Remote Desktop to a VM for a user with "Virtual Machine Administrator Login"
I have a VM where I want to allow users with "Virtual Machine Administrator Login" role to RDP, however VM does not allow me to RDP after I assign this role to a user.
Though if I login to VM and add the user specifically to be able to remote desktop he/she can access, but I cannot do this everytime a new user with "Virtual Machine Administrator Login" is added, is there anything else (beside assigning this rule to a user) has to be done to allow user RDP?
btw, my subscription does not have a public IP due to some regulations in my group, I appreciate your help.
Each time user with this rule tries to login sees this error message: "The connection was denied because the user account is not authorized for remote login"
Please note OS is Windows Server 2016. And after installing Azure CLI and running below command I can see that assignee has the permission but is not able to login:
az role assignment list --role "Virtual Machine Administrator Login" --assignee domain_user_login --resource-group name_of_resource_group
Also, VM is already joined to a domain but nobody from that domain can access, even with "Virtual Machine Administrator Login" rule.
This feature is for Linux VM only. You can see more detials about Log in to a Linux virtual machine in Azure using Azure Active Directory authentication in this documentation.
For Windows VM, you can use Azure AD Domain service to achieve that.
Please following the steps below:
Task1: Create the 'AAD DC Administrators' group Task2: Create or select a virtual network for Azure AD Domain Services Task3: Enable Azure AD Domain Services Task4: Update DNS settings for the Azure virtual network Task5: Enable password synchronization to AAD Domain Services for a cloud-only Azure AD tenant
After completing the tasks above, you can join a VM to the domain.