question

SenthilnathTM-7429 avatar image
0 Votes"
SenthilnathTM-7429 asked Dev073 answered

Logon to Azure VM (AAD integrated) not possible using BASTION service

  • Trying to reach Azure AAD integrated VM via Bastion Service is not possible

  • Security feature (AAD) is not possible to be actively used because of non-supported Bastion service

  • RDP is not possible to use due to CAP which required MFA

  • List item
    132034-rdp-error.png


azure-ad-domain-servicesazure-bastion
rdp-error.png (617.3 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Is there a reason you can't use Windows Hello instead? (Since MFA needs to be disabled for the VM sign-in)

0 Votes 0 ·
SenthilnathTM-7429 avatar image SenthilnathTM-7429 MarileeTurscak-MSFT ·

Yes, we have network restrictions in our organization. Due to which we cannot directly connect to any Cloud VM via RDP.
As part of security MFA is enabled for Azure.

So we are left with the only option BASTION service.

0 Votes 0 ·

1 Answer

Dev073 avatar image
0 Votes"
Dev073 answered

Yes Senthil, at this stage, RDP feature doesn't work with AADJ VM extension-joined machines using Azure AD users.

Remote connection to VMs joined to Azure AD is only allowed from Windows 10 PCs that are either Azure AD registered (starting Windows 10 20H1), Azure AD joined or hybrid Azure AD joined to the same directory as the VM.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.