Suppress single sign-on consent prompts for Windows 365 Link

As part of setting up your organization's environment to support Windows 365 Link devices, you should consider suppressing single sign-on consent prompts for your Windows 365 Link devices. The Windows 365 Link connection experience doesn’t currently support interacting with the SSO consent prompt.

When connecting to a Cloud PC for the first time after single sign-on (SSO) is enabled, users are prompted for consent to allow the connection. They're also prompted every 30 days or after a Cloud PC is reprovisioned. If a connection to a Cloud PC requires SSO consent, the Windows 365 Link connection will fail. This failure necessitates that the user first connect to the Cloud PC from another device or web browser and grant SSO consent before attempting to connect from a Windows 365 Link device again.

To avoid this this experience, you must suppress the SSO consent prompt by configuring a property on the SSO service principals in Entra ID.

To suppress the SSO consent prompt, follow these steps:

  1. Create a dynamic device group for all Cloud PCs.
  2. Enable Entra authentication for RDP on the SSO service principal.
  3. Add the group of Cloud PCs to the Service Principal target.

After the Cloud PCs are in the target group, the users aren't prompted to consent to use SSO.

Next steps

Onboard Windows 365 Link devices.