π¦ Publish Your Application Collection & Enable SSO
π Step 1: Create a Session Collection
On your RD Connection Broker server, open Server Manager.
Navigate to:
Remote Desktop Services β CollectionsIn the COLLECTIONS panel, click Tasks > Create Session Collection.
Follow the wizard:
Name: Give your collection a clear name
User Groups: Add the security group containing users who need access.
User Profile Disks: Uncheck this box for simplicity.
Click Create to finish.
π₯οΈ Step 2: Publish Applications to the Collection
In Server Manager, select your new collection.
Go to the REMOTEAPP PROGRAMS section.
Click Tasks > Publish RemoteApp Programs.
Select the programs you want users to access (e.g., Word, Excel, a custom line-of-business app).
Click Next, then Publish.
π Step 3: Enable SSO with a PowerShell Command (Critical Step)
On your RD Connection Broker server, open PowerShell as Administrator.
Run the following command, replacing the placeholders with your details:
Set-RDSessionCollectionConfiguration -CollectionName "YourCollectionName" -CustomRdpProperty "pre-authentication server address:s:https://YourExternalURL/`nrequire pre-authentication:i:1"Replace:
"YourCollectionName"with the name of your collection.https://YourExternalURL/with the External URL from your Entra App Proxy.
π§ͺ Step 4: Test the Full Flow
Open a web browser and go to your RD Web Client URL:
https://<YourRDWebServer>/RDWeb/webclientSign in with your credentials (and WebAuthN if enabled!).
