how to configure my VM access using AzureAD credential

Question

how to configure my VM access using AzureAD credential

Sky Yeo 6

How do i configure my RDP access to my VM server using the AzureAD credential with MFA from current MS login. I tried a couple of times and it fails. The RDP currently only works with local VM user account access.

Thanks

SUNOJ KUMAR YELURU 17,326 Reputation points MVP Volunteer Moderator

2025-12-08T10:31:43+00:00
Hello @Sky Yeo

To configure RDP access to your Azure VM using Azure AD credentials with MFA, follow these steps:

Assign Azure Roles: Ensure that your Azure AD account has the necessary roles assigned, such as VM User or VM Administrator. You can check this in the Azure portal under the VM’s access control (IAM) settings. If you don’t have the required roles, you will receive an error indicating that no Azure roles are assigned when trying to connect.

Download the RDP File: In the Azure portal, navigate to your virtual machine, select Download RDP File, and then open it to start the Remote Desktop Connection client.

Connect Using Azure AD Credentials: When prompted, sign in using your Microsoft Entra credentials (Azure AD credentials). Make sure to use the correct username format, typically ******@domain.com.

Enable MFA: If your organization requires MFA, ensure that you have set up the necessary authentication methods. If you encounter an error stating that the sign-in method isn’t allowed, it may indicate that MFA is required but not properly configured.

Check Conditional Access Policies: If you have configured Conditional Access policies that enforce MFA, ensure that the device you are using to initiate the RDP session meets those requirements. If you are using web sign-in, you may need to use Windows Hello for Business or a similar strong authentication method.

If the Answer is helpful, please click Accept Answer and Up-Vote 👍, so that this can be beneficial to other community members.
Shubham Sharma 4,075 Reputation points Microsoft External Staff Moderator

2025-12-09T14:40:03.19+00:00

Sky Yeo

Following up to see if the provided resolution was helpful. If you have any further queries do let us know.

1 answer

Your answer

SUNOJ KUMAR YELURU 17,326 Reputation points MVP Volunteer Moderator

2025-12-08T10:31:43+00:00

Hello @Sky Yeo

To configure RDP access to your Azure VM using Azure AD credentials with MFA, follow these steps:

Assign Azure Roles: Ensure that your Azure AD account has the necessary roles assigned, such as VM User or VM Administrator. You can check this in the Azure portal under the VM’s access control (IAM) settings. If you don’t have the required roles, you will receive an error indicating that no Azure roles are assigned when trying to connect.

Download the RDP File: In the Azure portal, navigate to your virtual machine, select Download RDP File, and then open it to start the Remote Desktop Connection client.

Connect Using Azure AD Credentials: When prompted, sign in using your Microsoft Entra credentials (Azure AD credentials). Make sure to use the correct username format, typically ******@domain.com.

Enable MFA: If your organization requires MFA, ensure that you have set up the necessary authentication methods. If you encounter an error stating that the sign-in method isn’t allowed, it may indicate that MFA is required but not properly configured.

Check Conditional Access Policies: If you have configured Conditional Access policies that enforce MFA, ensure that the device you are using to initiate the RDP session meets those requirements. If you are using web sign-in, you may need to use Windows Hello for Business or a similar strong authentication method.

If the Answer is helpful, please click Accept Answer and Up-Vote 👍, so that this can be beneficial to other community members.
Shubham Sharma 4,075 Reputation points Microsoft External Staff Moderator

2025-12-09T14:40:03.19+00:00

Sky Yeo

Following up to see if the provided resolution was helpful. If you have any further queries do let us know.

Answer 1

Hello Sky Yeo

Thank you for reaching out to Microsoft Q&A.

I understand that you are trying to configure RDP access to your Azure VM using Azure AD (Microsoft Entra ID) credentials with MFA

Below are the Prerequisites: -

1.) Supported OS:

Windows 11 (latest updates)
Windows 10 (20H2 or later)
Windows Server 2022 with latest updates

2.) Azure VM Requirements:

VM must be Azure AD joined (Microsoft Entra joined).
Enable system-assigned managed identity.
Install AADLoginForWindows extension on the VM.
Ensure outbound access to:
- https://login.microsoftonline.com
- https://enterpriseregistration.windows.net
- https://device.login.microsoftonline.com
- https://pas.windows.net

3.) Client Requirements:

Device initiating RDP must be Azure AD joined or hybrid joined in the same tenant.
Use credentials in the format: AzureAD\******@domain.com

Enable Azure AD authentication on VM: -

In Azure Portal:
- Go to VM → Settings → Identity.
- Enable System-assigned managed identity.
Add AADLoginForWindows extension:

az`` vm extension set \

``--publisher Microsoft.Azure.ActiveDirectory \

``--name AADLoginForWindows \

``--resource-group <ResourceGroupName> \

``--vm-name <VMName>

3.) Assign RBAC roles: -

Navigate to VM → Access Control (IAM).
Assign one of these roles to the user:
- Virtual Machine Administrator Login
- Virtual Machine User Login This is mandatory for RDP sign-in using Azure AD credentials

4.) Configure Conditional access & MFA: -

If MFA is enforced via Conditional Access:
- Ensure the Microsoft Azure Windows Virtual Machine Sign-in app is included in the policy.
- Exclude the VM from MFA if needed for troubleshooting.
For MFA directly on RDP:
- Use NPS Extension for Azure MFA or RD Gateway to enforce MFA before the RDP session starts.

For your reference: https://dori-uw-1.kuma-moon.com/en-us/entra/identity/authentication/howto-mfa-nps-extension-rdg

5.) Connect via RDP: -