I'm currently trying to enable VM Login on a Windows 2019 Server with Azure AD Credentials. For this I have followed the Microsoft Documentation: https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows
I have tried by creating a new user as type "member" in my Azure AD. Then I have created a Windows Server 2019 VM with "Login with Azure AD" enabled as shown in the documentation. Afterwards I have given the "Virtual Machine Administrator Login" Role to the new User. Then I have tried to login to the VM using the new user credentials. Unfortunately it didn't work. I encounter the "Your Credentials did not work" error message.
With the local user I can login to the VM. I have tried to de- and reinstall the "Microsoft.Azure.ActiveDirectory.AADLoginForWindows" Extension. I have checked the VM with the command: "dsregcmd/status", whether th VM is really Azure AD joined.
Has someone done it before and know why it doesn't work? What have I done wrong?
Best regards!
I tried to reproduce the same in my environment and added successfully
I have added user and created VM with Windows Server 2019 enabled Login with Azure AD. While creating azure vm make sure to give username and password same as azure ad user Credentials.
Verify whether you have added AADLoginForWindows Extension
in Azure as below:
Downloaded RDP file and tried to login it shows me an error. To resolve this issue, use different account use "\" try to login as below.
<VMname>\Username or localhost\username and password
Make sure you are using the correct credentials When RDP VM using Azure AD credentials, in order to log in, you can also reset your password try logging in if still error appears.
Once RDP has opened try to Join a Windows 10 Device to Azure AD and on your Windows 10 Azure VM -> system properties -> remote setting -> uncheck Allow connections only from computers as below:
To add azure ad user to RDP user group Run the command prompt as administrator like blow:
net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
Account should be AzureAD\USERNAME@DOMAIN.onmicrosoft.com
type.
To confirm the Azure AD user has been added run this Get-LocalGroupMember -Name "Remote Desktop users
" in powershell .
And then, I modify the azure vm RDP file. If you modify this file in before u will get an error, Click Download RDP File -> right click open with notepad file and try to add like below and save
address:s:IPADDRESS:3389
prompt for credentials:i:0
authentication level:i:2
enablecredsspsupport:i:0
username:s:USERNAME@DOMAIN.onmicrosoft.com
domain:s:AzureAD
And try to connect with this RDP file. make sure you need to use AzureAD\username@domain.onmicrosoft.com
. if you are enter only the Azure AD user account without the domain it may cause an error.
Reference: Assign Azure roles using the Azure portal - Azure RBAC | Microsoft Learn