Testing the AAD authentication for Windows VMs preview

Quick blogpost about the experience of AAD authentication for Windows VMs – https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows

Creating a separate resource group for easy deletion…

Let’s try out Windows 10 1909

All default, with only a hostname, username and password provided
Enabling the Login with AAD credentials preview

Following the documentation, we need to add role assignments in the Azure portal. Trying with both a local user and a guest account, though the documentation states that the VM must be connected to the same Azure AD as the user, meaning B2B account will not work.

Well, that didn’t work:

An hey, reading through the documentation before actually trying it out, would have told me the following:

Well, that’s a bummer to be honest. Installing a Hyper-V VM for this purpose locally, as I want to have a fully Azure AD Joined device to test from:

I’ll spare you the details…

After Azure AD joining a VM successfully and running dsregcmd /status, we see that I now have a PRT for the correct tenant:

dsregcmd /status
Fingers crossed
Looking better

And voila, it worked just fine. The Windows 10 Azure VM login works!

dsregcmd /status for the Azure VM

I think the whole “you need to sign in from a computer joined to the same Azure AD” situation is a huge limitation, so let’s hope this is solved at some point.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s