How can I authorize a MS365 user for remote desktop connections to an Azure-AD joined Windows 10 PC?

I'm in charge of a small Windows work group with a handful of computers. We later introduced MS 365 Business and users could log in using their MS 365 credentials, which I guess makes the computer Azure-AD joined.

I'm now trying to figure out how to give a MS 365 user access over remote desktop to their own PC. With regular users, I can just add them to the list of authorized remote users but I have no idea how to achieve the same with a MS 365 user. And strangely, I can't seem to find any information on this topic on the net.


Have the user log into the machine locally at least once, and then run the following from an elevated command prompt or PowerShell. (The first logon step may not be required on Windows 10 newer than version 1709.)

net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-of-your-user"

eg: net localgroup "Remote Desktop Users" /add "AzureAD\[email protected]"

When you connect to the machine, enter the user name in the format of their AzureAD UPN.

More information can be found at the Microsoft document: Connect to remote Azure Active Directory-joined PC.