Hi, I'm Nicholas 👋

I'm a Senior Platform Engineer

About

Community-Events

Community-Sessions

Azure

Azure Devops

Devops

Kubernetes

Powershell

Terraform

Buy Me A Coffee
Welcome / Azures / Login to Azure Windows VM using Azure AD credentials via RDP

Login to Azure Windows VM using Azure AD credentials via RDP

Date published:

In this tutorial, I will be showing you how to log in to a Windows VM using your Azure AD credentials. When you usually create a Virtual Window Machine in Azure, you add a local administrator account to log in to the VM. Sometimes, it can be challenging to manage and protect it.

Below I will be sharing my experience on how to set up and log in Windows virtual machine deployed in Azure using Azure Active Directory through Remote Desktop (RDP).

  1. During the stage of virtual machine creation, you will need to ensure you have ticked the options Azure AD join in the management tab. Ticking this option will install the Azure AD extension for the machine so users can log in using Azure AD credentials.

2)We will need to add permission to the user who will need to RDP to the virtual machine. You can give user role assignments on your device by going on the top pane of the virtual machine blade and looking for Access Controle (IAM). Clicking on add and choose “add role assignment,” The type of role assignment you will need to select is Virtual Machine Administrator Login or Virtual Machine Contributor.

In this example, we will be selecting the Virtual Machine Administrator Login.

Add members to the role by selecting users, groups or service principals and find a user you want to give access to the machine. I will be permitting the Administrator user.

3)When the role assignment adds to the VM, the next step is to add the user to the remote desktop group so it can RDP into the machine. You will need to connect and click on RDP on the virtual machine blade, then download the file. Connect to the device, open PowerShell or Command prompt and enter the following command.

4)The next step is to go into the system window, open Remote Desktop properties, and ensure the option “require the device to use Network Level Authentication to connect is untick. You can also see if the user has been added successfully to the RDP group by going into the remote desktop users tab.

5)After opening the edit virtual machine RDP file and adding two pieces of information. I will be using a text editor on my Mac to open it. However, if you are using windows, you can also open the file using notepad.

authentication level:i:2 enablecredsspsupport:i:1

6)Finally, open the RDP file to run it. For the username, I would suggest using it in the same format when you add the user to the Remote Access User group, such as \AzureAD\username

  1. In this stage, we will confirm whether the Virtual Machine has authenticated the user by the user assigned. You can be checked this in the activity logs blade in the VM in the Azure. In addition, you can run this command to view the status to find out if the device is AD-Join can you can check the Azure AD device blade.

Further Reading