Trying to reach Azure AAD integrated VM via Bastion Service is not possible
Security feature (AAD) is not possible to be actively used because of non-supported Bastion service
RDP is not possible to use due to CAP which required MFA
List item

Trying to reach Azure AAD integrated VM via Bastion Service is not possible
Security feature (AAD) is not possible to be actively used because of non-supported Bastion service
RDP is not possible to use due to CAP which required MFA
List item
Is there a reason you can't use Windows Hello instead? (Since MFA needs to be disabled for the VM sign-in)
Yes, we have network restrictions in our organization. Due to which we cannot directly connect to any Cloud VM via RDP.
As part of security MFA is enabled for Azure.
So we are left with the only option BASTION service.
Yes Senthil, at this stage, RDP feature doesn't work with AADJ VM extension-joined machines using Azure AD users.
Remote connection to VMs joined to Azure AD is only allowed from Windows 10 PCs that are either Azure AD registered (starting Windows 10 20H1), Azure AD joined or hybrid Azure AD joined to the same directory as the VM.
This requires a solution. The inability to log into RDP with MFA, or to authenticate the user accessing via Bastion, even from an existing login through Azure Portal, makes AADJ VMs pointless. When a user is MFA authenticated to access the portal, why can this not validate their access to Bastion? Regardless of RDP client access being unable to support MFA, this seems to be a significant scenario miss.
Is there indication when this will be resolved?
10 people are following this question.