Azure & Windows 11 – Issue with RDP using Entra ID Credentials

Last Updated: 29/10/2024

The Issue

As part of doing some tinkering around, I decided to build a Windows 11 VM in my Azure tenant and Entra ID join it. Building the machine was fine and RDP’ing onto the machine with the created local account was all good. Joining the machine to Entra ID all went according to plan. That is, until I tried to RDP onto the machine with the Entra ID Account.

I was constantly getting failures of my username and password was incorrect (even though I just used the same set of credentials to join the machine).

After a bit of troubleshooting, such as:

  • Double checking network connections, RDP Settings & Password
  • Resetting the Password and creating a new user account
  • Deleting and recreating another VM in Azure
  • I checked the Azure AD Sign in Logs for failures 
  • I checked  the VM logs for any failures or errors

It seemed the problem pointed toward RDP not liking Entra ID credentials. Additionally, the user profile on the machine hasn’t been built yet, as this is a first-time login from the account.

Download and Edit the RDP file

After some research, I found a work around. We need to save the RDP settings from the machine and then edit in a few extra lines to the RDP file using notepad.  

Download the RDP file from Azure and edit the RDP File with the following lines in notepad, just add them at the end:

enablecredsspsupport:i:0

authentication level:i:2

Your file should look something like this:

RDP configuration file Azure Entra ID

For the next step, click on the modified RDP file, but this time you will need to prefix “AzureAD” to your username as the “domain”. For me it looked something like this:

RDP Azure AD Entra ID

Low and behold, that worked and logged me into my machine with my Entra ID credentials. 

It’s a bit of a pain, but hopefully this gives a workaround for those who have encountered this issue.

And yes, whilst posting the public IP of a machine along with my username isn’t good practice, this VM and user account is long gone 🙂 

For more articles on Entra ID, please check out my previous post on limiting guest access to external tenants.

Leave a Reply

Your email address will not be published. Required fields are marked *