RDS AAD Authenticaion

  • Published on Aug 23, 2025
  • 1 minute(s) read
  • Robert Plamondon
 Prev Next

RDS AAD Authentication is an optional RDP protocol supported by Entra ID. It allows single sign-on to remove resources if the local resource is domain-joined.

Workspot supports RDS AAD Authentication of Workspot persistent desktops from the Workspot Client.

Prerequisites

  • Both the “Entra ID Only” and “RDS AAD Auth” selective features must be enabled. Contact Workspot.

  • Support is for the Workspot Windows Client 6.4.0 at first, with other Clients to follow.

  • Only persistent desktops are supported.

Configuration

In the Pool Definition

In Control, the RDA AAD Authentication parameters are part of the “Add/Edit Pool” page:

Entra ID Authentication Options with various security settings for remote desktop connections.

Select all the options you want to support: (“RDS AAD Authentication,” “Windows Hello for Business,” and “Allow fallback.”)

Note: You must select at least one option to enable connections.

The fallback option allows non-NLA, non-Entra ID RDP connections.

In the User Page

For debugging, you can select a single, specific connection method for a desktop belonging to an individual user.

  1. Go to the “Users > username > User Details” page, in the “Active Devices” section.

  2. Expand the desired device.

  3. Click the “Entra ID Auth. Options” button.

  4. In the popup, select an authentication option.

Active devices list showing device details and action options for management.

Options for Entra ID authentication settings with selection buttons and action prompts.