Azure – You can now use Azure AD Authentication to logon on Windows virtual machines (preview)

After  getting the ability to logon on Linux virtual machines on Azure using your Azure AD credentials (see, you can now also do the same with Windows virtual machine (Windows Server 2019 Datacenter and Windows 10 1809 [or later]), available to all Azure regions.

To be able to use it, you need to ensure the Windows VMs in Azure has outbound access to the following endpoints over TCP port 443:

Enable for new virtual machine

Then when creating the virtual machine, you will need to turn on the option Azure Active Directory available in the Management creation step; when enabling the Azure Active Directory option is will also turn on System assigned managed identity


You can also use the Az command to add the Microsoft.Azure.ActiveDirectory extension

az vm extension set  –publisher Microsoft.Azure.ActiveDirectory –name AADLoginForWindows  –resource-group <your resource group>  –vm-name <your virtualmachine>

or with PowerShell

Then you can grant access using the Azure RBAC Virtual Machine Administrator Login or Virtual Machine User Login


Enable for existing virtual machine

You can either use the Az command above or from the portal by accessing the Identity  blade to turn on the System assigned identity


Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies