Cannot Login into Azure VMs using Azure AD Credentials same issue with AVD VMs as well

Question

Hello Folks,

I cannot Login into Azure VMs using Azure AD Credentials same issue with AVD VMs as well.

I have created a fresh VM and enabled Azure AD login while creating it under the Management tab and have added the user group in the Resource group as well with Virtual Machine admin login rights.

I am getting "the logon attempt failed" msg while trying to login with an Azure AD user however can login with local admin without an issue.

Answer 1

Hello Kapil Dupinder Singh

If you are unable to log in to Azure virtual machines (VMs) or Azure Virtual Desktop (AVD) VMs using Azure AD credentials, there are a few potential reasons and troubleshooting steps you can take:

Verify Azure AD user credentials: Ensure that you are using the correct Azure AD username (usually in the format <username>@<domain>.onmicrosoft.com) and the corresponding password. Double-check for any typos or incorrect capitalization.

User assigned to the VM: Confirm that the Azure AD user is properly assigned to the VM. Make sure the user is a member of the appropriate user group with Virtual Machine Admin Login rights.

Network connectivity and DNS resolution: Check if there are any network connectivity issues that may be preventing the VM from reaching the Azure AD authentication services. Ensure that the VM has internet access and can reach the necessary Azure endpoints. Additionally, verify that DNS resolution is working correctly on the VM.

Azure AD Connect synchronization: If you are using Azure AD Connect to sync on-premises Active Directory with Azure AD, ensure that the user accounts are successfully synchronized to Azure AD. You can check the Azure AD portal to confirm if the user accounts are present.

Password policies and expiration: Check if the Azure AD user's password has expired or if there are any password policy requirements that need to be met. If the password has expired, reset it and try logging in again.

Azure AD Conditional Access policies: Review any Conditional Access policies that may be applied to the Azure AD user. These policies can enforce additional security requirements for accessing Azure resources. Make sure the user's device and location comply with the policies.

Diagnostic logs and monitoring: Enable diagnostic logs for the VM or AVD session host to capture any potential errors or issues during the login process. Review the logs to identify any specific error messages that can help pinpoint the problem.

If you have gone through these troubleshooting steps and are still unable to log in, it is recommended to reach out to Azure support (create a billing support ticket or call customer service) for further assistance. They can help investigate the issue specific to your environment and provide additional guidance to resolve the login problem.

Please accept answer and upvote if the above information is helpful for the benefit of the community.

Answer 2

Hello @Kapil Dupinder Singh

I understand you are having trouble logging in to your Azure VMs using Azure AD credentials.

Let's try to troubleshoot the issue,

First, please make sure that you have followed the prerequisites mentioned in the documentation. You need to ensure that the VM has the "AADLoginForWindows" extension installed and that the Virtual Machine User Login role is assigned to the user group that you want to grant access to.

If you have already done that, then the issue might be related to multi-factor authentication. Please check if your Conditional Access policy excludes multi-factor authentication requirements for the Azure Windows VM sign-in cloud application. If not, you'll need to reconfigure your multi-factor authentication. To reconfigure your multi-factor authentication, follow the instructions in Enforce Azure Active Directory Multi-Factor Authentication for Azure Virtual Desktop using Conditional Access.

Let me know an update.

If this does answer your question, please accept it as the answer as a token of appreciation.