Does Azure Bastion support for Azure Active directory login

Mahavir Saroj 201 Reputation points
2024-03-23T17:53:13.1033333+00:00

I have created and configured my Windows VM (Windows Server 2019 Datacenter) for Azure AD login along with the Virtual Machine Administrator Login role. I have configured Azure bastion also, but not able to login with AAD credentials to Azure VM via Bastion.

Is there any such document of Microsoft where it's clearly written that Azure bastion doesn't support to AAD login.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,437 questions
{count} votes

Accepted answer
  1. Shweta Mathur 27,301 Reputation points Microsoft Employee
    2024-03-26T04:39:00.67+00:00

    Hi @Mahavir Saroj ,

    Thanks for reaching out.

    Azure Bastion can be used to log in with Microsoft Entra ID authentication using Azure CLI and the native RDP client mstsc.

    The native client feature allows you to connect to your target VMs via Bastion using Azure CLI, and expands your sign-in options to include local SSH key pair and Microsoft Entra ID.

    Please note - Microsoft Entra Guest Accounts can't connect to Azure VMs or Azure Bastion enabled VMs via Microsoft Entra authentication.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.


1 additional answer

Sort by: Most helpful
  1. Azar 18,375 Reputation points
    2024-03-23T17:57:47.7933333+00:00

    Hey there Mahavir Saroj

    Thanks for posting oin QandA platform

    I guess Bastion allows login into VM's using Azure AD credentials for VM's with Azure AD sign-in, Azure AD joined devices and hybrid Azure AD joined devices.. Also, you can use it to login into Azure ADDS joined devices using Azure ADDS credentials.

    Let us know if you need additional assistance. If the answer was helpf

    Follow this documentation for more info

    https://learn.microsoft.com/en-us/azure/bastion/native-client

    Reference https://learn.microsoft.com/en-us/answers/questions/847495/azure-bastion-logon-via-azure-active-directory-dom

    If this helps kindly accept the answer thanks much.