Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,319 questions
RDP to Azure VM That's Entra ID enabled From a Device That's NOT Entra ID Enabled
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 88%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Allan Au
45
Reputation points
Hi,
I followed the guideline in the MS doc: Sign in to a Windows virtual machine in Azure by using Microsoft Entra ID including passwordless and created an Azure Windows VM that is Entra ID enabled.
What I have discovered is that you're able to login with Entra ID with RDP from your device IF
- The device is Entra ID enabled
- On the same virtual network or peered virtual network
Using the format myId@mydomain.com
This is the error:
On the host (of where I want to RDP to), there's no event log in the Event Viewer under the Applications and Services Logs\Microsoft\Windows\AAD\Operational
Were you able to RDP from a device that's not Entra ID enabled and to a host that's not domain joined?
Thank you for sharing!
{count} votes
-
Allan Au 45 Reputation points
2024-05-17T00:45:17.8133333+00:00 An alternative is to use passwordless, however it looks like the Azure VM needs to be discoverable according to this other thread.
-
Prrudram-MSFT 22,836 Reputation points2024-05-24T09:50:49.68+00:00 Hello @Allan Au
Thank you for reaching out to the Microsoft Q&A platform.
If the device you're attempting to RDP from is not Entra ID enabled and the host you're connecting to is not domain joined, you may encounter difficulties with the RDP connection. Entra ID relies on certain configurations and prerequisites to enable secure authentication, and deviating from those configurations may result in authentication failures or other issues.
In the scenario you described, where neither the device nor the host meets the requirements for Entra ID authentication, it's possible that the RDP connection will not succeed. However, without specific details about your Azure setup and configurations, it's challenging to provide a definitive answer.
To troubleshoot the issue further, you could review the Azure AD and VM configurations to ensure that the necessary settings are in place for both the device and the host. Additionally, checking for any error messages or logs related to the RDP connection attempt could provide valuable insights into the underlying issue.
Regarding the issue you are facing with the event log not showing up in the Event Viewer under the Applications and Services Logs\Microsoft\Windows\AAD\Operational, it is possible that the event logging is not enabled on the VM. To enable event logging, you can follow these steps:
- Open the Local Group Policy Editor on the VM by running
gpedit.msc. - Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business.
- Double-click on the policy "Use Windows Hello for Business operational logs" and set it to "Enabled".
- Click "Apply" and "OK" to save the changes.
After enabling event logging, you should be able to see the logs in the Event Viewer under the Applications and Services Logs\Microsoft\Windows\AAD\Operational.
- Open the Local Group Policy Editor on the VM by running
-
Allan Au 45 Reputation points
2024-05-31T01:11:48.83+00:00 I have been trying for the last 3 days, but unable to post my solution.
Sign in to comment