Logging into a VM using account from another Azure AD tenant

kbyun-2755 21 Reputation points
2022-06-29T14:00:40.233+00:00

Hi,
I'm trying to configure a VM so that accounts from another Azure AD/tenant can be used to login but all the documentation seems to indicate this is not possible.

For example, I have two tenants - tenantA.com and tenantB.com. I have VM called vm1-in-tenantA in tenantA.com. I would like to use user1@tenantB.com to Azure AD-joined VM for authentication.

I've tried connecting vnet-to-vnet peering between where the VM is connected to and Azure AD DS vnet, but failed to allow user1@tenantB.com to log into vm1-in-tenantA.

If my question is not clear please leave a message, and I will try my best to shape my question into better form.

Thanks and much appreaciated!

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,875 questions
Microsoft Entra
0 comments No comments
{count} votes

Accepted answer
  1. deherman-MSFT 37,081 Reputation points Microsoft Employee
    2022-06-30T17:18:46.03+00:00

    @kbyun-2755

    Unfortunately this is not currently a supported feature. A thorough explanation can be found in this previous thread.

    https://learn.microsoft.com/en-us/answers/questions/609316/unable-to-login-to-vm-by-azure-ad-guest-connected.html

    For product feedback and feature requests I will refer you to our feedback forum. This allows the community to add their voice and upvote popular ideas. The forums are monitored and responded to by our product teams.
    https://feedback.azure.com

    -------------------------------

    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
  1. Cristian SPIRIDON 4,476 Reputation points
    2022-06-29T19:46:28.063+00:00

    Hi,

    You can add user1@tenantB.com as a guest user in tenantA and then give him the required rights:

    https://learn.microsoft.com/en-us/azure/active-directory/external-identities/add-users-administrator

    Hope this helps!


  2. kbyun-2755 21 Reputation points
    2022-06-30T22:46:33.687+00:00

    My follow up question after reading through https://learn.microsoft.com/en-us/answers/questions/609316/unable-to-login-to-vm-by-azure-ad-guest-connected.html.

    Can Azure AD DS generate NTLM/Kerberos hash using external AAD, which will allow guest accounts to login to Azure DS-joined VM.

    0 comments No comments

  3. Alexandre Ribeiro do Nascimento 11 Reputation points
    2023-04-28T15:29:06.2266667+00:00

    Well, for the last five years, the one thing that holds us back from moving to Azure is those limitations of AD + Windows.

    Finally, we decided to no long use AD, nor Windows, on our company.

    We'll move our physical desktops to another big cloud vendor, which provides Linux Virtual Desktops with vanilla SAML Authentication and LDAP Authentication. So long Windows and AD for us.

    It is really embarrassing MicroSoft failing, or not properly prioritizing, to get rid of those design limitations on Windows and AD or, utterly, properly embrace industry standards like LDAP.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.