As always Professor Robert, fantastic information that is understood by both doctors of IT (as yourself) and those just starting out and everyone in between! Love it! Thank you!
Thank you so much , Robert. I open a MS support ticket, and they said it would work on office domain. But you show this is so simple, and straight forward. I forgot to change the RDP file, but it still worked , amazing !
This video saves my day. I have tried too many attempts to connect to Azure VM using Azure AD cred. I have read too many blogs and docs, including Microsoft official docs, and become angry. Microsoft does not give a damn to point how to troubleshoot. I followed its official doc thoroughly and tried multiple times, and no luck. With your instructions, now I can successfully connect to Azure VM using Azure AD cred. Thank you very much for this video
Awesome! I cant believe that MS does not have better information on this. Thank you for doing this. I am using to make an Azure site more HIPPA compliant
You've been 'going ham' as of late Robert. 🙂 Thank you for all your videos, and esp the more recent Failover Cluster vids! - I've been recently getting into Azure...this is something I never even thought of tbh. Very much insightful, more Azure stuff plz! 👍🏾
Thank you very much for putting this out. I had been pulling my hair out trying to get this to work. I had to make a modification on the virtual pc using the local account. Under System Properties | Remote I had to un-check "Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)" in order to get the rdp connection to work once I added your changes to the rdp file. Thanks again.
Been really helpful and solved my issue. Microsoft does a lot of big complex things, but then they also miss out on really basic things which makes the user experience so poor.
Hi Rob, It doesn't worked for me ,configured same as in video but i am getting this error while logging in "The sign in method you are trying to use is not allowed.Try a different sign-in method or contact your system administrator." Thanks
Your video was very helpful. I still was not able to login after making these changes. What fixed it for me and my situation was that I am the Global Administrator for our Microsoft Tenant and all Global Admins we are requiring Multi Factor Authentication (MFA). I temporarily disabled MFA for my account and then I was able to login to our Azure VM using my Azure AD account.
is it possible to achieve this without having enabled this setting on creating the VM? I have around 40 VM's without this setting enabled, yet in 2024 there's still no mention of this setting in the Microsoft documentation. Is this a required step if we want to enable AAD sign in with MFA? I can't even begin to think where we'd start with so many live environments
Thanks for the video, however I am not to keen on disabling NLA. Secondly, we need the MFA support. When I check the user object in the local Remote Desktop User group, I am surprised to see the SID of my OnPrem Account.
Sorry robert, when i try login with azuread i got message like this "The sign-in method you're trying to use isn't allowed. Try a different sign-in method or contact your system administrator."
In the event you are still paying attention to comments, Ihave a question for you. I am trying to accomplish this for some VMs that were created a couple of months ago that did not check the box to login in with Entra during creation. I did run the CLI scripts to deploy the AADLoginForWindows extension that the documentation suggests. . I cannot figure out how to AAD join a VM that didn't have that box checked during creation. The process that you would use for a win11 desktop doesnt work. Any ideas? Your tutorial was super helpful and I was able to get this working on multiple VM's that had the box checked during creation. Thanks for publishing this.
I had the same issue, I couldn't find anything that would allow me to change it after the fact. So I ended up deleting the old VM's and re-creating them ticking that box. That may not be an option for you, just indicating what I had to do to make it work.
@@michaelparker6819 I ended up figuring this out. The step I was missing was un there Identity sections. I had to turn the status for System Assigned Identities on. After that, the VM showed up as Entra joined.
Still works! Thank you...but now I don't know why an external user from other tenant (b2b synchronization) can't log in , they have the role and permission on this virtual machine..any suggestion?
Great video Robert, was hoping you could shed some light on steps needed to allow RDP for multiple users to an Azure Server (from a licensing and needed steps perspective) Thanks,
Thanks, You would need to add RDP for applications instead of administration mode. You also need a license for each RDP user which costs about $125 each.
Hey Robert, thank you so much for this video, super helpful! I'm still running into problems when trying to do this and I believe it's related to MFA being enabled for our accounts. When trying to log in, it tells me "The sign-in method you're trying to use isn't allowed. Try a different sign-in method or contact your systems administrator." I think this means I need to do something with Windows Hello, but not sure how to go about doing that. Any chance you know anything about this?
