CloudThat's Blog
www.cloudthat.com
  • AWS
  • Azure
  • AI/ML
  • Data Analytics
  • DevOps
  • GCP
  • Cybersecurity
  • Test Prep
  • Training
  • Consulting

Mayank Bharawa Mayank Bharawa

Login to Azure VMs using Azure Active Directory Credentials

March 22, 2022 | Comments(0) |

TABLE OF CONTENT

1. Introduction
2. Prerequisites
3. Configuring Virtual Machine
4. Configuring Access Control (IAM)
5. Configuring Conditional Access Policy
7. Conclusion
8. About CloudThat

1. Introduction to How to Connect to Azure VM

Organizations can now improve the security of Windows virtual machines (VMs) in Azure by integrating them with Azure Active Directory (AAD) authentication. You can now use Azure AD as the primary authentication service to RDP into a Windows Server 2019 Datacenter edition and later on Windows 10 1809 and so on. Also, you will be able to centrally manage and enforce Azure RBAC and Conditional Access policies that allow or block access to the VMs. This blog shows you how to create and configure a Windows VM with Azure-AD-based authentication.

2. Prerequisites

  • A Virtual Network
  • Azure AD Tenant

3. Configuring Virtual Machine

  1. Open the Azure Portal by visiting azure.com
  2. Go to Virtual Machine Service and fill in the relevant information to create Virtual Machine (VM)
  3. While creating a virtual machine under the Management tab, select the checkbox for two options to install the Azure AD login extension.
    -> Login with Azure AD
    -> System assigned managed identity (automatically gets chosen on selecting the above option)
    Azure AD
  4. To check AADLoginForWindows extension is installed. Once VM gets created, go to the virtual machine. Select Extensions + applications from the Settings tab, and Under Extensions Tab, the AADLoginForWindows extension will be visible.
    Azure AD

4. Configuring Access Control (IAM)

  1. Created a Group in Azure AD with an appropriate naming convention and added members to it based on the role like I have created group GRP-Application-VM-RD-FullAccess
    (To provide the users of the group an Azure AD login)
    Azure AD
  2. Now go to the VM and click on Access Control (IAM). After that, Click on Add role assignment under the Check access tab
    Azure AD
  3. Under the Add role assignment page, select Virtual Machine Administrator Login role and click on
    1
    <strong>Note: -</strong> Now that you have created the VM, you need to configure the Azure RBAC policy to determine who can log in to the VM. Two Azure roles are used to authorize VM login

    -> Virtual Machine User Login: Users with this role can login to Azure VM with Azure AD credentials
    -> Virtual Machine Administrator Login: Users with this role can log in to an Azure VM with administrator access.
    Azure AD
  4. After that, click on +Select members and search for group GRP-Application-VM-RD-FullAccess, which we have created in previous steps, and click on Select to add group or user for that role on VM. And click on Next and then Review + assign.
    Azure AD
  5. Now that group users will have the admin access
    1
    <strong>Note: - </strong>Similarly, you can follow the above process for other or same VM and Select groups and roles like Virtual Machine User Login Role or Virtual Machine Administrator Login based on the requirement.

5. Configuring Conditional Access Policy

  1. If MFA is required for all other Apps except Azure VM sign in
    Azure AD
    1
    Note: - Disable MFA on a global level from AAD. For that, under <strong>Azure AD</strong> -&gt; <strong>All users</strong> -&gt; <strong>Per-user-MFA</strong> and select the user from a new page and click on <strong>disable</strong> under the <strong>quick</strong> steps section
  2. Now go to Azure AD Conditional Access Service from the portal search bar.
  3. Create a new policy to Exclude MFA for VM Login. Click on New Policy, and then Select Create new policy.
    Azure AD
  4. Select Users and groups which we want to include inside the policy
    Azure AD
  5. Next step In Include section, select all apps, and under Exclude section, select Azure Windows VM Sign-in
    Azure AD
  6. Under Grant, select Require MFA and select On from Enable policy section to enforce it.
    Azure AD
  7. This policy group will allow users to log in to Windows VM without MFA, and MFA will be required for all other apps logins like office 365, Azure AD Join, etc.
  8. NOW RDP into the VM using its public IP and try login with the Azure AD credentials if you are a member of group GRP-Application-VM-RD-FullAccess
    Azure AD

6. Conclusion

In this blog, we have learned how to sign in to Azure windows VM with RDP in Azure using Azure AD credentials. It will provide an additional layer of security to the VM; you can centrally create and manage users across your hybrid enterprise, keeping users, groups, and devices in synchronization.

