Azure – Azure AD Authentication for Windows virtual machine is now in preview

You may remember that about a year ago, Microsoft has introduced the capability to logon with your Azure AD credentials on Linux virtual machine running on Azure.

Well, good news, this possibility is now available in preview for Windows virtual machine too Smile – to be more precise, only on Windows 2019 or Windows 10 1809 or later.

NOTE if you are using Windows 10 OS, your virtual machine will need to Azure AD Joined or hybrid Azure AD Joined

Using Azure AD authentication to logon to your Windows Azure virtual machine allows you to take advantage of the Azure AD security capability such as RBAC, conditional access, risky sign-ins…

You can enable this option (which will also turn on the System Managed identity too) when creating the virtual machine at the Management step

image_thumb

Once the virtual machine has been created, you will still need an additional action using PowerShell or Azure Cli – you can use the Cloud Shell to do it – to install the Azure AD extension

NOTE it may take few minutes to complete

Azure Cli

az vm extension set –publisher Microsoft.Azure.ActiveDirectory –name AADLoginForWindows –resource-group <resource group where the VM is located> –vm-name <your VM name>

image_thumb[2]  image_thumb[3]

PowerShell

Set-AzureRmVMBGInfoExtension –VMName  <your VM name> -ResourceGroupName <resource group where the VM is located> -Name AADLoginForWindows

image_thumb[5]  image_thumb[7]

You will need to check the completion of the registration using the Extensions blade

image_thumb[6]

Then you can grant the Virtual Machine User Login (or Virtual Machine Administrator Login) RBAC role to your users/groups

image_thumb[1]

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies