The organizations can improve the security level of Windows virtual machines in Microsoft Azure by integrating with Azure Active Directory authentication login. We can use the Azure AD as a core authentication platform to RDP into a Windows Server 2019 Datacenter edition and later or Windows 11.
I am gonna show you, Step by Step How to Login into Windows virtual machine in using Azure Active Directory.
Step 1: Let’s go to the Microsoft Azure portal. Search for Virtual Machines and click on the search result Virtual Machines.
Step 2: On the Virtual machine window, select on Create then click on the Virtual Machine.
Step 3: We have to provide a VM name, such as Newhelptech VM, leave the disk type as SSD, then provide a username, such as sifad. The password must be at least 12 characters long and meet the defined complexity requirements. Then, click on Next: Networking and Next: Management.
Step 4: In the management tab, We have to select Enable next to Login with Azure AD then click on Review + Create.
Step 5: Now, it will validate all the data entered by me and show you the Validation passed. Finally, we have to click on the Create button to create the Virtual machine.
Step 6: We must configure Azure role assignments for users who are authorized to login into the VM. The RBAC role assignment of Virtual Machine Administrator Login or Virtual Machine User Login is required when using Azure AD login.
- Virtual Machine Administrator Login: Users with this role assigned can log in to an Azure virtual machine with administrator privileges.
- Virtual Machine User Login: Users with this role assigned can log in to an Azure virtual machine with regular user privileges.
To configure RBAC Role assignments for Azure AD login. Please follow the below steps.
Click on Access Control (IAM)
Step 7: Click on Add then click on Add role assignment to open the Add role assignment window.
Step 8: Search the role of “Virtual Machine User Login” then click on Next.
Step 9: Select the User, group or service principal. Click on Select members, type the username and select the users and click on Review + assign.
Step 10: As shown notification, The user has been added to the role.
Step 11: On my Windows 11 Azure VM, open Settings, and then select Accounts. Select Access work or school. Here we can verify if your VM is Azure AD joined or not yet.
Step 12: Next step, We can start the Virtual Machine and confirm if we can sign in with your Azure AD user.
I would greatly appreciate it if you kindly give some feedback on my articles. It will be a booster 🤝
That’s all for now 🙂