none
Azure AD join vs RDP RRS feed

  • Question

  • Was curious if this is by design..

    I domain joined a Windows 10 Enterprise (RTM) machine to Azure AD where everything seems to work well.  The SSO to Cloud services is way cool BTW.  The issue I saw though was with RDP.  When checking the remote desktop users allowed to RDP, it showed "AzureAd\Myusername" already has access but no matter what I tried, I could not RDP into that machine with that account. My account was a local admin.  I created a new local machine admin account just to verify RDP worked at all and was able to RDP right in.

    ?

    Thanks!

    Wednesday, July 29, 2015 5:38 PM

Answers

  • The AD blog said in posts over the last month that not all aspects of joining Azure AD will be complete until the fall release of W10 (aka Threshold 2, aka The Real RTM), so check back then. Other things don't really work right either, like Office (even 2016) fully recognizing that you're Azure AD joined.
    Wednesday, July 29, 2015 10:20 PM

All replies

  • Remote desktop into an Azure AD Joined device is not supported at this time (by design). The opposite should work: be able to RDP from an Azure AD joined device to AD joined devices. Thank you for the feedback, we will evaluate what it takes to get this enabled in future releases.
    Wednesday, July 29, 2015 6:13 PM
  • The differences between Azure AD join and an actual domain join just keep coming - does Microsoft provide a list, or document the actual pros and cons, and differences, between each of these setups?

    I ran into this issue myself when testing the Technical Preview, but didn't think much about it because I was more trying to un-join from Azure, and re-join the normal way (in my opinion, of course).

    Wednesday, July 29, 2015 7:43 PM
  • Please don't take offense to this however this reply is in the form of a product team or at least a Microsoft employee response who can speak with authority that this is by design.  Given your account was setup yesterday (7/28) and this is your first post, and you don't have a Microsoft tag in your username, leads me to believe you do not actually work for Microsoft?  
    Wednesday, July 29, 2015 9:19 PM
  • The AD blog said in posts over the last month that not all aspects of joining Azure AD will be complete until the fall release of W10 (aka Threshold 2, aka The Real RTM), so check back then. Other things don't really work right either, like Office (even 2016) fully recognizing that you're Azure AD joined.
    Wednesday, July 29, 2015 10:20 PM
  • When will we be able to RDP into computer using the AzureAd\account name credentials?
    Wednesday, November 4, 2015 4:53 PM
  • hi All,

    I know for it is just a temporary solution. But RDP will work to an azuread account when you disable credsupport in de RDP file like:

    enablecredsspsupport:i:0

    • Proposed as answer by IoT Chris Thursday, February 11, 2016 1:56 PM
    Friday, November 20, 2015 11:51 PM
  • Thank you vdboots. That is a reasonable short term solution. I was pretty frustrated when I just tried this out today.

    Just a note that you need to disable the requirement for network level authentication on the Windows 10 machine being remote controlled also.


    Byron Wright (http://fieldnotes.conexion.ca)

    Thursday, November 26, 2015 4:59 AM
  • William, please see the following document that we have released with the November update of Windows 10: https://azure.microsoft.com/en-us/documentation/articles/active-directory-azureadjoin-windows10-devices/

    Jairo Cadena, Identity Services Division, Microsoft

    Saturday, November 28, 2015 5:56 AM
  • Thanks Jairo,

    Cool link but I don't see any reference to RDP on that post though.  :-/

    Monday, December 7, 2015 8:54 PM
  • I did a fresh install of Windows 10 Enterprise 1511 (since Windows 10 Enterprise RTM can't be upgraded to 1511 through WU yet), and still no luck.
    Thursday, December 10, 2015 8:09 AM
  • Also note that in Windows 10, unchecking the "require Network Level Authentication" setting doesn't actually disable NLA :-/  You have to manually go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp and change SecurityLayer to 0
    Tuesday, February 16, 2016 5:04 PM