AADS VM created - cannot log in to VM as cloud user

MReed 31 Reputation points
2022-11-07T17:16:11.56+00:00

AADS created weeks ago.

I created a new Azure VM and joined to our domain.

I created a test user account in AAD, reset the password and MFA is on - Added Virtual machine user log in role

"Am getting error message: The connection was denied because the user account is not authorized for remote log in"

What other roles or steps am i missing here?

Thanks

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
644 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,087 questions
{count} votes

3 answers

Sort by: Most helpful
  1. JimmySalian-2011 41,891 Reputation points
    2022-11-07T17:42:36.583+00:00

    Hi,

    To RDP to a VM you the account should be part of the managed domain, also check the format of the login it should be like this - contosoadmin@aaddscontoso.onmicrosoft.com

    Hope this helps.
    JS

    ==
    Please Accept the answer if the information helped you. This will help us and others in the community as well.

    0 comments No comments

  2. MReed 31 Reputation points
    2022-11-07T18:01:25.867+00:00

    Thank you. I've tried that with a new AAD account.

    user-vm@aadds.ourdomain - same error - windows security banner and log in attempt failed

    also just excluded Azure Windows VM in conditional access policy . to exclude MFA

    I just read somewhere that user accounts need to have PIN set? Is that correct?


  3. Sandeep G-MSFT 13,981 Reputation points Microsoft Employee
    2022-11-08T12:53:35.257+00:00

    @MReed

    To take remote on the AAD join device you have to initiate RDP session from the device which is also AAD join or hybrid Azure AD join to the same tenant. It is documented publicly as below,
    https://learn.microsoft.com/en-us/windows/client-management/connect-to-remote-aadj-pc

    From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is joined to Azure Active directory.

    258315-image.png

    Do let me know if you have any further questions on this.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments