In this article, I will show you how to add Azure AD user to Remote Desktop Users group on a computer or Azure VM. Once you add the Azure AD user account to the remote desktop users group, you can RDP the device.
In order to successfully RDP VM using Azure AD credentials, you must add Azure AD user to the remote desktop users group on the VM. This is one of the steps covered in troubleshooting how to RDP into a Azure AD-joined VM in Azure. Don’t forget to read that post in case you are unable to RDP the Azure VM.
Starting in Windows 10, version 2004, you can add users or Azure AD groups to the Remote Desktop Users using MDM policies. When you want to sign in with an Azure AD user account to a computer, you must add the user to Remote Desktop Users group on that computer.
If you want to allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Users can be added either manually or through MDM policies.
Adding the Azure AD user to the RD users group requires you to first login to the device or Azure VM. You must use the local admin account to sign-in to perform the changes. This is the account that you specified while creating VM in Azure.
I have few Azure VM’s and I will be picking up one and show you the steps to add the AAD user to RDP group. You can use the same method to add the user to local administrator group as well.
Some of you may attempt to add the Azure AD user directly from the remote desktop user group properties, but that method will not work. You have to use the PowerShell or command prompt to add Azure AD user to the Remote Desktop users group.
Add Azure AD user to Remote Desktop Users Group
Let’s look at the steps to add the Azure AD user to remote desktop users group on the Azure VM. Remember that the AD user account that you add should be in AzureAD\username@domain.onmicrosoft.com format.
You can either use PowerShell or Command Prompt to add Azure AD user to remote desktop users group. Both will do the same job. However, only the command differs and I will show you both the methods here.
Using Command Prompt add Azure AD user to RD users group
First, if you prefer to use command prompt, use the below command to add Azure AD user to remote desktop users group. Launch the command prompt as administrator and run the below command.
net localgroup "Remote Desktop Users" /add "AzureAD\username@domain.onmicrosoft.com"
Using PowerShell add Azure AD user to RD users group
If you want to use PowerShell to add the user to RD user group, launch the PowerShell as administrator and run the below command.
Add-LocalGroupMember -Group "Remote Desktop Users" -Member "AzureAD\username@domain.onmicrosoft.com"
After you have added the Azure AD user, you can verify if the user has been added to remote desktop users group. In the computer properties, under Remote Desktop, select users who can access this PC remotely. This will load the Remote Desktop Users window, and now you should see the Azure AD user account that you added.
You can confirm if the Azure AD user has been to remote desktop users group by running the below PowerShell command.
Get-LocalGroupMember -Name "Remote Desktop users"
