Connect to Azure AD joined client with RDCMan

Per-Torben Sørensen 25

I love Remote Desktop Connection Manager (RDCMan) and I use it every day. However, I can't get it to connect to an Azure joined Win10/11 device (using mstsc.exe works). Is there a way to make it work on RDCman or is anyone updating RDCMan with this capability?

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,461 Reputation points

2023-10-13T03:04:21.7933333+00:00

Hello @Per-Torben Sørensen , RDCMan supports Entra ID authentication. What version are you using? What parameters are you using? Provide as much detail as possible of your environment.
Per-Torben Sørensen 25 Reputation points

2023-10-14T16:22:11.3533333+00:00

Hello @Alfredo Revilla - Upwork Top Talent | IAM SWE SWA I'm using version 2.90, and I'm connctingdirectly to the azure ad joined Windwos 11using the UPN of the user. I can't seem to find any instructiuons on how rdcman should be configured for this purpose. Perhaps you could provide me with the correction instructions?
Péter Ritzinger 0 Reputation points

2023-11-23T13:09:21.62+00:00

The feature that RDCman is missing is the enablerdsaadauth property. Details at https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/rdp-files

It can be set with the built-in Windows mstsc client, but RDCman does not support settings this property.
Per-Torben Sørensen 25 Reputation points

2023-11-23T14:19:01.65+00:00

Excellent, what would be the correct and most efficient way (besides these forums) to report this to sysinternals so this could be implemented?
Péter Ritzinger 0 Reputation points

2023-11-24T13:55:13.9066667+00:00

That is a good question :) I am not with MSFT, I wanted to answer just to Alfredo that RDCman in fact does NOT support Entra Auth, and what is the low-level RDP option for Entra auth which RDCman should implement when creating an RDP connection. I hope we can have answer from him.
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,461 Reputation points

2023-11-24T17:01:26.1+00:00

Hello @Per-Torben Sørensen , it is correct, RDCMAN does not seem to support enablerdsaadauth, however you can connect to Entra ID joined machines from other Entra ID joined or registered machines. Since this question is specific to systsernals features and not Entra ID I will remove the Entra ID tag and re-route it to the appropiate team.
Eric Rees 0 Reputation points

2023-12-05T21:47:44.3066667+00:00

I would also like to see the ability to join Azure AD joined systems added to RDCMAN. It would be very helpful!
Barnaby Arnott 0 Reputation points

2024-03-20T21:42:13.7233333+00:00

I just setup RDP access via Entra ID, tested with the mstsc app successfully, then modified my RDCman auth values to my UPN + azure pswd (no domain) - and it logged in successfully! :)
Per-Torben Sørensen 25 Reputation points

2024-03-21T12:25:00.33+00:00

@Barnaby Arnott Could you please share the details of you setup, so I (and others) can re-create it?
Brian 0 Reputation points

2024-03-22T05:51:30.4366667+00:00

I'm using RDCMAN, just updated to 2.9.3 with no change, trying to rdp into Azure/intune joined Win11 device from a Win10 AD device fails user auth using upn.
When using the RDC app and enabling "use a web account to sign" that then prompts in a browser auth window to allow my azure account to use rdp on that intune device, on first login only. After that it just works.
There are no prompts at all and no option in RDCMan makes any difference.
It just re-prompts continuously for user auth. This is tested from the same Win10 device to the same Win11 device with both apps. Tried full upn and username only with no domains set. also blank creds set.

1 answer

Barnaby Arnott 0 Reputation points

2024-10-02T04:36:39.9433333+00:00

So I just revisited this today while adding a new server. There may be a few prerequisite steps, as defined in https://learn.microsoft.com/en-us/entra/identity/devices/howto-vm-sign-in-azure-ad-windows, namely
Add the "Virtual Machine Administrator Login" role to each VM in Azure|Security>Identity : System assigned - Permissions [Azure role assignments]

Edited IAM for the resource group that contains the VMs, adding role "Virtual Machine Administrator Login" for my defined Entra group of admins.

I then tested with mstsc.exe and "Select Use a web account to sign in to the remote computer option in the Advanced tab. This option is equivalent to the enablerdsaadauth RDP property." This required I create an FQDN to the private IP of the VM. I was then able to connect without any declare username.

Yet the name restriction does not seem to exist with RDCMan. I am using v2.93, and am able to connect with an IP and a completely blank credentials tab (I also tried with azuread<fullname> and my UPN 'email' name - both worked, but guess that's expected if you can leave it blank!)

However, some of my VMs throw an error after I provide my PIN, saying NLA is required but my DC couldn't be contacted. Seems there are variations of security (or base image of Azure VMs?) I'll keep working on this...

FYI Per-Torben Sørensen
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Connect to Azure AD joined client with RDCMan

1 answer

Your answer