I recently setup a lab environment with a Windows VM in Azure.
I connected with RDP via VPN and as a local admin.
After joining it to a Azure AD I tried to connect with the corresponding Office 365 UPN and credentials but did not succeed.
After hours of investigation and opening a support ticket with Microsoft I found this solution:
- to connect via mstsc you’ll need to adjust the RDP config file adding the parameter
enablecredsspsupport:i:0 - Now you’re able to connect with RDP via mstac with the O365 user in the form of
AzureAD\<UPN>
(example: AzureAD\someuser@yourdomain.onmicrosoft.com)
If you prefer another RDP client (as I do with Remote Desktop Connection Manager), you’ll have to change a registry setting, as Microsoft changed the RDP defaults in Windows 10. They modified the default for “SecurityLayer” from 0 to 2. Even if you go into the user interface and disable: “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)” Still doesn’t change that value to a 2.
- Open RegEdit
- Navigate to this Key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
(Thanks to Renato Brito from Microsoft for this!) - Change “SecurityLayer” to a zero
- Reboot and done!