United States | Protecting Windows Virtual Desktop (WVD) with OKTA and Microsoft Azure Active Directory Conditional Access

James Kindon - 22.07.2020

Protecting Windows Virtual Desktop (WVD) with OKTA and Microsoft Azure Active Directory Conditional Access

United States | Protecting Windows Virtual Desktop (WVD) with OKTA and Microsoft Azure Active Directory Conditional Access

On a recent engagement deploying Windows Virtual Desktop (WVD) for a customer who leveraged OKTA as their Identity Provider (IDP), we ran into a challenge where the WVD client was caching user credentials (by design), resulting in a situation where on the first authentication, OKTA would prompt for multi-factor authentication, however once validated, the WVD client would never request authentication again, resulting in a rather large security concern for the customer who had a mandate of multi-factor authentication for all external access attempts.

We can get pretty close to meeting that mandate by leveraging Azure Active Conditional Access Policies to assist in setting the sign-in frequency interval to 1 hour. The sign-in frequency defines the time before a user is asked to sign in again when attempting to access a cloud application.

We can leverage a combination of OKTA for identity in conjunction with Microsoft Azure Conditional Access Policies for application control, ensuring that we apply our specific control requirements only to the appropriate enterprise application, in this case, Windows Virtual Desktop (and client).

United States | Protecting Windows Virtual Desktop (WVD) with OKTA and Microsoft Azure Active Directory Conditional Access

Specifically, the policy is configured as follows:

  • Applies to all users
  • Applies to specific cloud apps (WVD)
  • Has a single session control defined (Sign-in frequency is set to 1 hour)

Combined with the usual power of Conditional Access Policies, you can get extremely fine-grained. What’s even cooler is that you can still wrap these controls around 3rd party IDP’s such as OKTA and leverage the best of both worlds

If you have enough licencing to be running WVD, there is a good chance you have enough to protect it via Microsoft Azure Conditional Access at no extra cost.

THANK YOU FOR YOUR SUBMISSION!

United States | Protecting Windows Virtual Desktop (WVD) with OKTA and Microsoft Azure Active Directory Conditional Access

The form was submitted successfully.

Join the Insentra Community with the Insentragram Newsletter

Hungry for more?

If you’re waiting for a sign, this is it.

We’re a certified amazing place to work, with an incredible team and fascinating projects – and we’re ready for you to join us! Go through our simple application process. Once you’re done, we will be in touch shortly!

Who is Insentra?

Imagine a business which exists to help IT Partners & Vendors grow and thrive.

Insentra is a 100% channel business. This means we provide a range of Advisory, Professional and Managed IT services exclusively for and through our Partners.

Our #PartnerObsessed business model achieves powerful results for our Partners and their Clients with our crew’s deep expertise and specialised knowledge.

We love what we do and are driven by a relentless determination to deliver exceptional service excellence.

United States | Protecting Windows Virtual Desktop (WVD) with OKTA and Microsoft Azure Active Directory Conditional Access

Insentra ISO 27001:2013 Certification

SYDNEY, WEDNESDAY 20TH APRIL 2022 – We are proud to announce that Insentra has achieved the  ISO 27001 Certification.