Requirements for RDP from Azure AD Registered device

Jack B

5/31/23, 10:42 AM

We are a small company (4 users, 7 devices) and have recently moved from a mess of local accounts on our PCs to using Azure AD for Office 365. The plan was to have accounts for each user and for anyone to log on to any machine with them, and to control access to files on some of the machines accordingly. We don't have (and hopefully don't need) licenses for anything more than what comes free with Microsoft 365 Business Standard. So far so good.

I would also like some employees to be able to remote in to one of the machines in the office. We used to do that by connecting with OpenVPN, then using the standard Windows 10 RDP client. Now, with AAD in place, that only seems to work if the client is AAD Joined. If the client is AAD registered, I get the "Your credentials did not work" and "The logon attempt failed" screen. I would prefer not to join personally owned devices, it feels like registering them is the "correct" way to do it.

Microsoft have a page with requirements to make this work, and I think we satisfy them: Clients are registered in our tenant and show as such on the azure portal. All devices involved are 21H1 or later. Users are in the appropriate groups on the host (and can remote in from joined devices). There must be something else, what am I missing?

0 + 0

authentication

remote-desktop

azure-active-directory

windows-10

Jevgenij Martynenko

5/31/23, 10:49 AM

From your description it is not obvious what system you are connecting to via VPN/RDP. Is it a VM at Azure cloud?

Jack B

5/31/23, 10:51 AM

I's a physical machine in our office (connected to some hardware I want to be able to check up on from home). I'll update.

Score:0

Server

Jack B

3/16/24, 7:53 PM

Fourteen months later... and it now just works. I don't think there have been any configuration changes to the AzureAD tenant, but the both remote and client PCs have gone to Windows 10 21H2. I was able to un-join the same PC I was using before, register it, and remote in. Presumably, something has changed on the Microsoft side.

Steps to get it working:

Register the client PC on the domain
Reboot the PC
Connect to the remote AzureAD Joined machine via OpenVPN in TAP mode (because I'm on a different physical network, probably not relevant to AzureAD or RDP)
Try to connect with the remote desktop client
When prompted for credentials, enter the username in the AzureAD\[email protected] format. The documentation says [email protected] should also work, but it didn't for me.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Requirements for RDP from Azure AD Registered device

TH: ข้อกำหนดสำหรับ RDP จากอุปกรณ์ที่ลงทะเบียน Azure AD

RO: Cerințe pentru RDP de pe dispozitivul înregistrat Azure AD

RU: Требования для RDP с устройства, зарегистрированного в Azure AD

VI: Yêu cầu đối với RDP từ thiết bị đã đăng ký Azure AD

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.