Share via

Azure VM RDP with Azure AD doesn't work

vincent manzari 41 Reputation points
2023-01-22T20:47:48.7666667+00:00

Hello all,

we need to use login to Azure Vm with Azure AD users for a customer. I have created a quick lab to test the functionallity but seems that it doesn't work.

I have created 2 VMs on Azure:

  • 1 VM named VMServer (Windows Server 2019) - is the VM where users will have to log in
  • 1 VM named VMclient (Windows 10) - simulates the user client where the RDP connection begins

When I created the VMServer we have checked the option for "login with AzureAD", and the extention is correctly present in the VMServer and it present within Azure AD devices (Azure AD joined).

User's image

To test the RDP connection, I have set the grant for the account in the Group "Virtual Machine Administrator Login" at the RG level.

Within the VMClient, I have registered the account within Accounts -> Email & Accounts

User's image

In this way, I have the VMClient "Azure AD registered" in the Azure AD.

I have disable the MFA for the account.

So, it seems all regular for the RDP with Azure AD.

When i try to login with RDP from the VMClient to the VMServer using AzureAD\UPN sintax I receive this error

User's image

Can you help me please?

On the VMServer (destinantion for the RDP connection) it result AzureADJoined.

User's image

Thank you for your help

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,806 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,778 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,582 questions
0 comments

7 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. vincent manzari 41 Reputation points
    2023-01-24T14:04:11.34+00:00

    Hello all,

    I have checked and run all tests, include recreate servers (VMClinet and VMServers)

    Now, when I try to login from the VMCLient (Vm is AD Registered on Azure AD) to VMServer (Vm is AD joined and with the extention corretly installed) I see these error on the Event Viewer from the VMServer

    Http request status: 400. Method: POST Endpoint Uri: https://login.microsoftonline.com/ea13cfea-b639-4fde-bc89-84b4c059bd98/oauth2/token Correlation ID: BBB2AE20-0F77-4F35-8843-A11D17B9581E

    OAuth response error: interaction_required

    Error description: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '0469d4cd-df37-4d93-8a61-f8c75b809164'.

    Trace ID: 3ee7146f-df07-46b6-b9d5-30fdf707ad00

    Correlation ID: bbb2ae20-0f77-4f35-8843-a11d17b9581e

    Timestamp: 2023-01-24 13:56:38Z

    CorrelationID: bbb2ae20-0f77-4f35-8843-a11d17b9581e

    Logon failure. Status: 0xC0000250 Correlation ID: BBB2AE20-0F77-4F35-8843-A11D17B9581E

    Here the screenshots

    User's image

    User's image

    User's image

    For my account, I have the MFA active, but I have configured exclusions on Conditional Access for the cloud apps (VM Login and also for the app with the name of VMServer.

    Can you help me to understand why it doens't work?

    Thanks

    0 comments
  2. vincent manzari 41 Reputation points
    2023-01-30T13:23:45.99+00:00

    Hello,

    can someone help me?

    Thanks

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.