Azure AD (free) "Security Defaults" setting enabled seems to prevent RDP to Azure VM's - how to resolve?

Gary Mansell 111 Reputation points
2022-04-01T17:03:32.683+00:00

I have an Azure AD Tenant (Free) and I have connected an Azure VM (Win10 Pro 21/H2) to it, but find that I cannot login to it via RDP with any Azure AD user accounts (with VM Administrator/User RBAC roles) from my home Win10 machine that is also connected to the Azure AD Tenant.

The user account on the Windows 10 Pro 21/H2 home machine has Windows Hello and a PIN set - which I believe is considered a Strong Authentication mechanism wrt MFA.

If I have "Security Defaults" enabled on my Azure AD tenant, my users cannot login, whereas if I set it to disabled - then they can login - I suspect that this is due to "Security Defaults" forcing MFA for my users (which I want), but that the Windows login is not able to accept the MFA login (but I thought it should if the client endpoint has Strong Auth / Windows Hello & PIN).

I want to have "Security Defaults" Enabled for security reasons, but also want to be able to RDP to my Azure VM's - how can I do this?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,107 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Andrei D 0 Reputation points
    2023-05-16T08:55:39.4866667+00:00

    Hi @Gary Mansell .

    How did you fix this? I have the same scenario with Security Defaults enabled and some AVD users can login and some don't. Getting the "The username and password used to connect to the remote resource didn't work".

    Any help is appreciated.

    Thanks.

    0 comments No comments