Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
How to connect to Azure VMs using our MS Entra-ID login, the same as used to connect to Azure portal.
Ranny Meier
0
Reputation points
We were able to connect using RDP and the admin account that is on the VM.
The AADLogin extension is present on the VM. The login attempt failed.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Rukmini 36,695 Reputation points Microsoft External Staff Moderator2026-03-25T18:28:52.55+00:00 Hello Ranny Meier
Users must be assigned either the Virtual Machine Administrator Login or Virtual Machine User Login role to sign in to the VM. Having the Owner or Contributor role alone doesn't grant sign-in privileges.
Typically, issues signing in to a VM using Entra ID are related to Multi-Factor Authentication (MFA) being enforced through per-user MFA settings, Security Defaults, or Conditional Access policies.
If per-user MFA is enabled for your account. As per standard procedure, disabled it.
Check Security defaults, if it's enabled in your tenant. if yes, disable it.
Check Conditional Access requiring MFA excluding the "Microsoft Azure Windows Virtual Machine Sign-in" app (App ID:
372140e0-b3b7-4226-8ef9-d57986796201) from the targeted cloud apps.Enter credentials in the
AzureAD\UPNformat (for example,AzureAD\******@contoso.com)Once this is done, you will be able to login successfully to VM.
For reference, see this Microsoft Learn article: Sign in to a Windows virtual machine in Azure by using Microsoft Entra ID.
Let me know if any further queries - feel free to reach out!
-
Rukmini 36,695 Reputation points Microsoft External Staff Moderator
2026-03-26T18:28:05.4933333+00:00 Hello Ranny Meier Following up to see if the above provided information was helpful. If you have any further queries do let us know.
-
Ranny Meier 0 Reputation points
2026-03-30T23:53:08.9+00:00 We used to be able to get to Multifactor Authentication in the Admin screens. Over the last few years, we have been getting Azure prompts to migrate to new authentication admin methods. We have been getting messages that multi-factor is required in order to access the Azure screens. We accepted all of the recommendations. We pay $29 / month for basic support. We pay about $600 / month on Azure services. Unfortunately, now we are unable to see anything about multi-factor authentication in the admin screens. We have been unable to create any support request. It seems that MS has succeeded in gradually taking away these things. Not a happy customer here.
-
Rukmini 36,695 Reputation points Microsoft External Staff Moderator
2026-03-31T00:01:02.3266667+00:00 Hello Ranny Meier
I understand this can feel frustrating, but what you’re seeing is part of the transition to the newer Microsoft Entra ID experience.
MFA is no longer managed in the old screen and now handled through Conditional Access.
Hence to fix the issue:
- Go to Entra Admin Center → Protection → Conditional Access
- Open your policy that requires MFA
- Under Cloud apps, exclude: Azure Windows VM Sign-in
Save and try the VM login again
This way:
- MFA remains enforced for portal and other apps
- VM sign-in works correctly without being blocked
For reference, see this Microsoft Learn article: Sign in to a Windows virtual machine in Azure by using Microsoft Entra ID.
If anything is unclear, I’m happy to guide you step-by-step.
-
Ranny Meier 0 Reputation points
2026-03-31T02:16:06.7166667+00:00 We are unable to find Entra Admin Center → Protection anywhere on our screen.
-
Ranny Meier 0 Reputation points
2026-03-31T02:33:54.3466667+00:00 We found the Conditional Access page. It says we need to upgrade before we can use Conditional Access.
We all have MS365 Business Standard license and also use some storage and VMs on Azure.
We will have to think about needing to upgrade in order to login to the VM. -
Rukmini 36,695 Reputation points Microsoft External Staff Moderator
2026-03-31T17:05:01.0566667+00:00 Ranny Meier Lets continue over private messages!
-
Rukmini 36,695 Reputation points Microsoft External Staff Moderator
2026-04-02T16:48:16.21+00:00 Please check private messages!
-
Raja Pothuraju 47,165 Reputation points Microsoft External Staff Moderator2026-04-06T09:53:49.95+00:00 Hello @Ranny Meier,
Based on your description, I can see that you’ve already verified most of the prerequisite requirements. However, I suggest checking the following additional points:
- Per-user MFA: Ensure that the user is not enabled or enforced in per-user MFA settings.
- Conditional Access Policies: If there is a Conditional Access policy requiring MFA, please make sure to exclude the "Microsoft Azure Windows Virtual Machine Sign-in" app (App ID:
372140e0-b3b7-4226-8ef9-d57986796201) from the targeted cloud apps.
Also, make sure you meet this condition:
Remote connections to VMs that are joined to Microsoft Entra ID are only allowed from Windows 10 or later PCs that are either Microsoft Entra registered (minimum build 20H1), Entra joined, or Entra hybrid joined to the same directory as the VM.
For reference, see this Microsoft Learn article: Sign in to a Windows virtual machine in Azure by using Microsoft Entra ID.
If MFA isn’t enabled through per-user MFA or conditional access policy and still unable to login into VM.
Try to if Security Defaults were enabled in your tenant. While Security Defaults typically do not affect non-admin users signing into a VM, they do require Global Administrators to complete MFA. If your account has the Global Administrator role assigned, MFA is still being enforced due to Security Defaults. As per design we can’t login into the Azure VM with Microsoft Entra ID user if the MFA is being applied on VM login.
To work around this, create a new Global Administrator account and a backup admin account, then remove the Global Administrator role from your main account. This allows you to sign in to the VM without being prompted for MFA.
If you are still unable to sign in to the VM using Entra ID credentials, please share your email address and availability for a call over private message, and I’d be happy to assist you further.
Sign in to comment
Sign in to answer