Hi Arjen Gerritsen,
Thank you for posting in the Q&A Forums.
- Verify Azure AD connection for VMs
First, ensure that the Azure VM is properly configured to use Azure AD for login. This typically involves joining the VM to Azure AD and configuring the appropriate service principal name (SPN) and conditional access policy.
- Check the RDP file settings
FQDN and enablerdsaadauth: Make sure the FQDN settings in the RDP file are correct and enablerdsaadauth:i:1 is enabled to support AAD login.
Server name: Ensure that the server name (servername) in the RDP file is the fully qualified domain name (FQDN) of the VM and not simply the IP address or hostname.
- Cross-tenant access configuration
Since the problem arises when logging in with accounts from different Azure AD catalogs, you may need to configure cross-tenant access. This typically involves the following steps:
Azure AD B2B Collaboration: consider using the Azure AD B2B (business-to-business) collaboration feature to allow users from different Azure AD catalogs to access resources. This can be done by inviting external users to your Azure AD catalog, or configuring the resource catalog to accept access requests from other catalogs.
Conditional Access Policy Adjustment: check and adjust conditional access policies to ensure that they do not prevent users from different tenants from accessing the VM. in particular check settings such as MFA (Multi-Factor Authentication) and Trusted Locations.
- Client Configuration
Azure AD Connection: Ensure that the Windows 11 client has properly connected to the Azure AD directory to which it belongs.
Credential Management: On the client, check the credential manager for any old or outdated credentials that may interfere with the AAD login process.
- Troubleshooting and Logging
View login logs: Use Azure AD's login logs to view details of login attempts, including reasons for failure.
Enable detailed logging: Enable more detailed logging on the VM to catch any errors or anomalies in the login process.
- Alternatives
VPN or private network: Consider using a VPN or private network to connect the client to the Azure VM in the same network, which can sometimes bypass restrictions on cross-tenant access.
Reconfigure the VM: If the problem persists and cross-tenant access configuration is too complex, consider reconfiguring the VM to use a different authentication mechanism, such as traditional username and password authentication.
Best regards
NeuviJ
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.