3

I'm in charge of a small Windows work group with a handful of computers. We later introduced MS 365 Business and users could log in using their MS 365 credentials, which I guess makes the computer Azure-AD joined.

I'm now trying to figure out how to give a MS 365 user access over remote desktop to their own PC. With regular users, I can just add them to the list of authorized remote users but I have no idea how to achieve the same with a MS 365 user. And strangely, I can't seem to find any information on this topic on the net.

SamErde
  • 3,409
  • 3
  • 24
  • 44
vic
  • 973
  • 1
  • 10
  • 22

1 Answers1

3

Have the user log into the machine locally at least once, and then run the following from an elevated command prompt or PowerShell. (The first logon step may not be required on Windows 10 newer than version 1709.)

net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-of-your-user"

eg: net localgroup "Remote Desktop Users" /add "AzureAD\vic@yourdomain.com"

When you connect to the machine, enter the user name in the format of their AzureAD UPN.

More information can be found at the Microsoft document: Connect to remote Azure Active Directory-joined PC.

SamErde
  • 3,409
  • 3
  • 24
  • 44
  • 1
    Thanks for providing the link to the official documentation, I really couldn't find it by myself. Clearly, that's the correct answer, it's just a bit disheartening to see that, allegedly, you can only connect from another Win10 machine that on top of it all has to be joined to the same Azure AD domain. If true, that's a real showstoper in my case as I wanted to allow a Mac user to connect to his Windows machine remotely. – vic Oct 14 '20 at 18:15
  • This feature request may help: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/36020725-implement-the-ability-to-join-mac-os-x-to-azure-ad – SamErde Oct 14 '20 at 19:26
  • Indirectly, I guess it may. Personally, I just don't see why it needs an Azure AD joined machine in the first place. Today, I can easily connect to a regular domain joined machine through RDP from any kind of device external to the domain, all I need are the correct domain credentials. Not sure I understand why Microsoft decided that's not good enough for an Azure domain joined machine. – vic Oct 14 '20 at 19:36
  • 1
    Reporting that this also works when the client PC you're connecting from is macOS using the Microsoft Remote Desktop application. On the mac you also enter the username as `AzureAD\username@domainname` with your AzAD/M365 password into the connectoid, but it won't get past the RDP login screen until the account has been added to the Remote Desktop Users group as above. – AlwaysLearning Feb 14 '22 at 04:15