Let’s check how to Take RDP of Azure AD Joined Azure VM (Virtual Machine). Use your corporate Active Directory credentials to log in to the VM, enforce MFA, and enable access via RBAC roles. More details are available in RDP Of Azure AD Joined Device MS-Organization-P2P-Access Certificate – HTMD Blog #2 (howtomanagedevices.com)
NOTE! – The option to log in with Azure AD credentials is only supported for Server 2019 Datacenter edition or Windows 10 1809 and later.
Login with AAD credentials
How to enable Azure AD Join for Azure VMs? Login to Azure VM with AAD credentials?
While creating an Azure Virtual Machine, you need to select the following option called – Login with AAD credentials to ON
NOTE! – More details about the Azure Virtual Machine creation process are available in the previous post.
AAD Login for Windows
AAD login for the Windows process is part of the virtual machine creation ARM template when you select the option “Login with AAD Credentials = ON.”
Logon with Local Admin Account
The build process of Azure AD Joined (? Is this really AAD Joined VM?) Azure VM is completed. Now, you can logon to VM using the local admin account to check the experience if you are interested:)
NOTE! – You can only take RDP of Azure AD Joined Azure VMs from Windows 10 Azure AD joined or Hybrid Azure AD joined devices. Even if you assign the permissions mentioned in the below section.
In this post (below), I have explained how to take RDP of Azure VM using Azure AD credential from the Azure Bastion solution. Learn more about Azure Bastion.
Configure RDP Access for Azure VM
- Navigate to the specific virtual machine overview page
- Select Access control (IAM) from the menu options
- Select Add, Add role assignment to open the Add role assignment pane.
- In the Role drop-down list, select a role such as Virtual Machine Administrator Login (admin user) or Virtual Machine User Login (non-admin user)
- Search for the user
- Select the user
- Click on SAVE button to complete the process
Login with Azure AD Credentials
As I mentioned above you can take the RDP of Azure VM only from an Azure AD joined or Hybrid Azure AD joined VM. In the following scenario, I have taken RDP of Azure AD Joined Azure VM using Bastion.
Take RDP of Azure AD Joined Azure VM Using Bastion
Now let’s see how to take RDP of Azure AD joined Azure VM using Bastion.
- Build TWO Windows 10 1909 VMs with Login with AAD credentials to ON option – Let’s call these VMs ==> anoopwin10-1 & anoopwin10-2
- Connect to anoopwin10-1 using local admin credentials (anoopwin10-1\anoop) as you can in the below screen capture via Azure Bastion
- Once logged into anoopwin10-1 azure VM, take MSTSC or RDP of anoopwin10-2 VM using Azure AD Credentials.
The Azure Virtual Machine is connected to Azure AD. The RDP access is available via Azure Bastion if you are ok to spin up one extra Azure AD joined Windows 10 VM in Azure.
- Sign in to Windows virtual machine in Azure using Azure Active Directory authentication
- How To Delete Azure AD Stale Device Records