Here you go.fixing-issue-of-remote-sign-in-though.html
Intune Device Sign in Error: To sign in remotely, you need the right to sign in through Remote Desktop Services.
I have set up an Intune lab with one device (VM), and one non-admin user. I've successfully added the device to Intune along with my desired apps and scripts. However, most of the time when I try to log in to the device with my user account and corresponding M365 password, I get the following error:
To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Remote Desktop Users group have this right. If the group you're in doesn't have this right, or if the right has been removed from the Remote Desktop Users Group, you need to be granted this manually.
The other option I have when receiving this error is trying to sign in the the PIN which I created for my test user, in which case when doing so, I get a different error:
The security device cannot process the PIN. The PIN has been blocked temporarily because too many incorrect PINs have been entered. Try again later. If this message reoccurs, contact your administrator to reset the lockout period for this security device.
It's super strange, because sometimes if I stay at the error screen for a minute or two, the login screen will sort of reset/reconnect, after that point I'll be able to log in with my PIN or password without issue. Even when I am receiving the error, I am able to log in with my M365 admin account, but am unable to add my test user to the Remote Desktop users group, because I am unable to resolve the test user's principle name from the Admin account.
However, if I were to login to my test user account successfully and reboot the VM, I am once again faced with the same exact errors stated above. Any ideas? Thanks!
1 additional answer
Sort by: Most helpful
-
Rahul Jindal [MVP] 9,881 Reputation points MVP
2022-02-17T09:09:53.617+00:00 What you need to do is add the UPN in the remote desktop users built-in group using Intune policy. Either use a CSP or the preview feature of local user group. I am writing a blog on it today and will share it here when done.