AVD local admin account's password expired and I can't reset with Azure feature

Question

My org has an AVD that was configured by a MSP before we terminated our relationship with them. Before departing from them, they created a local admin for us on our AVD to access it. Since then we haved accessed the AVD once or twice but now we cannot access the AVD because the local admin account's password is now expired and it states that we need to reset it. We tried to use the "Reset Password" tool that is in Azure web portal but have had no success. How do I get access to my AVD it is important I get access because we have users that are being synced from the DC we have hosted on it.

Answer 1

Some ideas:

Can you still get in using an AVD client? Do you have someone with owner access to the VMs? If yes to both, you can assign the Virtual Machine Admin Login role to a person's Entra identity for the VM's or Resource Group that contains the VM's. Next have that person login using AVD and they should be able to perform admin tasks within that session, to include opening a cmd prompt window as administrator. From there you can run lusrmgr and set the local administrator's password or add a new local admin user.

If you have privileged access to Microsoft Entra ID (at least Cloud Device Administrator), you can try using LAPS and get the password there.

1. In the Azure Portal, go to Microsoft Entra ID
   1. 
2. Then go to Devices
   1. 
3. Under My Feed, click on See all devices
   1. 
4. Find the Device by name that is your AVD session host, click on the name
5. Then click on Local administrator password recovery
   1. 
6. lf you don't see a password there, you will need to enable LAPS - https://learn.microsoft.com/en-us/entra/identity/devices/howto-manage-local-admin-passwords

Answer 2

Hi AdamGivens-8296 ,

If you’ve already been assigned the Virtual Machine Administrator Login role and you’re still unable to connect via RDP, there are a few things like:

Check Azure AD login is enabled on the VM

The role alone isn’t enough — the VM must have Azure AD login explicitly enabled. You can confirm this by going to the VM in the Azure Portal → Configuration → and verifying that Azure AD login is set to “Enabled.”

Use the right client and format when signing in

Make sure you’re using the latest version of the Remote Desktop client that supports Azure AD login. Also, when signing in, try using the format:

AzureAD******@domain.com

Fallback option: Serial Console (if enabled)

If the VM still isn’t accessible via RDP and Serial Console is enabled, you could try accessing it that way. It allows you to open a command prompt without needing a login session and manually reset the local admin password:

net user <username> <newpassword>

If your environment is set up for Microsoft LAPS and you’re in the right Entra role (like Cloud Device Administrator), you can recover the local admin password through:

• Microsoft Entra ID → Devices → [Your VM] → Local administrator password recovery

If you’re not seeing the password listed, it may mean LAPS hasn’t been fully set up yet.

Let me know if you have any further queries!

If the comment is helpful, please click "upvote" to let us know!

Answer 3

I was able to regain access to the VM by running a PS script (get-localuser) through the Azure portal to determine the local user accounts on the VM. Once, I was able to determine that the accounts that were on the VM didn't match any of the account on the handoff document from the MSP that we ended relations with, I then ran another script to reset the password of one of the local account and was able to then login via RDP to the VM again.

Thanks for all the assistance!