Thanks Robert, this is a great Video and Microsoft documentation is very incomplete. My VM is already running/created (don't recall if I ever added Azure Active Directory or not, more likely not). I went to Identity under my VM and turned the "System assigned" to ON. Then I went "Access control (IAM)" in the azure portal under my VM, added the role "Virtual Machine Administrator Login" with my name in it, still no success. dsregcmd /status showing it's not joined and no port open, so this make sense. What is stopping me to add the AAD to my VM? My suspicion is the 2nd option during creating the VM, the ability to login with Azure Active Directory is not enabled in my case. Any help will be greatly appreciated.
@@techpub My VM is on Azure but I was accessing it from the on-prem 8.1 desktop. When I run dsregcmd, i see AzureAdJoined = Yes but AzureAdPrt = No and I tried several ways but could correct this
Hi, what if the the Azure VM device has been removed from the EntraID which made user not able to login to RD, how to fix it? Azure VM still active and can be logged in using local admin credentials.
In a setup were one is using the Azure VM with Windows Server 2016, how do you resolve the issue of multiple users logons on the Server. Had an issue, we have many users who will be connecting to the Server but applying CALS will require RDP services, installing Standard or Quick RDP services requires promoting the Server to a DC and once the Server is promoted the steps don't work. Your guidance will highly be appreciated. would you recommend Azure AD connect?
I kept getting error says The signin method you are using is incorrect. The reason for this was I did not loged in with the user created in azuread even for the first time. So after doing that it worked. I just found out that I created the azure user but never logged in with that user on the portal. So first login requires the password to be changed. So, After first login and password update it worked ! But this was dumb.
HI Mr Robert McMillen, The solution is good, By the way , ,when everything went alright, I got a block while logging in " "The sign-in method you’re trying to use isn’t allowed" .Do you advise how to solve this
Do you know if this works with accounts protected with MFA? Almost all azure ad accounts are protected these days… I couldn’t seem to login probably because it has an MFA challenge
Interesting. I added a group, but that does not work. It works using individual accounts. Also, it only works, when you add those changes to the RDP file. Why?
As always Professor Robert, fantastic information that is understood by both doctors of IT (as yourself) and those just starting out and everyone in between! Love it! Thank you!
Much appreciated.
This is the most complete and successful tutorial, those lazy Microsoft employees FAILED as usual to document this properly. Thank you.
Glad you liked it. Thanks for watching!
Thank you Robert! after days wasted reading documentation and blogs i found your video and it was mindblowing!
Thanks for watching!
Will be pretty sweet when Microsoft makes a product compatible with Microsoft.
Thank you so much , Robert. I open a MS support ticket, and they said it would work on office domain. But you show this is so simple, and straight forward. I forgot to change the RDP file, but it still worked , amazing !
Itw as tricky. It took me a couple of days to figure it out. Glad it helped!
This video saves my day. I have tried too many attempts to connect to Azure VM using Azure AD cred. I have read too many blogs and docs, including Microsoft official docs, and become angry. Microsoft does not give a damn to point how to troubleshoot. I followed its official doc thoroughly and tried multiple times, and no luck. With your instructions, now I can successfully connect to Azure VM using Azure AD cred. Thank you very much for this video
Thanks. it took much trial and error for me to get it going so I thought I would share.
Awesome! I cant believe that MS does not have better information on this. Thank you for doing this. I am using to make an Azure site more HIPPA compliant
Glad it was helpful!
Thank you!! you saved me with unnecessary purchases like KVM switches etc. may God Bless you!!
Glad I could help!
You've been 'going ham' as of late Robert. 🙂
Thank you for all your videos, and esp the more recent Failover Cluster vids!
-
I've been recently getting into Azure...this is something I never even thought of tbh. Very much insightful, more Azure stuff plz! 👍🏾
You're funny. Just wait until I get political. Let's hope that doesn't happen.
Thank you very much for putting this out. I had been pulling my hair out trying to get this to work. I had to make a modification on the virtual pc using the local account. Under System Properties | Remote I had to un-check "Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)" in order to get the rdp connection to work once I added your changes to the rdp file.
Thanks again.
