Restrict access to users on Host Pools in Azure

ML 0

I need to create a single hostpool which houses about 10 VMs. I need to allow certain groups of people specific access to a certain number and deny them access to others. for example;

VM1, VM2 and VM3 got to Intune group 1, with no access to other VMs 4 through to 7.

When I have tried adding permissions to the groups via VM IAMs, they still try to connect to the VMs they shouldn't have access to and present the error "The sign in method is not allowed" and then present that user as a -1 on the user sessions.

I hope that is clear and any help would be appreciated.

Akshay kumar Mandha 2,430 Reputation points Microsoft Vendor

2025-01-21T19:23:34.5333333+00:00

Hi ML,
Welcome to the Microsoft Q&A Platform! Thank you for asking your question here
Based on your query,
I understand that you are facing the issue Please review the answer provided by hossein jalilian and refer this document List Azure deny assignments
And also check there will be built in roles not set properly or not

Please let me know if you have any doubts regarding the answer. If you still need further clarification or any additional assistance, feel free to reach out, and I'll be happy to help you!
Akshay kumar Mandha 2,430 Reputation points Microsoft Vendor

2025-01-22T18:41:58.9933333+00:00

Hi ML,
Just checking to see any update on previous comment please let me know if you are having any queries will help as you needed.!
ML 0 Reputation points

2025-01-23T11:15:01.1233333+00:00

I am unable to add deny assignments on my account for some reason.
Akshay kumar Mandha 2,430 Reputation points Microsoft Vendor

2025-01-23T19:52:39.62+00:00

Hi ML,
Could you please refer this documentation pre-requisites once
To get information about a deny assignment, you must have
Akshay kumar Mandha 2,430 Reputation points Microsoft Vendor

2025-01-25T00:33:46.5733333+00:00

Hi ML,
have you tried like in this way creating two host pool add separately add the VM to certain host pool application groups and those two-user group to particular host pool application group
Akshay kumar Mandha 2,430 Reputation points Microsoft Vendor

2025-01-27T20:36:06.7566667+00:00

Hi ML,
Just checking to see if you get a chance, please review my latest comment

1 answer

hossein jalilian 9,860 Reputation points

2025-01-21T18:20:14.0866667+00:00
Thanks for posting your question in the Microsoft Q&A forum.

You'll need to use a combination of Azure RBAC and AVD application group assignments.

Create separate application groups for each set of VMs you want to restrict access to

Assign the appropriate users or groups to each application group. This will determine who can access which VMs

For each VM, assign the "Virtual Machine User Login" role to the appropriate group

Ensure that the users are also assigned the Desktop Virtualization User role for the host pool

If you continue to see the The sign in method is not allowed error, verify that:

The VMs are properly joined to the domain

The users have the correct licenses assigned

The network security groupallows RDP traffic from the Azure Virtual Desktop service

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful
Please sign in to rate this answer.
ML 0 Reputation points

2025-01-23T11:16:11.7133333+00:00

The problem with this is when creating new application groups for a host pool you can only have one Desktop pool and one RemoteApp each.

Is there a way to force having more than one Desktop Application group for a hostpool?

ML 0 Reputation points

2025-01-24T13:33:42.8166667+00:00

I need to know if there is a simple way for users and groups to prioritise connections to certain VMs cause the issue I am facing is that When connecting it with randomly place users in any available VMs, which is not what we want.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Restrict access to users on Host Pools in Azure

1 answer

Your answer