Allowing on all users to login on remote AAD joined machine

Ward Anderson 11 Reputation points
2020-02-25T11:12:13.41+00:00

Morning!

I'm trying to build out new offices with smaller footprints. One of my ideas was to put the machines into AzureAD. I've done that, but what I see is I can only login with the user that's assigned to the machine. Is there a way I can register these machines in AAD and have them allow all of my users to login to these devices? I have M365 licensing with P1 and all of that now on top of my E3 licensing.

If I can sort this out it'll be a game changer for us because I can setup offices very cheap. Any ideas would be awesome.

Thanks!
Ward

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,301 Reputation points
    2020-02-27T06:00:00.74+00:00

    @Ward Anderson

    In order to allow all Azure AD users in your Azure AD tenant to log into azure joined machines using RDP, you need to configure Remote Desktop settings as highlighted below:

    3581-untitled.png

    Once this is done, you can login by using AzureAD\UPN format i.e., AzureAD\username@your_tenant.onmicrosoft.com or AzureAD\username@your_verified_domain.com

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.

    2 people found this answer helpful.
  2. Byron Viljoen 1 Reputation point
    2020-02-25T20:07:44.093+00:00

    If your servers are hosted within Azure you can install the Azure Active Directory Domain Services extension.

    https://azure.microsoft.com/en-us/services/active-directory-ds/

    This will allow you to join your Azure hosted servers to your domain.

    Once the servers are joined you will be able to assign roles and permissions from users within your Azure active directory.

  3. Ward Anderson 11 Reputation points
    2020-02-28T14:40:27.713+00:00

    That doesn't seem to work. I tried AzureAD\user@keyman .tld on this machine I just added and it's saying "Invalid password." I joined it with my global administrator account in AAD.

    The steps I took were:

    1.) Took a test machine of mine off the domain.
    2.) Joined it to Azure AD through Settings > etc etc
    3.) Switched user.
    4.) Logged in with the account that I registered it with.
    5.) Switched user.
    6.) Tried AzureAD\OtherUser@keyman .tld

    No dice thus far. Maybe I'm missing some settings in AAD? I have Password Hash sync setup and password writeback as well. I feel like I'm close!

    0 comments
  4. Anonymous
    2020-02-28T15:26:56.783+00:00

    Hi Ward,

    I'm looking at your request that is similar to mine.

    https://learn.microsoft.com/answers/questions/10517/azure-vm-rdp-access-using-aad-user-credential.html

    I hope we may find the solution.

    Enrico