One of the significant benefits of using Azure AD to log in to Windows VM is that the password complexity password lifetime policies configured for your Azure AD directory will also be applicable to your Windows VMs. Any time an employee leaves the organization, their user account can be disabled by updating the Azure RBAC policy. They will no longer have access to the resources. With Role-Based access control, you can easily grant access to a user or an administrator as required.

Hence most corporate organizations are leveraging the power of Azure Policies to ensure standard and access compliance as an added security measure to safeguard their resources.

7. About CloudThat

CloudThat is the official Microsoft Gold Partner and Training Partner and AWS (Amazon Web Services) Advanced Consulting Partner, helping people develop knowledge on cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

Feel free to drop a comment or any queries that you have regarding Azure services, Virtual Machines, Azure Active Directory, we will get back to you quickly. To get started, go through our Expert Advisory page and Managed Services Package that is CloudThat’s offerings.


Leave a Reply

Click here to cancel reply.

Benefit from our new offering 'Azure Mastery Pass' – One pass to attend all our Microsoft Azure courses for 1 year & get trained from best of our Consultants and Microsoft Certified Trainer.



Register Your Interest Now! Please fill out below details & we will revert within 24 hours.

Thank you for your interest.
Oops something went wrong.

Follow us for latest articles

Popular Posts

  • Top Cloud Service Providers in 2021: AWS, Microsoft Azure and Google Cloud Platform
  • Tips to Crack AZ-900: Microsoft Azure Fundamentals Exams
  • Site-to-Site VPN connection between AWS & Azure
  • Sample Questions for Amazon Web Services Certified Solution Architect Certification (AWS Architect Certification) – Part I
  • Preparing for Azure 70-532 Exam: Developing Microsoft Azure Solutions

Recent Posts

  • Quantum Computing as a Service (QCaaS): Azure Quantum- Taking Baby Steps Towards Quantum Computing
  • Why DevOps is Important? A Comprehensive Picture
  • The Road to AWS DevOps Competency Partnership Program
  • AWS Media Services: Build a Scalable Media Platform in Cloud
  • Introducing AWS Network Firewall: Step-By-Step Guide To Provisioning AWS Network Firewall– Part 1

Recent Comments

  • Ismayil Siyad on Quantum Computing as a Service (QCaaS): Azure Quantum- Taking Baby Steps Towards Quantum Computing
  • Daliya.V.K on Quantum Computing as a Service (QCaaS): Azure Quantum- Taking Baby Steps Towards Quantum Computing
  • Ismayil Siyad on Quantum Computing as a Service (QCaaS): Azure Quantum- Taking Baby Steps Towards Quantum Computing
  • Anush on Quantum Computing as a Service (QCaaS): Azure Quantum- Taking Baby Steps Towards Quantum Computing
  • Ismayil Siyad on Quantum Computing as a Service (QCaaS): Azure Quantum- Taking Baby Steps Towards Quantum Computing

Archives

Categories

  • AI
  • AI/ML
  • Analysis
  • Analytics
  • API
  • Apps Development
  • Artificial Intelligence
  • Artificial Intelligence and Machine Learning
  • Automation
  • AWS
  • AWS Amplify
  • AWS EKS
  • AWS PinPoint
  • AWS Thunderbird
  • AWS Transit Gateway
  • Azure
  • Azure Machine Learning
  • Big Data
  • Blockchain
  • Certification BootCamp
  • Cloud Computing
  • Cloud Data Science
  • Cloud Migration
  • Cloud security
  • Comparision
  • Cryptocurrency
  • Cybersecurity
  • Data Analytics
  • DevOps
  • Docker
  • Google Cloud (GCP)
  • Hadoop
  • Identity Access and Management
  • Internet of Things (IoT)
  • Interviews
  • Kubernetes
  • Machine Learning
  • Microsoft 365
  • Microsoft Azure
  • ML
  • MongoDB
  • News
  • NoSQL
  • OpenStack
  • Power Platforms
  • Private Cloud
  • Project Management
  • Tutorials
  • Uncategorized
  • vCloud Air
  • Videos
  • Windows

Like us for latest articles

© 2022 CloudThat Technologies. All rights reserved.