Windows 10 Remote Desktop connection using Azure AD Credentials

My organization is running Windows 10 joined to Azure AD organization (completely cloud hosted, i.e. no on-prem Active Directory). I login to my PC with a username in the form of "[email protected]" with no issues and have enabled Remote Desktop connections to this PC.

If I attempt to Remote Desktop from another PC on the LAN or from home, my credentials are always deemed invalid. If I attempt to login using a local account (via RDP) it works just fine.

Can anyone suggest why Azure AD credentials do not work over RDP or how to enable this feature?


Solution 1:

It is possible. Basically you have to ensure no authentication information is sent when connecting, forcing the login screen to appear.

To do this, you must create and edit an .rdp file.

  1. Open the Remote Desktop Connection window, enter the computer name or IP
  2. Save connection settings (Show options, Save as)
  3. Open the saved .rdp file in a text editor, and make sure these rows exist like this:
enablecredsspsupport:i:0
authentication level:i:2
  1. Load this into RDC (Open button)
  2. Connect, provide Azure AD credentials, enjoy!

Note: when setting up the computer accepting the connection make sure not to force Network Level Authentication (checkbox on the menu where you allow the remote connections).

Credits where it's due: morgansimonsenblog.azurewebsites.net