windowsazureazure-active-directoryrdpwindows-11

Cant RDP to laptop using AAD account


i recently got a new laptop and installed windows 11 pro on it. At the setup i signed in with my work email. then i turned on RDP and was able to connect. after a week of working using RDP i cant RDP anymore. i get the error "The logon attempt failed" i havent changed my password of my email or anything.

i tried using rdp using these usernames AzureAD\username AzureAD\Company@email.com .\AzureAD\username .\AzureAD\Company@email.com

i also tried adding this to a .rdp file source enablecredsspsupport:i:0 authentication level:i:2

and now i even reinstalled windows to see if that fixed it. which it didnt. does anyone know what could be the issue here?


Solution

  • The error The logon attempt failed may occur for several reasons you are unable to access into RDP in your Windows 11 Pro laptop.

    To resolve the issue, check the below steps:

    When I attempt to RDP VM in Azure with AAD credentials, I got login attempt failed error.

    When creating virtual machine and login with Azure AD ensure that the extension AADLoginForWindows extension. is Provisioning succeeded like below:

    enter image description here

    enter image description here

    To authorize log into the VM, ensure that you have assigned RBAC role assignment of Virtual Machine Administrator Login and Virtual Machine User Login

    enter image description here

    Verify whether your computer or virtual machine has joined Azure AD by logging into the Azure VM, open Settings and select Accounts -> Access for work or school. Check your PCs are connected to Azure AD and connect to organization Azure AD.

    In system properties -> Remote -> Untick Allow connections only from computers running Remote Desktop with Network Level Authentication like below:

    enter image description here

    Add Azure AD user to the remote desktop users group on the VM Refer Additionally, you should make sure that per-user multi-factor authentication is turned off for the user account as it is not supported for Azure AD-joined VMs.

    Modify the RDP file and add a username and domain prompts the user to enter the credentials directly like below:

    enter image description here

    authentication level:i:2
    enablecredsspsupport:i:0
    username:s:USERNAME@DOMAIN.onmicrosoft.com
    domain:s:AzureAD
    

    Using Azure AD-account on VM AzureAD\USERNAME@DOMAIN.onmicrosoft.com login successfully like below:

    enter image description here