1. Azure Remote Desktop Services (RDS) is a VDI solution on Azure, which provides secure access to virtualized applications and desktops. RDS lets end users access their applications and desktops remotely on the cloud, via mobile and desktop devices.
2. Access desktops powered by Windows Server Remote Desktop Services desktops and apps at no additional cost if you are an eligible Microsoft Remote Desktop Services (RDS) Client Access License (CAL) customer. You need an Azure account to quickly deploy.

Assuming we have a select number of virtual machines in Azure and needed to provide access for these I was able to find out the following options: Open port 3389/TCP (Remote Desktop) for selected IPs or networks. This is the obvious “top of my head” solution, as it’s a classic approach. And also inherently insecure, and hard to manage. Windows Virtual Desktop (WVD) is a disruptive technology in the published desktop and applications market. WVD is a remote desktop and application service hosted in Azure. It uses a secure, no-charge Platform as a service (PaaS) offering with integrated Azure Active Directory authentication. Customers pay for the VMs that host user sessions in Azure.

Since everyone started working remotely, I've personally needed to Remote Desktop into more computers lately than ever before. More this week than in the previous decade.

I wrote recently about to How to remote desktop fullscreen RDP with just SOME of your multiple monitors which is super useful if you have, say, 3 monitors, and you only want to use 2 and 3 for Remote Desktop and reserve #1 for your local machine, email, etc.

IMHO, the Remote Desktop Connection app is woefully old and kinda Windows XP-like in its style.

There is a Windows Store Remote Desktop app at https://aka.ms/urdc and even a Remote Desktop Assistant at https://aka.ms/RDSetup that can help set up older machines (earlier than Windows 10 version 1709 (I had no idea this existed!)

The Windows Store version is nicer looking and more modern, but I can't figure out how to get it to Remote into an Azure Active Directory (AzureAD) joined computer. I don't see if it's even possible with the Windows Store app. Let me know if you know how!

So, back to the old Remote Desktop Connection app. Turns out for whatever reason, you need to save the RDP file and open it in a text editor.

Terminal Services In Azure

Add these two lines at the end (three if you want to save your username, then include the first line there)

Note that you have to use the style .AzureADemail@domain.com

The leading .AzureAD is needed - that was the magic in front of my email for login. Then enablecredsspsupport along with authentication level 2 (settings that aren't exposed in the UI) was the final missing piece.

Add those two lines to the RDP text file and then open it with Remote Desktop Connection and you're set! Again, make sure you have the email prefix.

The Future?

Given that the client is smart enough to show an error from the remote machine that it's Azure AD enabled, IMHO this should Just Work.

Azure Remote Desktop Server For Linux

More over, so should the Microsoft Store Remote Desktop client. It's beyond time for a refresh of these apps.

NOTE: Oddly there is another app called the Windows Desktop Client that does some of these things, but not others. It allows you to access machines your administrators have given you access to but doesn't allow you (a Dev or Prosumer) to connect to arbitrary machine. So it's not useful to me.

There needs to be one Ultimate Remote Windows Desktop Client that lets me connect to all flavors of Windows machines from anywhere, is smart about DPI and 4k monitors, remotes my audio optionally, and works for everything from AzureAD to old school Domains.

Between these three apps there's a Venn Diagram of functionality but there's nothing with the Union of them all. Yet.

Until then, I'm editing RDP files which is a bummer, but I'm unblocked, which is awesome.

Sponsor: Couchbase gives developers the power of SQL with the flexibility of JSON. Start using it today for free with technologies including Kubernetes, Java, .NET, JavaScript, Go, and Python.

About Scott

Microsoft Azure Remote Desktop

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

AboutNewsletter

I’m frequently on the move and switch between devices. I could be working at home one day, at a hotel working, on site at a customer office with no internet, on a plane. I just never know. Part of my workflow is running some of my daily activities on an Azure VM. I can get to it from pretty much anywhere and it doesn’t matter what device I do or don’t have access to, I can always get to what I need and access the Microsoft network.

In order to access everything from our corporate network I have joined the computer using Azure Active Directory (Azure AD). Before I show you how to remote desktop to an Azure AD joined VM or computer, let me show the steps to join a computer to Azure AD. This requires the machine to be running Windows 10 version 1709 or later to connect to Azure AD but 1809 or later to remote desktop with Azure AD credentials. This can be a physical computer or a virtual machine.

Join a Computer to Azure Active Directory

Remote Desktop In Azure

First, launch the Windows Settings app and navigate to the Accounts section.

Using the left side navigation go to the Access work or school section and click Connect.

On the resulting screen click the link at the bottom of the page labeled Join this device to Azure Active Directory.

Proceed through the wizard by entering your email address, authenticate with your company’s preferred method, and verify the domain information.

Upon completion the work or school access screen will now show that you are connected to your organizations Azure AD along with the account used to connect.

Remote Desktop to Azure AD Joined Computer

Unfortunately, at this time it isn’t quite as easy as “open up a new RDP connection, type in the computer, type my email, and connect”. If it were, this post wouldn’t be here. So let’s look at the steps we need to go through to get connected.

First, open remote desktop as if you were going to connect to any other computer. Type in the computer name or IP address and expand the the Show Options section. Next, click the Save As button to save the RDP file locally. I’m going to place mine on my desktop. At this point you can close the Remote Desktop Connection dialog. It isn’t needed anymore.

Next, open Notepad. Click File -> Open -> location your RDP file that was saved in the previous step. You’ll need to change the document type dropdown from Text Documents (.txt) to All Files (*).

Go to the very bottom of the list of parameters and add the following two lines:
enablecredsspsupport:i:0
authentication level:i:2

Save the changes to the .rdp file. Note that your file may have more or fewer lines in it than mine.

Now you are ready to connect! Double click on the RDP file and fill in the dialog box.

Azure Ad Remote Desktop Server

For the user name field should be formatted as .AzureADemail@company.com
(Technically it only needs to be AzureADemail@company.com but there are some strange caching things that happen when the VM autolocks and you go to sign back in. Adding the dot slash (.) at the beginning will save you some headache of having to add AzureAD to the beginning of your user name each time you try to log in.)

Azure Remote Desktop Gateway Server

There you have it! It’s a bit of a pain, but now you can RDP into a computer with your Azure AD credentials (aka, email address) to an Azure AD joined computer.

Remote Desktop Server In Azure

I use a free piece of software called Remote Desktop Manager for all my connections. You can’t make the necessary changes to a connection in there (that I can tell anyway), but you can create the RDP file using the instructions here then import that connection into the tool and it will work perfectly.