Glad it helped
Been really helpful and solved my issue. Microsoft does a lot of big complex things, but then they also miss out on really basic things which makes the user experience so poor.
Thanks for watching!
Hi Rob,
It doesn't worked for me ,configured same as in video but i am getting this error while logging in "The sign in method you are trying to use is not allowed.Try a different sign-in method or contact your system administrator." Thanks
restart vm and disable MFA. Alternatively, you can disconnect and rejoin VM to AD
Your video was very helpful. I still was not able to login after making these changes. What fixed it for me and my situation was that I am the Global Administrator for our Microsoft Tenant and all Global Admins we are requiring Multi Factor Authentication (MFA). I temporarily disabled MFA for my account and then I was able to login to our Azure VM using my Azure AD account.
I have heard that you have to disable MFA but not sure why yet.
Thanks for your comment, I was stuck for hours making sure I had no errors on the setup. By disabling MFA, everything worked fine.
Disappointing that this doesn’t work with MFA protected accounts. What about using the legacy app password? Bet that will work…
That's really great, nice work - works perfectly!!! Thanks
You're welcome!
Still works! Thank you!
Thanks for watching!
Thank you very much for this!
You're very welcome!
Thanks Robert, it was great help!
Glad I could help!
is it possible to achieve this without having enabled this setting on creating the VM? I have around 40 VM's without this setting enabled, yet in 2024 there's still no mention of this setting in the Microsoft documentation. Is this a required step if we want to enable AAD sign in with MFA? I can't even begin to think where we'd start with so many live environments
Thanks for the video, however I am not to keen on disabling NLA. Secondly, we need the MFA support. When I check the user object in the local Remote Desktop User group, I am surprised to see the SID of my OnPrem Account.
That SID thing happens a lot. Drives me crazy.
Sorry robert, when i try login with azuread i got message like this "The sign-in method you're trying to use isn't allowed. Try a different sign-in method or contact your system administrator."
In the event you are still paying attention to comments, Ihave a question for you. I am trying to accomplish this for some VMs that were created a couple of months ago that did not check the box to login in with Entra during creation. I did run the CLI scripts to deploy the AADLoginForWindows extension that the documentation suggests. . I cannot figure out how to AAD join a VM that didn't have that box checked during creation. The process that you would use for a win11 desktop doesnt work. Any ideas?
Your tutorial was super helpful and I was able to get this working on multiple VM's that had the box checked during creation. Thanks for publishing this.
I had the same issue, I couldn't find anything that would allow me to change it after the fact. So I ended up deleting the old VM's and re-creating them ticking that box. That may not be an option for you, just indicating what I had to do to make it work.
@@michaelparker6819 I ended up figuring this out. The step I was missing was un there Identity sections. I had to turn the status for System Assigned Identities on. After that, the VM showed up as Entra joined.
Glad you got it figured out. Sorry for my slow response.
Still works! Thank you...but now I don't know why an external user from other tenant (b2b synchronization) can't log in , they have the role and permission on this virtual machine..any suggestion?
Cross tenant login can be tricky. I would have see the setup first.
Great video Robert, was hoping you could shed some light on steps needed to allow RDP for multiple users to an Azure Server (from a licensing and needed steps perspective) Thanks,
Thanks, You would need to add RDP for applications instead of administration mode. You also need a license for each RDP user which costs about $125 each.
Works perfectly! Thank you.
You're welcome!
great tech tip Robert, appreciate your effort diging into the undocumented specfics!
Glad it was helpful!
you've been a life saver thanks a ton :)
Glad it helped!
Great, you saved my day
Glad I could help
Very good! Thank You.
You are welcome.
Hey Robert, thank you so much for this video, super helpful! I'm still running into problems when trying to do this and I believe it's related to MFA being enabled for our accounts. When trying to log in, it tells me "The sign-in method you're trying to use isn't allowed. Try a different sign-in method or contact your systems administrator." I think this means I need to do something with Windows Hello, but not sure how to go about doing that. Any chance you know anything about this?
I don't think this option will work with MFA yet, but if may over time.
@@techpub That's what I figured, thanks for your reply/confirmation.
@@techpub And yet Azure wants administrators to have MFA!
Try resetting your password of the Azure AD account you just added might go through. Had the same issue and that worked for me.
