This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 99%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
We use microsoft Intune and have set up multiple users and computers with it.
There is sometimes the need of accessing a computer at the office from home, for this we have a dedicated VPN and use a RDP connection.
This works fine with credentials like AzureAD\user@keyman .
Only after I enable MFA for that user the RDP connection is not possible anymore, no question is asked for MFA either.
Logging on to the computer is then only possible when you are sitting behind it phisically.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Are users using MSTSC client to take RDP on the device?
At which screen are they getting stuck? Can you share the screenshot of the page where they are getting stuck?
If it is native RDP client then MFA will not be prompted.
I wanted to check if you can share more details on my previous comments.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 69%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Hi,
If you want rdp to work with Azure accounts that have mfa enabled you need to create a CA policy and exclude Azure Windows VM Sign-In app from MFA.
More details on:
https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#mfa-sign-in-method-required
But there are also some other ways to have strong authentication with windows logon.
Hope this helps!
