Marcel Zunnebeld1709163163 Posted October 17, 2023 Share Posted October 17, 2023 Hello, With MCS it is possible to create a VDA (Server 2019) hybrid joined: https://support.citrix.com/article/CTX284738/provision-hybrid-aad-joined-virtual-machine-on-azureto-enable-intune Can this also be done with a PVS Target Device? If so, what are the steps to configure this?Is the procedure the same as that for MCS, or is there a different procedure for PVS? Thanks in advance! Link to comment
0 Jeff Riechers Posted October 19, 2023 Share Posted October 19, 2023 If you aren't using FAS then the SSO token would come from your AD hybrid communication, so no worries about doing any of the Certificate setup with Azure AD. So getting the PVS target device set to do the workplace join on startup, and you have the workplace join also set to run on user logon, then it should connect everything. Test from a desktop, and see if a dsregcmd /status shows Azure AD connectivity. If you are using published apps, make sure to have the shellbridge settings set as well, so that the authentication links up correctly with the azure AD. https://support.citrix.com/article/CTX267071/password-field-not-displayed-when-publishing-any-office-365-application-such-as-excel-or-word-on-server-2019-or-windows-10 The only items you need to set on the VDA are HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Citrix Virtual Desktop Agent Name: Shellbridge Type: REG_DWORD Value: 1 Even though that article talks about hidden password fields, I also have had to enable shellbridge for proper Edge sign-ins as well. 1 Link to comment
0 CarlStalhood Posted October 17, 2023 Share Posted October 17, 2023 Hybrid is mentioned at https://www.citrix.com/blogs/2023/06/29/pvs-catalogs-made-easy-with-citrix-daas-mcs-provisioning/ Link to comment
0 Marcel Zunnebeld1709163163 Posted October 18, 2023 Author Share Posted October 18, 2023 Hi Carl, thank you for your response! I read that it applies to DaaS, is it also possible for onprem CVAD environments with PVS Target Device also onprem? Link to comment
0 Jeff Riechers Posted October 18, 2023 Share Posted October 18, 2023 To do it with PVS, you manually modify the Workplace Join scheduled task to run at startup and at login. Then make sure your Azure AD tenant information is stored in GPO. If you are using FAS for sign-in then you also need to setup Azure PRT. https://www.jeffriechers.com/wiki/azuread-prt-with-fas-certificates/ Link to comment
0 Marcel Zunnebeld1709163163 Posted October 19, 2023 Author Share Posted October 19, 2023 Thank you for your response and the link with explanation Jeff! If you do not use FAS to log in, but a traditional Gateway login + Radius token, is PRT still necessary to have SSO access to the O365 applications? Or will SSO to O365 not work anyway if you log in with a Radius token? And does the PVS Target Device still have to be Hybrid Joined? Link to comment
0 Marcel Zunnebeld1709163163 Posted October 19, 2023 Author Share Posted October 19, 2023 Hi Jeff, that sounds good (not having to do that certificate setup). I'm going to test with that Hybrid Joined setup etc. @Carl and @Jeff thanks for your help in this! Link to comment
Question
Marcel Zunnebeld1709163163
Hello,
With MCS it is possible to create a VDA (Server 2019) hybrid joined:
https://support.citrix.com/article/CTX284738/provision-hybrid-aad-joined-virtual-machine-on-azureto-enable-intune
Can this also be done with a PVS Target Device?
If so, what are the steps to configure this?Is the procedure the same as that for MCS, or is there a different procedure for PVS?
Thanks in advance!
Link to comment
6 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now