How do I login to an Azure AD Joined VM using Azure AD Credentials on an Windows Server 2019?
I'm currently trying to enable VM Login on a Windows 2019 Server with Azure AD Credentials. For this I have followed the Microsoft Documentation: https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows
I have tried by creating a new user as type "member" in my Azure AD. Then I have created a Windows Server 2019 VM with "Login with Azure AD" enabled as shown in the documentation. Afterwards I have given the "Virtual Machine Administrator Login" Role to the new User. Then I have tried to login to the VM using the new user credentials. Unfortunately it didn't work. I encounter the "Your Credentials did not work" error message.
With the local user I can login to the VM. I have tried to de- and reinstall the "Microsoft.Azure.ActiveDirectory.AADLoginForWindows" Extension. I have checked the VM with the command: "dsregcmd/status", whether th VM is really Azure AD joined.
Has someone done it before and know why it doesn't work? What have I done wrong?
Best regards!
I tried to reproduce the same in my environment and added successfully
I have added user and created VM with Windows Server 2019 enabled Login with Azure AD. While creating azure vm make sure to give username and password same as azure ad user Credentials.
Verify whether you have added AADLoginForWindows Extension in Azure as below:
Downloaded RDP file and tried to login it shows me an error. To resolve this issue, use different account use "\" try to login as below.
<VMname>\Username or localhost\username and password
Make sure you are using the correct credentials When RDP VM using Azure AD credentials, in order to log in, you can also reset your password try logging in if still error appears.
Once RDP has opened try to Join a Windows 10 Device to Azure AD and on your Windows 10 Azure VM -> system properties -> remote setting -> uncheck Allow connections only from computers as below:
To add azure ad user to RDP user group Run the command prompt as administrator like blow:
net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
Account should be AzureAD\[email protected] type.
To confirm the Azure AD user has been added run this Get-LocalGroupMember -Name "Remote Desktop users" in powershell .
And then, I modify the azure vm RDP file. If you modify this file in before u will get an error, Click Download RDP File -> right click open with notepad file and try to add like below and save
address:s:IPADDRESS:3389
prompt for credentials:i:0
authentication level:i:2
enablecredsspsupport:i:0
username:s:[email protected]
domain:s:AzureAD
And try to connect with this RDP file. make sure you need to use AzureAD\[email protected]. if you are enter only the Azure AD user account without the domain it may cause an error.
Reference: Assign Azure roles using the Azure portal - Azure RBAC | Microsoft Learn
- Azure Service Plan - Convert Consumption App to Premium App
- No PK or FK when exporting SQL Server database
- Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
- How to create a dataset for Azure custom speech using spx (speechCLI)
- Azure App Service Autoscale Fails to Scale In
- Azure Scale Out on Memory keeps flapping (not scaling in)
- Setting a server minimum for Azure Web App when using automatic scaling, from Bicep
- A keyvault created with access policy using BICEP creates compound identity
- Azure Loadbalancer with public IP forward traffic to Container Apps
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- What means skipNegotiation in SignalR HubConnection?
- Azure ClientCertificateCredential - Using SNI
- Azure AI Search MultiIndex / Conditional Semantic search
- MSAL Node service & The Partner Center API
- Load Registered Component in Azure ML for Pipeline using Python sdk v2
- Azure Blob:- How to automate Azure Archive Storage to Cool/Hot tier conversion, send download link once it's avaible , and re-archive after 72 hours?
- Azure App Service Custom Backup to Firewall Enabled Storage Account not working as expected
- How to take max value and replace it in drived column in data factory
- Synapse/ ADF - How to Truncate table if dynamic config column is True in pre-copy script
- Azure Cost Management - track costs associated with Databricks job
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How to check Debug.Writeline() output in VS code?
- C# API - Provide download of files from Azure Blobstorage
- localhost:300/api is not working : "This page isn’t working"
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Failed to deploy path that does not exist
- Using Azure WAF for my server(not in Azure)
- How and where to define an environment variable on Azure
- Azure Data Factory - Unable to preview data
- Azure yaml trigger pipeline every 14 days on a Saturday