RDP into Azure VM

testuser7 271 Reputation points
2024-03-01T14:30:57.9833333+00:00

Hello,

one basic Q.    I have put the screen shot of my Azure-AD joined  VM's  login screen.

As you guess, I can easily get into VM by putting my AAD username and password.

Instead of that,   if I want to do   WHfB  authentication,  can I do it from login screen  ??

If yes,  how to get the WHfB    tile on login screen so that once clicked, through hardware redirection  I finish the authentication on my physical laptop which is also with the same tenant.   ??

I tried to turn ON WHfB credential provider GUIDs in registry but it did not help.

 User's image

Thanks.

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,692 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,884 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,936 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,272 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Nagappan Veerappan 651 Reputation points Microsoft Employee
    2024-03-04T19:55:32.1233333+00:00
    • @testuser7 Hope you are doing well. It is a good question.

    WHFB is not available over RDP lock screen of the remote VM. no way to show the tile on your lock screen. Sorry, Its only available to the local login of the VM (aka console login) for security reasons.

    Then how can we use passwordless authentication over RDP from your base machine?.

    you can split your base machine to category

    A) Hybrid Entra id joined (Domain joined + Entra Joined)

    1. use host machine authentication via smart card redirection capability to your VM
      (complex to setup )
      https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/rdp-sign-in?tabs=intune
    2. Enable credential guard
      https://learn.microsoft.com/en-us/windows/security/identity-protection/remote-credential-guard?tabs=intune

    B) Entra joined base machine

    1. if recent release of windows . like win 11 no additional config required.
    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.