Share via

Connect with user Entra ID on VM Azure

Francesco Russo 170 Reputation points
2024-02-29T09:15:44.7466667+00:00

Good morning, I followed the Microsoft guide for logging in with user Enter ID into an Azure VM via RDP only that it always gives a login error as if the service wasn't active or I don't have permissions, do you have any suggestions? The user I use does not have a license for Entra ID (use Entra ID Free) and was given the role to access the VM My intent is to create a Windows 11 VM, give access to the user, have the user connect to a VPN to see my network and when it is no longer needed, dispose of the VM

https://learn.microsoft.com/en-us/entra/identity/devices/howto-vm-sign-in-azure-ad-windows

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,870 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 22,431 Reputation points Microsoft Employee
    2024-02-29T22:54:20.88+00:00

    Hi @Francesco Russo , please follow these troubleshoot steps and let me know if they resolve your issue:

    1. Make sure that the Entra ID user has been added to the "Remote Desktop Users" group on the VM. You can do this by logging in to the VM using an administrator account, opening the "Computer Management" console, and adding the Entra ID user to the "Remote Desktop Users" group.
    2. Make sure that the Entra ID user has the correct permissions to access the VM. You can do this by assigning the Entra ID user the "Virtual Machine Administrator Login" or "Virtual Machine User Login" role in Azure RBAC. You can assign the role in the Azure portal or using Azure CLI.
    3. Make sure that the Entra ID user is using the correct format for the username when logging in to the VM. The format should be "AzureAD\username" or "[username@domain.com]", depending on the Azure AD configuration.
    4. Make sure that the Entra ID user has a valid password or has set up multi-factor authentication (MFA) if required. You can check the password or MFA settings in the Azure portal.
    5. Make sure that the VM is running and is accessible from the Entra ID user's network. You can check the VM status and network settings in the Azure portal.

    If you have checked all of these things and are still having trouble logging in, you can try to reset the Entra ID user's password or MFA settings, or you can try to log in using a different user account to see if the issue is specific to the Entra ID user.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

  2. Pinaki Ghatak 2,405 Reputation points Microsoft Employee
    2024-03-01T19:41:25.1633333+00:00

    Hello @Francesco Russo

    You’re trying to accomplish several tasks: creating a Windows 11 VM in Azure, giving a user access to that VM, having the user connect to a VPN to see your network, and finally disposing of the VM when it’s no longer needed. Let’s break down these tasks:

    1. Creating a Windows 11 VM in Azure: You can create a Windows 11 VM in Azure using the Azure portal.
    2. Make sure to choose the correct image for Windows 11 during the VM creation process.

    Giving a user access to the VM: To give a user access to the VM, you can use Azure role-based access control (Azure RBAC).

    You can grant a user access to Azure resources using the Azure portal

    You can also assign a user as an administrator of an Azure subscription with conditions.

    1. Connecting to a VPN from the Azure VM: To connect your Azure VM to a VPN, you can set up a site-to-site VPN connection between your on-premises network and the Azure virtual network.

    You can also configure the Azure VPN Client for Microsoft Entra authentication.

    Disposing of the VM

    You can also use PowerShell to delete the VM and clean up other related resources.

    Please note that the user needs to have the appropriate permissions to perform these tasks. If you’re still having trouble with the Entra ID login, it could be due to several reasons such as issues with the Remote Desktop service on the VM, the network connection, or the Remote Desktop client on your host computer

    You might want to check these aspects and also ensure that your VM’s network configuration permits outbound access to the necessary endpoints.

    Remember to replace any placeholder (like Entra ID) with the actual service name.

    If this information provided here helps solve your issue, please tag this as answered, so it helps further community readers, who may have similar questions.

    0 comments
  3. Anton Melin 0 Reputation points
    2024-04-10T10:45:31.06+00:00

    i have tried ever all te five steps that is written here, but i cant log in with my azure users?

    i wonder if it is any other problem for me? i have configured everything right ant the users are in the remote desktop users group and i have assinged roles right roles to the users. The virtual machine that i have created is support AADLoginforwindows? i cant log in with my credentials either when i try to login it says: The remote computer is AAD connected. try using your work email address if you want to log into your work account.

    But when i try to log in with my username@mydomain.com it only says you credentials did not work.

    does someone know what the problem is?