888-685-3101, ext. 2

RDP into Remote PC with Entra Credentials

by | Nov 27, 2024 | Azure, Blog, Cloud, Microsoft

RDP into Remote PC with Entra Credentials

Security and management are essential when managing access to Entra joined machines. Using Microsoft Entra credentials achieves both and is a fairly straightforward setup when logging onto a device locally. Connecting remotely via RDP (Remote Desktop Protocol) can complicate the process and require some additional steps to get it working.

1. Grant the user the rights to log on remotely

a. Log into the Intune Portal.

b. Navigate to Endpoint Security -> Account protection

c. Select Create Policy

Fill in the options and click Create

  • Platform -> Windows
  • Profile -> Local user group membership
RDP into Remote PC with Entra Credentials Create Policy Local User Group Membership

Fill in policy options

  • Basics
    • Name -> Provide a distinctive name for the policy, such as Remote Logins
  • Configuration settings
    • Click Add
    • Local group -> Remote Desktop Users
    • Group and user action -> Add (Update) or Add (Replace)
      1. The update will add users and leave any existing users in the group.
      2. Replace will replace all users
    • User selection type
      1. Users/Groups
    • Select User(s)
      • Click on Select users/groups and choose the users/groups that need access to log in remotely.
  • Scope tags
    • Scope tags can be used to secure access further if desired.
  • Assignments
    • Search for groups that include the devices users will need access to log in to remotely.
  • Review + create
    • Verify all settings are correct and click Save.

d. The policy will run the next time the devices selected in Assignments connect to Intune and sync. If immediate access is needed, manually trigger a sync to the specific device.

2. Create RDP file

a. Open Remote Desktop Connection on local PC.

b. Enter either the IP address or DNS entry of the device.

c. Click Save As and save the file.

RDP into Remote PC with Entra Credentials Create RDP File Remote Desktop Connection IP Address or DNS Entry

d. Browse to the downloaded RDP file and open it with a text editor.

  • The text will contain several lines of RDP properties.
  • Six properties are required for remote connection to work. The others can be left or removed.
  • Add or update these properties in the file:

full address:s:{Device IP or DNS}

prompt for credentials:i:0

username:s:{Entra user email address}

Enablerdsaadauth:i:0

enablecredsspsupport:i:0

authentication level:i:2

3. Connect to device

a. Double-click the RDP file.

b. Click through any security prompts, and it will open a login screen, similar to logging in locally.

c. Enter the user’s Entra email address as the User and corresponding password.

  • If the login fails, try manually syncing the device again.

If you have any questions, please contact us.