Error : Login to Azure VM using Azure AD - The sign-method you're trying to use isn't allowed

Question

https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows

I followed the above microsoft article and configured Win10 Multisession OS Azure VM to have Azure AD login. i have configured this for 2 users as Virtual machine administrator role assignments via the Azure VM Access control blade (IAM) and added user to remote desktop users group as well.

Now for 1 user , i am able to successfully login to the Win10 Azure VM, with the AzureAD\user1@mydomain.com , but for the 2nd user AzureAD\user2@mydomain.com, i get below error.
"The sign-in method you're trying to use isn't allowed. Try a different sign-in method or contact your system administrator."
i followed the exact steps mentioned here below
https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#mfa-sign-in-method-required

Please help

Answer 1

I suggest the first check to see that the two users have the same role assignments. You can follow the below reference to do that

role-assignments-list-portal

If the above check is not helping, disable MFA and see if it helps. You can disable MFA by disabling the security defaults, as indicated in the below screenshot

----------

--please don't forget to upvote and Accept as answer if the reply is helpful--