Thanks Robert, this is a great Video and Microsoft documentation is very incomplete. My VM is already running/created (don't recall if I ever added Azure Active Directory or not, more likely not). I went to Identity under my VM and turned the "System assigned" to ON. Then I went "Access control (IAM)" in the azure portal under my VM, added the role "Virtual Machine Administrator Login" with my name in it, still no success. dsregcmd /status showing it's not joined and no port open, so this make sense. What is stopping me to add the AAD to my VM? My suspicion is the 2nd option during creating the VM, the ability to login with Azure Active Directory is not enabled in my case. Any help will be greatly appreciated.
In my case I was on a VM in Azure. It sounds like you might be on a VM on premises. Let me know if that's the case.
@@techpub My VM is on Azure but I was accessing it from the on-prem 8.1 desktop. When I run dsregcmd, i see AzureAdJoined = Yes but AzureAdPrt = No and I tried several ways but could correct this
@@sheikhs121 ever find a fix for this ?
Hi, what if the the Azure VM device has been removed from the EntraID which made user not able to login to RD, how to fix it? Azure VM still active and can be logged in using local admin credentials.
You can continue logging in locally, or add it back to Entra in the Work or School connection section in settings.
Is there a way to give more thumbs up?
I had the same challenge …..almost gave up on this issue
Glad it helped!
Thank you so much.
You're welcome!
Awesome.. you solved my issue.
Woohoo!
In a setup were one is using the Azure VM with Windows Server 2016, how do you resolve the issue of multiple users logons on the Server. Had an issue, we have many users who will be connecting to the Server but applying CALS will require RDP services, installing Standard or Quick RDP services requires promoting the Server to a DC and once the Server is promoted the steps don't work. Your guidance will highly be appreciated. would you recommend Azure AD connect?
Good question. Don't install on a DC. Install a second VM that is a DC and join the first one to the domain. Then it will all work.
I kept getting error says The signin method you are using is incorrect. The reason for this was I did not loged in with the user created in azuread even for the first time. So after doing that it worked. I just found out that I created the azure user but never logged in with that user on the portal. So first login requires the password to be changed. So, After first login and password update it worked ! But this was dumb.
Ha! You are right it is dumb but glad you got it figured out.
HI Mr Robert McMillen, The solution is good, By the way , ,when everything went alright, I got a block while logging in "
"The sign-in method you’re trying to use isn’t allowed" .Do you advise how to solve this
Check your edits on the rdp file in notepad. You may have made a mistake and it isn't opening the credssp portion.
Do you know if this works with accounts protected with MFA? Almost all azure ad accounts are protected these days… I couldn’t seem to login probably because it has an MFA challenge
It will work if you use the MS authenticator app.
@@techpub doesn’t seem to work and I do have the ms Authenticator app. This would be great if it worked with accounts that are mfa protected
Interesting. I added a group, but that does not work. It works using individual accounts. Also, it only works, when you add those changes to the RDP file. Why?
It's not very sophisticated yet. I don't think they anticipated people would want to do this so soon. It will get fixed in the future.
Good day Sir I really enjoyed your video
Please how can I configure my azure active directory.
I'm working on videos for those in the next month. Stay tuned.
thanks u for helping
Thanks for watching. More to come.
I have EnGenious ENS620EXT
I can't reset via pin button
How can I Reset / Flash this device sir ?
Try holding in the button first and then plug in and wait until the wrench flashes.
@@techpub Ok I'll try sir
@@techpub Noting happen sir, I did it many times. It's there any way to reset / flash this device ?
Does that mean I need to add all of my organization's users manually? There has to be a better solution to this
Create a group in Azure, add in the users and give the group the role.
@@techpub but we still need to run net localgroup command for every user right?
@@mrdvi Did you end up finding a work around in case of many users ?
+
How do you achieve this when the VM is already created?
You need to turn on remote desktop on the VM and go into the properties of the VM in Azure and allow rdp tcp 3389.
i still cant connect it say ls something about network level connection
You'll need to turn that off on the server. Go to system icon and then remote and uncheck the box.
Thanks Robert, works great. Still doesnt work as MS say it should, useless!
Thanks and not sure why they don't get it but it's not the first time.