Remote Desktop Client Azure



To enable more than 2 simultaneous sessions you will need to purchase RDS Subscriber Access Licenses (SALs) through the Microsoft Services Provider Licensing Agreement (SPLA) for each user or device that will access your solution on Windows Azure. If you've already signed in with a different Azure Active Directory account than the one you want to use for Windows Virtual Desktop, you should either sign out or use a private browser window. After signing in, you should now see a list of resources.

-->

Applies to

  • Windows 10

From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is joined to Azure Active Directory (Azure AD). Starting in Windows 10, version 1809, you can use biometrics to authenticate to a remote desktop session.

Set up

  • Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported.
  • Your local PC (where you are connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or Azure AD registered if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device are not supported.
  • The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests are not supported for Remote desktop.

Ensure Remote Credential Guard, a new feature in Windows 10, version 1607, is turned off on the client PC you are using to connect to the remote PC.

  • On the PC you want to connect to:

    1. Open system properties for the remote PC.

    2. Enable Allow remote connections to this computer and select Allow connections only from computers running Remote Desktop with Network Level Authentication.

    3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Users can be added either manually or through MDM policies:

      • Adding users manually

        You can specify individual Azure AD accounts for remote connections by running the following PowerShell cmdlet:

        where the-UPN-attribute-of-your-user is the name of the user profile in C:Users, which is created based on the DisplayName attribute in Azure AD.

        This command only works for AADJ device users already added to any of the local groups (administrators).Otherwise this command throws the below error. For example:

        • for cloud only user: 'There is no such global user or group : name'
        • for synced user: 'There is no such global user or group : name'

        Note

        For devices running Windows 10, version 1703 or earlier, the user must sign in to the remote device first before attempting remote connections.

        Starting in Windows 10, version 1709, you can add other Azure AD users to the Administrators group on a device in Settings and restrict remote credentials to Administrators. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.

      • Adding users using policy

        Starting in Windows 10, version 2004, you can add users or Azure AD groups to the Remote Desktop Users using MDM policies as described in How to manage the local administrators group on Azure AD joined devices.

        Tip

        When you connect to the remote PC, enter your account name in this format: AzureADyourloginid@domain.com.

        Note

        If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in this support article.

Supported configurations

Remote Desktop Web Client Azure

The table below lists the supported configurations for remotely connecting to an Azure AD-joined PC:

CriteriaRDP from Azure AD registered deviceRDP from Azure AD joined deviceRDP from hybrid Azure AD joined device
Client operating systemsWindows 10, version 2004 and aboveWindows 10, version 1607 and aboveWindows 10, version 1607 and above
Supported credentialsPassword, smartcardPassword, smartcard, Windows Hello for Business certificate trustPassword, smartcard, Windows Hello for Business certificate trust
Remote Desktop Client Azure

Note

Azure Bastion Remote Desktop Client

If the RDP client is running Windows Server 2016 or Windows Server 2019, to be able to connect to Azure Active Directory-joined PCs, it must allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities.

Remote Desktop Client Azure Download

Related topics