Enable RDP via Intune

Johannes Ebner 246

Hi,

I have 4 AzureAD joined Clients in a network. I want to enable RDP connection for my Admin Account to the Clients.
Myself will connect via VPN to the Network with the Clients.

How could I achieve this?

Br,
Johannes

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
0xjoe 15 Reputation points

2024-01-04T21:26:14.0533333+00:00

Hi Jatin,

Thanks for the tip on the Settings Catalog. I followed the guide, and all seemed to be going well. The configuration profile was successfully deployed to the endpoints. I also noticed that on the hosts, the Remote Desktop Settings indicate that "Some settings are managed by your organization," which is a good sign. The problem is that the Remote Desktop Setting toggle on the endpoint is set to Off and greyed out. On the configuration profile, I have it set to "Enabled" to Allow users to connect remotely by using RDP. I'm not sure what the problem is. I hope you can share some insight.
JamesCFI 1 Reputation point

2024-06-18T20:19:58.6833333+00:00

So i have this same issue, I have the policy configured

control panel says "Remote Desktop OFF" and managed by my organization (which is me im the admin trying to fix this for some users).

MDM logs says otherwise

The only thing that sort of caught my eye was Remote Desktop - User Mode (UDP-In) & Remote Desktop - User Mode (TCP-In) were both set to disabled.

I enabled those firewall policies on the target endpoint and then i enabled "Use a web account to sign in to the remote computer" option in the Advanced tab of the remote desktop settings connectoid.

Decided to test this and BOOM, connected... do I know why? no clue.. don't care it "works" for now and it at least is a work around, pretty sure it wont be temporary eh... eh? 😔

Is this right? no clue, again dont care the policy technically has this enforced to on for everyone so at most im "fixing" the problem, maybe MS should make it easier to trouble shoot intune policies because rsop dont work, gpresult don't work, a bunch of 3rd party bots are on the other top answers telling people "oh gee this product over here has the thing you need wink wink"

Some notes

must use the name of the endpoint, im assuming because of certs, and the username is your o365 user or AzureAD\email, lock screen doesnt work you instead get disconnected.

And im assuming you must still enable "Allow users to connect remotely by using Remote Desktop Services" in intune even though it shows off in the panel.

other info: https://learn.microsoft.com/en-us/windows/client-management/client-tools/connect-to-remote-aadj-pc

hopefully the next person that finds this post figures out the rest of whatever is going on

windows 11 latest update as of the posting with AADJ device up in entra using e3 azure/entra, yes intune license and yes other intune device settings work, the "Allow users to connect remotely by using Remote Desktop Services" is only showing set to the user and not the device in the console but the MDM report shows its on the device

again no clue, dont care it works/whatever

Answer accepted by question author

Lu Dai-MSFT 28,531

@Johannes Ebner Thanks for posting in our Q&A. From your description, I know that you want to enable RDP connection for his admin account to AzureAD joined clients via intune. If there is any misunderstanding, feel free to let us know.

To achieve this operation, we need to configure remote settings and get the RDP configure file.
For configuring remote settings in intune, here are the detailed steps for the reference:

Go to Microsoft Endpoint manager admin center. Create a custom profile and deploy this profile to the device group you want.
Name : Set a name for this profile.
OMA-URI setting: ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/AllowUsersToConnectRemotely
Data Type: String
Value: <enabled />
After the profile deploy successfully, we can find the remote setting is changed.

To make clients get the RDP configure file, my thought is that we can create the RDP configure file in step2 in the link that RahulJindal improved. Then, put RDP configure file in an accessible location, write a PowerShell script to download this RDP configure file.

Hope it can help.

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Luca Chana 11 Reputation points

2021-04-22T15:15:18.557+00:00

After making the policy in intune and seeing that it's applied to the devices, I see the remote settings are correct and enabled via control panel but when I look in the settings app it shows disabled and I cannot connect. It shows "Some settings are managed by your organisation" with "Enable Remote Desktop" as off? EDIT: To fix I had to run these powershell commands to enable RDP and open the firewall... Would think that intune would automatically open the firewall but ok.
Tiago Marques 1 Reputation point

2022-02-24T18:36:37.047+00:00

Thank you, really helped.. tho ive got some regards using NLA... how to enable it on intune? (endpoint manager)

Is there an OMA-URI for that too? I lost connection with my devices, theyre azureAD joined...

Thankx in advance
Lu Dai-MSFT 28,531 Reputation points

2022-02-25T00:52:26.75+00:00

@Tiago Marques This setting "Require user authentication for remote connections by using Network Level Authentication" under Administrative Templates may make it.
Tiago Marques 1 Reputation point

2022-02-25T09:59:21.317+00:00

@Lu Dai-MSFT thank you, that did the job!

Cheers!
James Denis 11 Reputation points

2022-05-17T17:01:20.72+00:00

So I'm running into a similar issue as well, I was able to get remote assistance with NLA toggled on in advanced system settings but under settings>system>remote desktop : the icon is toggled off and grayed out.

Can you share what powershell commands you needed to run to enable RDP and add the firewall rule you needed to allow the incoming connections?
0xjoe 15 Reputation points

2024-01-04T21:35:59.3833333+00:00

Yes please I would love to get some insight into this. Thanks

8 additional answers

Tim 1 Reputation point

2021-11-15T23:40:06.5+00:00

Hi all, along with the custom OMA- URI I've found a few other pieces are needed to get this working.

Also, you may want to add an oma-uri policy for no sleep settings on the target machines if wake on LAN isn't enabled.

For us, we have also added intune device config profiles- endpoint protection.

Allow specific IPs or any as needed, add ports needed, ie 3389. I have also found the remote ports must be using more than 3389 as when tied to this the policy failed. Ill update once i have more info on that.

This should be enough to get connections on the same subnet, if you need remote access youll need to configure a firewall policy to allow this too- ironically the easiest part.
Was this answer helpful?

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Carneol, Steve 1 Reputation point

2021-04-27T13:58:09.177+00:00

Where is the setting to Allow all Primary users of the work computer to remotely connect that was available via Remote Connection Profile in ConfigMgr which doesn't apply once you move to Co-management with the Device Configuration Workload set to Pilot Intune or Intune. Sliding the Device Configuration Workload to the left (Configuration Manager) is not an option since there are other settings like the OneDrive for Business Profiles that also fall under the Device Configuration Workload that has to apply to our Co-managed clients.
Was this answer helpful?
Mitja Cvikl 0 Reputation points

2024-01-11T09:41:22.33+00:00

Did you found a solution for Co-managed devices?
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Johannes Ebner 246 Reputation points

2020-12-08T08:54:45.84+00:00

I added a firewall rule for RDP. Now it is working.
Was this answer helpful?
Lu Dai-MSFT 28,531 Reputation points

2020-12-08T09:18:58.927+00:00

@Johannes Ebner Thanks for your response. I'm glad to hear it is working.

Appreciate your time and have a nice day. : )

Tim Turner 1 Reputation point

2021-03-31T00:46:34.19+00:00

What firewall rule did you create?
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Johannes Ebner 246 Reputation points

2020-12-08T07:56:43.343+00:00

I am playing now with firewall rules, maybe this is the reason why it is still not working
Was this answer helpful?
Lu Dai-MSFT 28,531 Reputation points

2020-12-08T08:22:51.813+00:00

@Johannes Ebner Thanks for keeping us informed of the latest update. I know that you begin to create the RDP configure file.

If you have any problem in the future, welcome to post in our Q&A. : )
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Enable RDP via Intune

8 additional answers

Your answer