Azure AD Authentication to Azure VM

Many organizations are adopting a cloud only approach to infrastructure. Why wouldn’t they? It’s scalable with predictable costs, and it can be accessed from virtually anywhere. However, authenticating with services and virtual machines on the cloud can be more involved than with traditional on-premises infrastructure. This blog aims to demonstrate how one can configure a Virtual Machine in Azure to authenticate remote sessions using only an Azure AD account and a Windows Machine bound to the same Tenant as the Azure AD account. It is possible to achieve the same results by deploying Active Directory in Azure and binding it to the Domain or by using AADDS to bind machines. However, both options require additional costs and overhead. Please note that this feature is still in preview and only works on Azure Bound Windows Machines. Also, “strong authentication” is required to use this feature. This can be accomplished by using Windows Hello or by disabling MFA on a user’s account on the VM using conditional access.

 

Create a Virtual Machine

To begin with, we must create a virtual machine in the Azure Portal.

Configure the VM to your needs then Navigate to the Management Tab.

Azure AD Authentication to Azure VM_photo1

 

Make sure you select Login with Azure AD and check the managed identity.

Azure AD Authentication to Azure VM_photo2

 

Once the VM is deployed we must set user permissions in the IAM section and add a role assignment.

Azure AD Authentication to Azure VM_photo3

 

 

Add Roles

Add the roles Virtual Machine User or Administrator which will in turn give the user Admin Rights on the Virtual machine.

Azure AD Authentication to Azure VM_photo4

 

Download the RDP file

Once assigned, download the RDP file.

Azure AD Authentication to Azure VM_photo5

Azure AD Authentication to Azure VM_photo6

 

Double click on the RDP file and authenticate using windows Hello.

Azure AD Authentication to Azure VM_photo7

 

Authenticate

Finally, if authentication is approved the VM will log you into your Azure Windows Environment.

Azure AD Authentication to Azure VM_photo8

 

Things to Note

If you already created a VM and didn’t check the Azure AD authentication option.

You can enable it after the fact by enabling RBAC and adding the AAD extension on the VM.

Azure AD Authentication to Azure VM_photo9

Azure AD Authentication to Azure VM_photo10

 

No doubt, Microsoft will continue to leverage tools in Windows 10 and 11 to connect to Azure Tools. Using the same logins to authenticate with Azure services is safer than using multiple credentials and it improves the end user experience. Furthermore, this guide assumes that RDP is open to the internet which adds a security risk. You may want to consider Azure VPN which also support authentication via Azure AD credentials to remote into Azure VMs.

 

Contact us if you have questions or need help with your set up. 

 

Subscribe Here For Our Blogs:

Recent Posts

Categories

see all