![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 85%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYC%3C/text%3E%3C/svg%3E)
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,981 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 73%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi Yong Chin Kuo,
Based on the error details you shared, I have shared troubleshooting steps that I felt will help resolve the issue you reported.
See that the Target PCs Are Joined to Azure AD: On your PC, go to Settings → Accounts → Access work or school. Now Click on Connect and select Join this device to Azure Active Directory. Enter your Azure AD credentials and complete the joining process.
For detailed information, please visit https://support.microsoft.com/en-us/account-billing/join-your-work-device-to-your-work-or-school-network-ef4d6adb-5095-4e51-829e-5457430f3973#:~:text=To%20join%20an%20already%20configured%20Windows%2010%20device,password%2C%20and%20then%20select%20Sign%20in.%20More%20items
Enable Remote Desktop on Target Machines: To set up remote access on a device, navigate to Settings, then System, and finally Remote Desktop. Here, toggle the Enable Remote Desktop switch. Next, click on Advanced settings and verify that Network Level Authentication (NLA) is enabled. Additionally, ensure that the firewall on the PC is configured to allow incoming traffic on RDP (port 3389).
For detailed information, please visit https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-allow-access#how-to-enable-remote-desktop
Configure Azure AD Permissions for Remote Desktop: Azure AD Device Settings: In the Azure portal, navigate to Azure Active Directory → Devices → Device settings. Ensure that "Users may join devices to Azure AD" is set to All or your specific group. If needed, you can create specific security groups for those allowed to access devices via RDP.
Assign Remote Desktop Access Permission: In Azure AD, navigate to Azure Active Directory → Enterprise applications → User settings. Ensure that remote access is allowed for users. For users who need to access the devices, assign them the Remote Desktop Users role.
Remote Desktop Client Settings (Windows App): Open the Windows App and try adding a PC or Workspace using the Azure AD credentials of the user who has permission to connect to the target machine. Use the device's name or IP address to connect. Make sure the account is a member of the Remote Desktop Users group on the target PC.
For Connecting to Azure VMs:
Enable Azure AD Login for VMs: If your VMs are Azure AD-joined and you can use Azure AD credentials to log in: Go to the Azure Portal and navigate to the Virtual Machine settings. Under Settings, select Configuration and enable Login with Azure AD.
https://learn.microsoft.com/en-us/entra/identity/devices/howto-vm-sign-in-azure-ad-windows
Assign Azure AD Users to VMs: Go to your VM resource in Azure. Under Settings, click on Access control (IAM). Add a role assignment by selecting the Virtual Machine Administrator Login or Virtual Machine User Login role for your Azure AD user.
If needed, make sure the Azure AD login extension is installed on the VM. This ensures that Azure AD credentials can be used for login.
Enable RDP for VM Access: Under Settings, select Networking. Make sure an inbound rule allows RDP (port 3389) from the IP range you intend to connect from. If there's a Network Security Group (NSG) attached to your VM or subnet, ensure that an inbound security rule exists to allow traffic on port 3389 or else create the rule by going to Networking > Add inbound port rule, setting the Destination port as 3389, and the Source as either your IP address or a range.
You can connect to Azure VMs via RDP using either the public IP address of the VM or a Bastion connection. Open the Remote Desktop Connection (RDP) application on your local machine and enter public IP. Use the credentials (either local admin or Azure AD credentials if enabled) to log in.
https://learn.microsoft.com/en-us/windows-app/troubleshoot-basic?tabs=windows
Please let us know if you have any further queries. I’m happy to assist you further.