Let’s check how to Take the RDP of Azure AD Joined Azure VM (Virtual Machine). Use your corporate Active Directory credentials to log in to the VM, enforce MFA, and enable access via RBAC roles. More details are available in RDP Of Azure AD Joined Device MS-Organization-P2P-Access Certificate – HTMD Blog #2 (howtomanagedevices.com)
NOTE! – The option to log in with Azure AD credentials is only supported for Server 2019 Datacenter edition or Windows 10 1809 and later.
You need to enable the RDP settings on Azure VM or Windows physical devices. You can open Windows 11 Settings app and search for Remote Desktop Settings. You can also use Group Policy Settings (Domain Join and Hybrid Joined) or Intune Settings (Azure AD Joined) to configure the RDP settings for Windows devices.
- Open the Remote Desktop configuration
- Enable Remote Desktop -> Click on Confirm.
- The RDP setting is enabled on Windows 11 devices as shown below.
Login with AAD credentials – Azure VM
How to enable Azure AD Join for Azure VMs? Login to Azure VM with AAD credentials. While creating an Azure Virtual Machine, you need to select the following option called – Login with AAD credentials to ON
NOTE! – More details about the Azure Virtual Machine creation process are available in the previous post.
AAD Login for Windows VM hosted in Azure
AAD login for the Windows process is part of the virtual machine creation ARM template when you select the option “Login with AAD Credentials = ON.”
Login with the Local Admin Account
The build process of Azure AD Joined (? Is this really AAD Joined VM?) Azure VM is completed. Now, you can log in to VM using the local admin account to check the experience if you are interested:)
In this post (below), I have explained how to take the RDP of Azure VM using Azure AD credentials from the Azure Bastion solution. Learn more about Azure Bastion.
Configure RDP Access for Azure VM
Let’s try to Configure RDP Access for Azure VM now.
- Navigate to the specific virtual machine overview page
- Select Access control (IAM) from the menu options
- Select Add, Add role assignment to open the Add role assignment pane.
- In the Role drop-down list, select a role such as Virtual Machine Administrator Login (admin user) or Virtual Machine User Login (non-admin user)
Search for the user. Select the user and Click on the SAVE button to complete the process.
Login with Azure AD Credentials
As I mentioned above you can take the RDP of Azure VM only from an Azure AD joined or Hybrid Azure AD joined VM. In the following scenario, I have taken RDP of Azure AD and Joined Azure VM using Bastion.
Check the below screenshots to get more details.
Take RDP of Azure AD Joined Azure VM Using Bastion
Now let’s see how to take the RDP of Azure AD joined Azure VM using Bastion.
- Build TWO Windows 10 1909 VMs with Login with AAD credentials to ON option – Let’s call these VMs ==> anoopwin10-1 & anoopwin10-2
- Connect to anoopwin10-1 using local admin credentials (anoopwin10-1\anoop) as you can in the below screen capture via Azure Bastion
- Once logged into anoopwin10-1 azure VM, take MSTSC or RDP of anoopwin10-2 VM using Azure AD Credentials.
Results
The Azure Virtual Machine is connected to Azure AD. The RDP access is available via Azure Bastion if you are ok to spin up one extra Azure AD joined Windows 10 VM in Azure.
Resources
- Sign in to Windows virtual machine in Azure using Azure Active Directory authentication
- How To Delete Azure AD Stale Device Records