RDP to Azure AD Joined machines from workgroup machine

Question

Hi,

 

We have the following scenario. As of today, our users have 2 machines. One machine is added to the local domain, and one machine is Azure AD Joined (Intune), both these machines are located on the office network. When the user work from home, he can take his laptop (third machine) and use RDP with RDS gateway and MS MFA to RDP to their machine in the office that is added to the local domain.

Now the challenge is to RDP to the machine that are also in the local office but only Azure AD Joined. I have read an article about disabling NLA, add the user to the Remote Desktop Group, and add the following two lines to the RDP file “enablecredsspsupport:i:0” and “authentication level:i:2”. Then we type in the IP address, *@email.com (also tried AzureAD*@email.com and .\AzureAD******@email.com) and connect, we are prompted for MFA, but then it does not find the machine. I would guess that the IP should work, but not.

We have also tried to connect from the laptop with VPN, and then do a RDP with the same settings above except RDS, and still no connection.

If we take our laptop to work, and connect to Wifi then we are able to RDP to the Azure AD Joined machines.

Comments ?

 

Thanks for any reply

/R

Andry

Answer 1

Hello

Thank you for your question and reaching out. I can understand you are having query\issues related to Azure AD joined machine can not be accessed.

Please check if you any Conditional Access policies or Azure firewall rules set by your IT or Tenant Admin which will block connection from some IPs or Outside of Office network.

Also , Please Disable any Antivirus program or Windows firewall you may have for temporary purpose.

Reference :

https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#using-conditional-access

--If the reply is helpful, please Upvote and Accept as answer--