Thank you for reaching out to the Microsoft Q&A platform.
Have you added the RDP property "targetisaadjoined:i:1" when trying to connect from devices that are not in the same tenant as your session host?
Also check the Azure AD User Sign Log to see if a conditional access is blocking login to the VM machine. See more information here:
If this does answer your question, please accept it as the answer as a token of appreciation.