Azure VM RDP access using AAD user credential

Anonymous
2020-02-27T16:23:58.033+00:00

Hello
I have create a Win10 VM machine for testing several Microsoft 365/Azure new features, but I'n not able to RDP connect to the vm using and Azure AD users.
I found this article,. Is it correct?
https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows

The vm has already been created. so I run this command, but I got an error: 

PS Azure:\> az vm extension set --publisher Microsoft.Azure.ActiveDirectory --name AADLoginForWindows --resource-group EG_TestRG --vm-name PCVI02  
  
Deployment failed. Correlation ID: 3cc311b1-5df5-43d6-8a54-43ceef1e157d. The handler for VM extension type 'Microsoft.Azure.ActiveDirectory.AADLoginForWindows' has reported terminal failure for VM extension 'AADLoginForWindows' with error message: 'Install failed for plugin (name: Microsoft.Azure.ActiveDirectory.AADLoginForWindows, version 0.4.1.0) with exception Command C:\Packages\Plugins\Microsoft.Azure.ActiveDirectory.AADLoginForWindows\0.4.1.0\AADLoginForWindowsHandler.exe of Microsoft.Azure.ActiveDirectory.AADLoginForWindows has exited with Exit code: -2145648572'.  
  
'Install handler failed for the extension. More information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot'

Furthermore the user I'm testing is using MFA. May somebody give me an help? Thank you

Ebrico

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,129 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,474 questions
0 comments

10 answers

Sort by: Newest
Most helpful Newest Oldest
  1. Volodymyr Usov 1 Reputation point
    2022-05-18T09:15:01.28+00:00

    here is what is easy to miss resulting above connectivity issues:

    Remote connection to VMs joined to Azure AD is only allowed from Windows 10 or newer PCs that are either Azure AD registered (minimum required build is 20H1) or Azure AD joined or hybrid Azure AD joined to the same directory as the VM. Additionally, to RDP using Azure AD credentials, the user must belong to one of the two Azure roles, Virtual Machine Administrator Login or Virtual Machine User Login. If using an Azure AD registered Windows 10 or newer PC, you must enter credentials in the AzureAD\UPN format (for example, AzureAD\john@Company portal .com).

    0 comments
  2. Ernesto Mayol 16 Reputation points
    2022-03-31T18:57:43.113+00:00

    Anyone know if a Public IP for the VM is required for this to work. Network requirements on the doc below do not mentioned anything, but I have not been able to get the option to download the RDP file to show up and Fabio's instructions above seem to indicate a public IP is needed, which is something I do not want to create.
    https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#requirements

  3. Niranjan m o 1 Reputation point
    2021-06-19T12:02:51.13+00:00

    microsoft is so bad not giving students credit

    0 comments
  4. Shehzad Khan 1 Reputation point
    2021-03-04T04:21:16.397+00:00

    what about people accessing the VM using Bastian @fabio

  5. fabio 11 Reputation points
    2020-07-23T18:07:32.24+00:00

    Steps need to followed to make successful

    1. Need to Create VM with AAD extension
      Follow the Steps and Create VM
    2. Login with local Admin Credential’s in Win 10 VM or 2019 Datacenter
    3. Open CMD with ADMIN and run dsregcmd /status Check device was first option device was Azure AD join set to yes
    4. Navigate To This PC> Right Click > Properties >Change Settings >Remote> Allow Remote Connections to this computer and remove the checkbox from Allow connections only from computers running Remote Desktop with Network Level Authentication enabled as shown here.
    5. Apply and click OK
    6. Close the VM and go to your Physical PC
    7. Create a new rdp config file
    8. On the computer open RDP from or run open mstsc.exe and click on Show Options don’t enter computer or user
    9. Click on Save As… and give it a new name such as VM_RDP, save it somewhere easy to find.
    10. Open the saved file(VM_RDP) using Notepad. Verify that the following two lines are present, if not, add them.
    11. enablecredsspsupport:i:0
    12. authentication level:i:2
    13. Save The File
    14. On the pc we just edited the config file, open MSTSC.exe or remote desktop and click on show options, then click on Open. Point it to the previously created VM_RDP config file. Enter the IP address or FQDN of the computer you want to RDP to, do not enter any username and click connect
    15. you may see the usual RDP prompt…it’s ok, click on Connect
    16. You will be inside the device now
    17. Click on other User Option give user name as AzureAD\username@keyman .com

    Don't forget to follow these steps to put the user in the "Virtual Machine Administrator Login" or "Virtual Machine User Login" role:
    https://learn.microsoft.com/pt-br/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows

    Hope you get!!!!

    Fabio Vilardo

    2 people found this answer helpful.