We experienced this issue during a POC of Dev Box and tracked it down to WS-Trust protocol being disabled on the ADFS servers in our environment last month due to the documented Microsoft best practice document to eliminate inherent vulnerabilities. https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs#disable-ws-trust-windows-endpoints-on-the-proxy-from-extranet As such, any federated organization that has followed this best practice to disable this protocol will be unable to authenticate to a Dev Box or likely other VM's using a federated login relying on WS-trust.
When connecting to an Azure VM with AAD enabled, the accounts do not work
Hannes Brunner
16
Reputation points
My assigned user accounts for admin and normal users from AAD are not accepted in a Windows VM. The following error messages occur in the event viewer on the VM:
AAD Cloud AP plugin call Lookup name name from SID returned error: 0xC00485D3
and
Http request status: 400. Method: GET Endpoint Uri: https://login.microsoftonline.com/<Removed> Correlation ID: <Removed>
AzureAdPrt is NO