April 2026 introduces a valuable improvement to Azure Virtual Desktop (short AVD). macOS users can now authenticate as external identities through the Windows App, giving contractors, partners, and guest users a smoother way to access AVD resources without needing a Windows device or browser. This preview feature enhances AVD’s flexibility and closes a long‑standing gap for “macOS-organisations”.
Below I’ll walk through what changed, why the new support matters, the exact client version you must use, and what to validate before rolling this out to real users.
IMPORTANT: External identity support on macOS is in PREVIEW. Read the Supplemental terms for Microsoft Azure Previews before you test the feature in a productive environment.
What Changed For macOS
The key change this month is the introduction of external identity sign‑in support in the Windows App for macOS. Until now, macOS users lacked a native way to authenticate as external identities. They could only log in through a browser or be provisioned with full internal Entra identities. This was a major friction point for organizations that rely heavily on Macs or MacBooks, particularly in consulting, software development, creative industries, and academic environments.
With the new preview build, macOS users can now sign in to AVD using:
- Entra ID B2B guest accounts
- External work or school accounts invited into the tenant
- Microsoft accounts when supported by the tenant configuration
Requirements
To enable external identity support, administrators must deploy a very specific version of the Windows App for macOS:
- Windows App Beta for macOS, version 11.2.0 (2928)
Available exclusively through Visual Studio App Center.
A few critical points to be aware of:
- The installed app will display as Windows App Beta.
- You must disable auto‑update to prevent the client from upgrading to a version without external identity support.
- Deploy and pin the exact version to all test devices before starting a pilot.
- Mixing different client builds across endpoints almost always leads to inconsistent sign‑in behaviour.
These version constraints introduce some administrative overhead, but they are expected at this stage of the preview.
Expanded Requirements And Dependencies
Even though the Windows App for macOS now supports external identity sign‑ins, this feature still depends heavily on the AVD backend configuration. For the authentication flow to work, your environment must meet all the following:
- Session hosts must be Entra joined.
- Your host pool must have single sign‑on configured.
- Entra ID B2B collaboration must be enabled and correctly configured.
- Guest users must be assigned the necessary app roles and AVD resource permissions.
- Conditional Access policies must not block untrusted or unmanaged macOS devices unless intentionally configured to do so.
If any of these components are missing or misconfigured, the external identity login option will not appear in the macOS (or any) client.
Limitations And Preview Caveats
Because the macOS implementation is still in preview, a few important limitations apply:
- Auto‑updating the Windows App Beta may unintentionally remove external identity support.
- One-time passcode sign‑in is not supported for external identities.
- The feature is not yet part of the production Mac App Store build.
- Some Conditional Access policies may block external macOS endpoints more aggressively than expected.
- FSLogix profile support for external identities remains in preview.
- Hybrid joined session hosts are supported.
Should You Enable This Today
For macOS-dominant organizations or teams that frequently collaborate with contractors and partners using Apple hardware, this preview is absolutely worth testing now. It fills a gap that has existed since the earliest days of B2B-AVD use cases and brings macOS much closer to the Windows experience.
Conclusion
April 2026 marks a turning point for macOS users in Azure Virtual Desktop. With external identity support finally arriving in the Windows App for macOS, organizations gain a far more flexible and inclusive way to onboard contractors, partners, and guest users into their virtual desktop environments.
The preview comes with version constraints and several limitations, but the direction is clear: Microsoft is moving AVD toward a fully unified, Entra‑centric identity model across all major platforms. For macOS-heavy teams, this update is worth testing immediately—because it removes one of the last barriers preventing Apple devices from participating fully in modern AVD deployments.