How to Remote Desktop (RDP) into a Windows 10 Azure AD joined machine
Since everyone started working remotely, I've personally needed to Remote Desktop into more computers lately than ever before. More this week than in the previous decade.
I wrote recently about to How to remote desktop fullscreen RDP with just SOME of your multiple monitors which is super useful if you have, say, 3 monitors, and you only want to use 2 and 3 for Remote Desktop and reserve #1 for your local machine, email, etc.
IMHO, the Remote Desktop Connection app is woefully old and kinda Windows XP-like in its style.
There is a Windows Store Remote Desktop app at https://aka.ms/urdc and even a Remote Desktop Assistant at https://aka.ms/RDSetup that can help set up older machines (earlier than Windows 10 version 1709 (I had no idea this existed!)
The Windows Store version is nicer looking and more modern, but I can't figure out how to get it to Remote into an Azure Active Directory (AzureAD) joined computer. I don't see if it's even possible with the Windows Store app. Let me know if you know how!
So, back to the old Remote Desktop Connection app. Turns out for whatever reason, you need to save the RDP file and open it in a text editor.
Add these two lines at the end (three if you want to save your username, then include the first line there)
Note that you have to use the style .\AzureAD\firstname.lastname@example.org
The leading .\AzureAD\ is needed - that was the magic in front of my email for login. Then enablecredsspsupport along with authentication level 2 (settings that aren't exposed in the UI) was the final missing piece.
Add those two lines to the RDP text file and then open it with Remote Desktop Connection and you're set! Again, make sure you have the email prefix.
Given that the client is smart enough to show an error from the remote machine that it's Azure AD enabled, IMHO this should Just Work.
More over, so should the Microsoft Store Remote Desktop client. It's beyond time for a refresh of these apps.
NOTE: Oddly there is another app called the Windows Desktop Client that does some of these things, but not others. It allows you to access machines your administrators have given you access to but doesn't allow you (a Dev or Prosumer) to connect to arbitrary machine. So it's not useful to me.
There needs to be one Ultimate Remote Windows Desktop Client that lets me connect to all flavors of Windows machines from anywhere, is smart about DPI and 4k monitors, remotes my audio optionally, and works for everything from AzureAD to old school Domains.
Between these three apps there's a Venn Diagram of functionality but there's nothing with the Union of them all. Yet.
Until then, I'm editing RDP files which is a bummer, but I'm unblocked, which is awesome.
Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.
There, you login with MicrosoftAccount\email@example.com
(the "MicrosoftAccount" being hardcoded as such :)) Effectively, replace this blog's suggested "AzureAD" with "MicrosoftAccount"...
What happened to the designers of Windows XP, the last Microsoft OS designed from A to Z?
It's been a while since you did this tutorial but is there a way to connect to Azure AD joined machines WITHOUT disabling NLA (Network Level Authentication)?
So far I've not been able to RDP connect to a Azure AD joined machine which has NLA enabled.
Is this documented? Is it 'best practice' to disable NLA in this case?
Comments are closed.
I would love to be able to have Remote Desktop without the necessary port. I would love a native solution without needing port forwarding on the router side. Everything involving setting up e.g. Hamachi is a hassle I believe and I would just love to connect to my remote machine. I know I would need some kind of server for this to establish the connection, but why now? I can set something up on Azure as a mediator.