Microsoft has quietly shipped a capability that could reshape how organizations grant secure access to contractors, partners, and vendors. Windows 365 and Azure Virtual Desktop (AVD) now support external identities, allowing people outside your tenant to log into cloud PCs or virtual sessions using their own Microsoft Entra ID credentials. This means no more temporary accounts, no more duplicated identities, and far fewer operational headaches.
For many businesses, this is the update you’ve been waiting for.
The Old Way Was Clunky, Costly, and Hard to Secure
Until now, Windows 365 and AVD required users to be members of your tenant. For external collaborators, this meant IT teams had to:
That process was slow, error-prone, and expensive. It also created unnecessary security risk for temporary accounts often linger unmonitored, lack proper MFA, and fall outside onboarding/offboarding routines.
In a world where supply-chain access risk is rising, this approach simply didn’t scale.
The New Way is Simple, Secure Access for Anyone You Trust
With Microsoft’s update (now generally available) you can invite external identities directly into your Windows 365 or AVD environment. They log in with the credentials they already use for their home organization.
No more creating guest accounts. No more managing extra identities. No more cleanup after the fact.
Once onboarded, you can apply the same governance and security controls you use internally, including:
For the first time, businesses can deliver a consistent, secure virtual desktop experience to anyone who needs access, without expanding their identity footprint.
Why This Matters for Your Business
This shift has huge implications for real-world operations.
-
Faster onboarding for contractors and partners
Instead of provisioning local accounts, your team can invite a user and have them online in minutes. This is especially valuable for seasonal staff, temporary project teams, and vendor technicians.
-
Stronger security with less friction
Because external users authenticate with identities you don’t manage, you reduce attack surface while still enforcing your own security policies. It’s a rare win-win: more control with fewer management tasks.
-
Better experience for external users
They sign in once, with their own ID, and get straight to work. No juggling credentials. No new password policies. No new apps.
-
Reduced operational overhead
By removing temporary accounts, you eliminate a major cleanup burden and avoid orphaned identities, a common gap highlighted in IAM assessments.
-
Standardized virtualization strategy
You can finally run a unified, cloud-based desktop approach for internal and external users. No exceptions. No parallel systems.
Where External Identity Support Really Shines
We expect early adoption in industries where collaboration is constant and highly sensitive:
If your business often hosts external collaborators and struggles to secure or scale access, this update is worth a closer look.
Considerations Before You Roll It Out
While this feature is powerful, there are a few nuances to keep in mind:
Small details matter when you’re opening your environment to people outside your business.
Conclusion
This change is one of the most meaningful improvements to AVD and Windows 365 in years. It directly aligns with the way modern businesses work with fluid teams, cross-tenant collaboration, and increasing security expectations.





