If you join a Windows 10 PC to Azure AD and then try and login to that PC over remote desktop you are in for a barrel of laughs! Or not!
Microsoft Azure Remote Desktop App
The way to get it to work is as follows:
Azure AD WAP can be deployed side-by-side with solutions like VPN and Remote Desktop access. What is the benefit? You can move employees who work mostly with the Office suite and LOB web-based applications to Office 365 and Azure AD Web Application Proxy. It saves your VPN bandwidth and remote desktop resources for more demanding users. Firewall rules may be labeled as “Remote Desktop” or “Terminal Services.” The default port for Remote Desktop Services is TCP 3389, but sometimes an alternate port of TCP 3388 might be used if the default configuration has been changed. Use this guidance to help secure Remote Desktop Services. Both are platforms similar to Azure RemoteApp, but built as an overlay to manage Infrastructure-a-a-Service. The main difference between the 2 alternatives is cost. Because Citrix uses their own proprietary protocol and Connection Broker rather than native Microsoft Remote Desktop Services, the cost is about 50% more expensive than MyCloudIT. Azure Portal Desktop Application. You get pretty much the full experience, including the Azure Shell: Azure Shell in the Azure Portal Desktop Application. And my other favorite feature is the search, which is exceptionally responsive: Azure Portal Desktop Application, using the Search bar. That's it, just a small tip - enjoy.
Remote Desktop App Azure Access
- Ensure that Windows 10 PC is running Version 1511 or later (type WinVer from the Run dialog)
- Ensure the target PC is enabled for Remote Desktop
- Ensure the Network Level Authentication is disabled
- Run MSTSC on your PC (the source) and enter the target PN name, your username (email address) and click Save As (which you will find under “Show Options”):
- Close the Remote Desktop Connection window without connecting.
- Open the saved RDP file in Notepad
- Add the following to the bottom of the text in Notepad as shows:
enablecredsspsupport:i:0
Remote Desktop App Azure Cloud
- In Notepad this appears as:
- Save the RDP file and then double-click it to connect. You will now be able to login with your AzureAD account over Remote Desktop
- If you cannot login, check the alternative name that your device uses for your user account. On the AzureAD joined computer, logged in as the target user, run “whoami” from the command line. It will report something like AzureADfirstlast. You could try that value (both AzureAD and the name) as your username.