This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 31%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Hello,
I have 3 points to confirm as follows with respect to Azure-AD joined VM authentication with Azure-AD for Linux and Windows VM explained at
https://learn.microsoft.com/en-us/azure/virtual-machines/linux/login-using-aad
https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows
1. As we know, the device from which we are kicking RDP-client to get into Windows VM must be AAD-joined or Hybrid-joined or AAD-Registered.
My understanding is there is NO restrictions with respect to the account.
Meaning, I can log in to the device with user1@Company portal .com but when pulling up RDP-client I can use user2@Company portal .com
2. Since this windows or Linux VM is registered as AAD-joined, who becomes the device-registered-owner and Device-Registered-User in Azure-AD ?
3. You said that the support is added in the next release of Windows to allow an Azure AD Registered Windows 10 box to RDP to an Azure AD join target machine.
This will allow you to add additional work or school accounts on you Windows 10 PC for each of the customer tenants you manage and then use the respective account to connect over RDP to your target Azure AD joined machine.
However, as per my understanding the device can be registered to only ONE tenant and all the additional work or school accounts that are added should also be from the SAME tenant.
Am I wrong in my understanding ?
Thanks.
thanks @alfredo-revilla-msft
Just for my clarification I am answering in-line to your answers.
You can use any Azure AD user account that has been granted one of the following RBAC roles: Virtual Machine Administrator Login or Virtual Machine User Login. RDP is used to connect to Windows devices, SSH to connect to Linux.
Yes, I agree about the user's RBAC role. I am however not talking about this user-account.
I am talking about the user-account used to log into this AAD-joined or Hybrid-joined device itself.
Does the account used to log into this AAD-joined or Hybrid-joined device = account used to log into RDP-client
Linux devices cannot be joined to Azure AD.
OK got it.
And for windows VM, who would be the device-registered-owner and Device-Registered-User in Azure-AD
Please share the link to the related documentation.
Please check https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-authentication-to-windows-vms-in-azure-now-in-public/ba-p/827840
Thanks @testuser7 for clarification:
Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.