Authenticating a user from a disparat domain over RDP

Question

I have a Win10 work notebook which, many years ago, the desktop support guy set up so that I could RDP to the work notebook from my home computer. The reason for this is that the work notebook has a 14" screen and my home computer has 2x 28" screens so nuf said about that.

The work notebook is not attached to a domain, yet we log into the work notebooks using our own Azure hosted domain credentials. It took the support guy a few tries to get it working but it works. I'm not too sure technically how this is setup tho.

At home, I plug my work notebook into my home network and RDP from my home computer using my Azure credentials and I can log in and work away to my heart's content.

Today I received the dreaded call that Desktop Support want to upgrade my work notebook by sending me a new one. That means hours of setting up my apps, preferences, connections, etc. I spoke to the support guy and told him about my RDP-from-home-computer setup and he was puzzled as to how it would work.

So to help this guy out in order to setup the RDP function again, if I want to log via RDP into my work notebook using credentials from a domain which my work notebook is not connected, how does the work notebook find the domain controllers to do the authentication?

The work notebook is not on a domain, so it has a Public Connection as viewed in the Win10 Network Status, so there would be firewall settings to allow RDP over the Public network.

Answer 1

Hi,

From your description, I think the desktop support guy should set up Azure AD Join on your notebook. Once you can use your Azure hosted domain credentials to locally login to your work notebook, then you will be able to use the same credential to log via RDP.

So, for Azure AD deployment, we suggest you should post the question to the Azure Q&A forum.
https://learn.microsoft.com/en-us/answers/products/azure?product=all

I also find below articles for your reference:
https://learn.microsoft.com/en-us/azure/active-directory/user-help/user-help-join-device-on-network
https://learn.microsoft.com/en-us/azure/active-directory/devices/azureadjoin-plan
https://aadguide.azurewebsites.net/aadjoin/
https://xenit.se/tech-blog/join-windows-10-computer-azure-active-directory/

Hope above information can help you.

Thanks,
Eleven

----------

If the Answer is helpful, please click "Accept Answer" and upvote it. Thanks.

Answer 2

I can log into the notebook using my company credentials (which I assume are hosted in Azure), so the authentication method is there and is working, so I'm puzzled as to how I can NOT log into an RDP session to the same computer?

Answer 3

I've made progress. Since I can log into the notebook using the Azure/Company domain credentials, the authentication method must be setup and working. I found the following, which worked:

For the user name field should be formatted as .\AzureAD\email@mathieu.company .com

This is from http://www.bradleyschacht.com/remote-desktop-to-azure-ad-joined-computer/. On my current work notebook, when I RDP to it, I don't have to pre-add the ".\AzureAD\" as it somehow already uses that part automatically. Note, when I log into the notebook from the main screen, I can just use email@mathieu.company .com to logon, or "CompanyDomain\Username" works as well.

So is there a way to automatically add the ".\AzureAD\" to the username when logging in via RDP?