This new functionality has been made available on Windows 10, Windows 11, and Windows Server 2022 session hosts once the administrator has installed the September Cumulative Update Preview.
In a blog post, David Belanger of Microsoft’s remote desktop services team, said with this preview, Windows administrators can do the following:
- Enable a single sign-on experience to Azure AD-joined and Hybrid Azure AD-joined session hosts when using the Windows and the web clients.
- Use passwordless authentication to sign-in to the host using Azure AD.
- Run passwordless authentication inside the session when using the Windows client.
- Leverage third-party Identity Providers (IdP) that integrate with Azure AD to sign in to the host.
For Azure AD-joined and Hybrid Azure AD-joined devices, passwordless authentication with Windows Hello or FIDO2 keys will offer IT admins secure new options for authentication, said Craig Lurey, co-founder and CTO at Keeper Security.
“Anywhere that the user experience can be improved while adding additional security is a welcome addition to Microsoft's ecosystem,” Lurey said. “However, the administrator must still ensure accounts are also protected with a strong and unique password, and managed within a secure password management system. Additionally, if the security key or Windows Hello log-in method gets lost, damaged or forgotten, a strong password must be used as a fallback authentication method.”