to the following documentation:
Known Limitations of Azure AD Joined Session Hosts
External Identity Authentication for AVD
I hope this information is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Thanks,
Raja Pothuraju.
Hi Raja, thanks for the answer - to be clear are you saying that Entra External ID is not supported in addition to B2C and B2B?
Hello @Sam Price,
Thank you for your response and apologies for the delay.
Yes, I would like to say that AVD (Azure Virtual Desktop) login is not supported for External ID, B2B (Business-to-Business), or B2C (Business-to-Consumer) users.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Thanks,
Raja Pothuraju.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 24%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Hello Sam Price
Thanks for your question
Azure Virtual Desktop currently doesn't support external identities.
See: https://learn.microsoft.com/en-us/azure/virtual-desktop/authentication#external-identity
You can mark it 'Accept Answer' and 'Upvote' if this helped you
Regards,
Abiola
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 71%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECO%3C/text%3E%3C/svg%3E)
Entra External ID is different to External users, no?