Azure VM RDP with Azure AD doesn't work

Question

Hello all,

we need to use login to Azure Vm with Azure AD users for a customer. I have created a quick lab to test the functionallity but seems that it doesn't work.

I have created 2 VMs on Azure:

• 1 VM named VMServer (Windows Server 2019) - is the VM where users will have to log in
• 1 VM named VMclient (Windows 10) - simulates the user client where the RDP connection begins

When I created the VMServer we have checked the option for "login with AzureAD", and the extention is correctly present in the VMServer and it present within Azure AD devices (Azure AD joined).

To test the RDP connection, I have set the grant for the account in the Group "Virtual Machine Administrator Login" at the RG level.

Within the VMClient, I have registered the account within Accounts -> Email & Accounts

In this way, I have the VMClient "Azure AD registered" in the Azure AD.

I have disable the MFA for the account.

So, it seems all regular for the RDP with Azure AD.

When i try to login with RDP from the VMClient to the VMServer using AzureAD\UPN sintax I receive this error

Can you help me please?

On the VMServer (destinantion for the RDP connection) it result AzureADJoined.

Thank you for your help

Answer 1

Hi @vincent manzari ,

it looks like the user doesn't have the permission granted to log in locally on the server VM.

By default only members of the Administrators group on a server are allowed to login "locally" on the server. This includes the logn via RDP as well.

Please check if the user, that is used to logon via RDP to the server, is a member of the Administrators group on a server.

---

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards

Andreas Baumgarten

Answer 2

Hi @Andreas Baumgarten

thak you for the support. I have checked but unfortunatly the users from AzureAD are not resolved when I try to add to the Administrators group in the VM

Answer 3

Hi @vincent manzari ,

Please take a look here: Please take a look here: https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#configure-role-assignments-for-the-vm

---

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards

Andreas Baumgarten

Answer 4

Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query.

You can try the following to fix this issue:

1. Reset the Remote Desktop settings.
2. Check the endpoints for Cloud Services and the Network Security Group rules.
3. Analyze the VM console logs.
4. For the VM, reset the NIC.
5. View the health of the VM resources.
6. VM password reset.
7. Start your VM again.
8. VM redeployment

For more information on how to perform these, please see https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/troubleshoot-rdp-connection

If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

Answer 5

Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query.

You can try the following to fix this issue:

1. Reset the Remote Desktop settings.
2. Check the endpoints for Cloud Services and the Network Security Group rules.
3. Analyze the VM console logs.
4. For the VM, reset the NIC.
5. View the health of the VM resources.
6. VM password reset.
7. Start your VM again.
8. VM redeployment

For more information on how to perform these, please see https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/troubleshoot-rdp-connection

If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.