Login to Windows virtual machine in Azure using Azure AD account

AB123 351

Hi all,

How do I go about enabling "Log in with Azure AD" after creating the Azure VM?

Please help!

JamesTran-MSFT 36,636 Reputation points Microsoft Employee

2023-09-12T18:42:10.8433333+00:00

@AB123

I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

2 answers

Tushar Kumar 3,331 Reputation points MVP

2023-09-06T08:03:30.02+00:00
Hi AB123,

Thank you for asking your question.

You can follow the below link to enable Azure AD authentication for windows VM.

https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows

If you already have a VM created run the following command in Cloud Shell:

az vm extension set \ --publisher Microsoft.Azure.ActiveDirectory \ --name AADLoginForWindows \ --resource-group myResourceGroup \ --vm-name myVM

In Virtual machine IAM :

Assign the user with Virtual machine user login or Virtual machine Administrator login.

Try taking RDP with using your using Username in following format :

AzureAD\tom@xyz.com

If you are using Conditional access you need to exepmt Azure windows login.

Please "Accept as answer" if this helps
Please sign in to rate this answer.

1 person found this answer helpful.
AB123 351 Reputation points

2023-09-06T09:21:09.2133333+00:00

Thanks! If I do this can I then use Bastian to log into using the Azure AD credentials?

Tushar Kumar 3,331 Reputation points MVP

2023-09-06T09:44:44.53+00:00

Yes you can! Please keep in mind that Azure AD Guest accounts can't connect to Azure Bastion via Azure AD authentication. That's a limitation.

Please click "Accept as answer" if this helps.

AB123 351 Reputation points

2023-09-07T12:37:52.4166667+00:00

Thanks! i have managed to allow AAD access but I cant actually log in via bastian is there anything else I need to do or something I am missing:

I am using Basitan Basic Sku which requires using Azure portal to remote in is that the issue?

Tushar Kumar 3,331 Reputation points MVP

2023-09-07T12:40:27.04+00:00

Are you able to login with remote desktop app on your PC?

AB123 351 Reputation points

2023-09-07T12:43:21.4333333+00:00

I disable RDP and only use Bastian to log into it

Tushar Kumar 3,331 Reputation points MVP

2023-09-07T13:45:10.47+00:00

things to check before logging in :

IAM if you have given your ID Virtual machine adminstrator or User login

You Don't have any conditional access policy affecting that ID

While logging in to the machine you are entering username as AzureAD\Testuser@xyz.com

Can you verify these and let me know how it goes.

AB123 351 Reputation points

2023-09-08T07:30:24.2266667+00:00

Hi,

So I have no conditional Access affecting the policy for Stafftest555, only things I block is legacy authentication clients and for the user to log in outside of the UK

The MR A Billen account has MFA on it, will that affect that user? Also any ideas why Stafftest555 isnt working?

I am using

And this is the error:

Tushar Kumar 3,331 Reputation points MVP

2023-09-08T13:29:15.7433333+00:00

Are you using Legacy Per User MFA?

Tushar Kumar 3,331 Reputation points MVP

2023-09-08T13:41:33.74+00:00

Azure Windows VM Sign-In you can add this to exception for your conditional access app list. this should work for you then.

check this link : https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#mfa-sign-in-method-required

AB123 351 Reputation points

2023-09-15T08:39:10.2166667+00:00

Hi Tushar,

With my other email Stafftest555 this doesnt have any conditional access policy for MFA or MFA enabled and I still cant log in. Any ideas?

Corbin Viars 0 Reputation points

2023-11-01T18:12:34.0033333+00:00

Tushar, Why do we need to exclude Azure windows login from our Conditional Access policy?
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
brokercl 0 Reputation points

2024-05-08T00:02:52.71+00:00

which is the VM login?
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.