After getting the ability to logon on Linux virtual machines on Azure using your Azure AD credentials (see http://blog.hametbenoit.info/2018/05/23/azure-you-can-use-your-azure-ad-credentials-to-logon-to-linux-vm/), you can now also do the same with Windows virtual machine (Windows Server 2019 Datacenter and Windows 10 1809 [or later]), available to all Azure regions.
To be able to use it, you need to ensure the Windows VMs in Azure has outbound access to the following endpoints over TCP port 443:
- https://enterpriseregistration.windows.net
- https://login.microsoftonline.com
- https://device.login.microsoftonline.com
- https://pas.windows.net
Enable for new virtual machine
Then when creating the virtual machine, you will need to turn on the option Azure Active Directory available in the Management creation step; when enabling the Azure Active Directory option is will also turn on System assigned managed identity
You can also use the Az command to add the Microsoft.Azure.ActiveDirectory extension
az vm extension set –publisher Microsoft.Azure.ActiveDirectory –name AADLoginForWindows –resource-group <your resource group> –vm-name <your virtualmachine>
or with PowerShell
Then you can grant access using the Azure RBAC Virtual Machine Administrator Login or Virtual Machine User Login
Enable for existing virtual machine
You can either use the Az command above or from the portal by accessing the Identity blade to turn on the System assigned identity