Skip to main content
Virtual Desktop Service

Accessing VDS credentials in Azure Key Vault

Contributors tvanroo


CWASetup 5.4 is a departure from previous Azure deployment methods. The configuration and validation process is streamlined to reduce the amount of information required to begin a deployment. Many of those removed prompts are for credentials or accounts such as Local VM Admin, SMTP account, Tech account, SQL SA, etc. These accounts are now automatically generated and stored in an Azure Key Vault. By default, accessing these automatically generated accounts requires an additional step, described below.

  • Find the 'Key vault' resource and click into it:

    Management.System key vault 4d897

  • Under ‘Settings’, click ‘Secrets’. You’ll see a message stating that you are unauthorized to view:

    Management.System key vault 0f7b9

  • Add an ‘Access Policy’ to grant an Azure AD account (like a Global Admin or System Administrator) access to these sensitive keys:

    Management.System key vault fe473

  • A Global Admin is used in this example. After selecting the principal, click ‘Select’, then ‘Add’:

    Management.System key vault 3ae42

  • Click ‘Save’:

    Management.System key vault 15c03

  • Access policy has been successfully added:

    Management.System key vault 770dd

  • Revisit the ‘Secrets’ to verify the account now has access to the deployment accounts:

    Management.System key vault e277a

  • For example, if you required the Domain Administrator credential to login to CWMGR1 and update Group Policy, check the strings under cjDomainAdministratorName and cjDomainAdministratorPassword by clicking on each entry:

    Management.System key vault 69e35

    Management.System key vault 83926

  • Show or Copy the value:

    Management.System key vault c9405