Azure – You can now use Azure AD Authentication to logon on Windows virtual machines (preview)

After  getting the ability to logon on Linux virtual machines on Azure using your Azure AD credentials (see http://blog.hametbenoit.info/2018/05/23/azure-you-can-use-your-azure-ad-credentials-to-logon-to-linux-vm/), you can now also do the same with Windows virtual machine (Windows Server 2019 Datacenter and Windows 10 1809 [or later]), available to all Azure regions.

To be able to use it, you need to ensure the Windows VMs in Azure has outbound access to the following endpoints over TCP port 443:

Enable for new virtual machine

Then when creating the virtual machine, you will need to turn on the option Azure Active Directory available in the Management creation step; when enabling the Azure Active Directory option is will also turn on System assigned managed identity

image

You can also use the Az command to add the Microsoft.Azure.ActiveDirectory extension

az vm extension set  –publisher Microsoft.Azure.ActiveDirectory –name AADLoginForWindows  –resource-group <your resource group>  –vm-name <your virtualmachine>

or with PowerShell

Then you can grant access using the Azure RBAC Virtual Machine Administrator Login or Virtual Machine User Login

image

Enable for existing virtual machine

You can either use the Az command above or from the portal by accessing the Identity  blade to turn on the System assigned identity

image

Leave a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.