You may remember that about a year ago, Microsoft has introduced the capability to logon with your Azure AD credentials on Linux virtual machine running on Azure.
Well, good news, this possibility is now available in preview for Windows virtual machine too – to be more precise, only on Windows 2019 or Windows 10 1809 or later.
NOTE if you are using Windows 10 OS, your virtual machine will need to Azure AD Joined or hybrid Azure AD Joined
Using Azure AD authentication to logon to your Windows Azure virtual machine allows you to take advantage of the Azure AD security capability such as RBAC, conditional access, risky sign-ins…
You can enable this option (which will also turn on the System Managed identity too) when creating the virtual machine at the Management step
Once the virtual machine has been created, you will still need an additional action using PowerShell or Azure Cli – you can use the Cloud Shell to do it – to install the Azure AD extension
NOTE it may take few minutes to complete
Azure Cli
az vm extension set –publisher Microsoft.Azure.ActiveDirectory –name AADLoginForWindows –resource-group <resource group where the VM is located> –vm-name <your VM name>
PowerShell
Set-AzureRmVMBGInfoExtension –VMName <your VM name> -ResourceGroupName <resource group where the VM is located> -Name AADLoginForWindows
You will need to check the completion of the registration using the Extensions blade
Then you can grant the Virtual Machine User Login (or Virtual Machine Administrator Login) RBAC role to your users/groups