Cannot login using Microsoft Entra Id

Question

I enabled AADLogin extension on Windows 11 workstation in Azure. I'm able to Remote desktop and login using the local administrator account but unable to login using Microsoft Entra Id.

I have granted Virtual Machine login role to the user account. During RDP using Entra, I successfully get the MFA notification and complete the login process but then get an error message saying "requires multifactor authentication".

Answer 1

Hello Vijay Goswami,

Thanks for reaching out. It seems that you are encountering an issue with multifactor authentication (MFA) when trying to log in to your Azure virtual machine using Microsoft Entra ID. The error message indicating that it “requires multifactor authentication” suggests that the MFA requirement is not being satisfied during the Remote Desktop Protocol (RDP) session.

Here are a few steps you can take to troubleshoot this issue:

Ensure Compliance with Conditional Access Policies: If your organization has configured Conditional Access policies that require MFA, make sure that the device you are using to initiate the RDP session meets the requirements set by these policies. You may need to use strong authentication methods such as Windows Hello.

If Windows Hello for Business isn't an option, configure a Conditional Access policy that excludes the Microsoft Azure Windows Virtual Machine Sign-in app.

Check MFA Configuration: Verify that the MFA settings for your user account are correctly configured. If you are using a legacy per-user MFA setting, consider removing it and using Conditional Access policies instead.

For your reference:

https://learn.microsoft.com/en-us/entra/identity/devices/howto-vm-sign-in-azure-ad-windows?pivots=identity-extension-vm#mfa-sign-in-method-required

Please let me know if you need additional details or further assistance. Thank you