Start a new topic

RDP using Office365 account on AzureAD joined machine

Hello!


As you may know, it is possible to login to a Windows 10 machine using a Microsoft account/Office 365 account. You can also use such an account remotely using RDP.


To be able to do that, you need to:

- Disable Network Level Authentication (NLA)

- Edit your RDP file with notepad and add these two lines:

 

     authentication level:i:2
     enablecredsspsupport:i:0

- Logon using AZUREAD\<Office 365 UPN>, e.g. AZUREAD\Rachel.Green@fabricam.onmicrosoft.com

This works fine but what are the RoyalTS settings in an RDP connection that correspond with these two lines:

     authentication level:i:2
     enablecredsspsupport:i:0

I would like to do this from RoyalTS.

Thanks!



Hi Vincent,


You can find both settings on the Advanced page:

https://content.royalapplications.com/Help/RoyalTS/V5/index.html?reference_remotedesktop_advanced.htm

Note that enablecredsspsupport is called "Network Level Authentication" (NLA)


In order to make the logon work, you may also need to change the setting called "Set Domain to '.' for Local Accounts" in the plugin configuration:

https://content.royalapplications.com/Help/RoyalTS/V5/index.html?reference_remotedesktop.htm


Regards,
Stefan


1 person likes this

 Since this is the first post that pops up for Royal TS when looking for this, in the Advanced section set authentication level to "Connect, but warn me if server authentication fails" and turn "Network Level Authentication" off.


Keeping "Authentication Level" to the default results in the connection failing.


1 person likes this

Jeroen, you are my hero! It works!


1 person likes this

All of the settings do not seem to work with my setup. No matter what combination of settings i try, it will always throw a login-window at me stating that the provided credentials do not work.


I tried with supplying credentials in the form of AzureAD\<UPN>, and with NLA ON or OFF, i even tried the RoyalTS Setting of "Use Azure AD Authentication" in the Advanced Tab of the connection - with no success at all.

If i invoke a local RDP client(mstsc) and activate the setting "Use a web account to sign in to the remote comuter" in the "Advanced"-Tab, Login works flawless. So it's not an issue of connectivity or access rights. I just cannot get it wo work from inside RoyalTS. (v7)

(and since this is the first post that pops up when you do a web search, a functioning solution might benefit other users as well...)

Hi Fabian,


there are many possible scenarios and environments. Some are supported by mstsc.exe but not by Microsoft's RDP ActiveX control from Windows which Royal TS is using. So there's a good chance that your scenario is not (yet) supported by the ActiveX and therefore not by Royal TS. The best way to find out if Microsoft supports certain scenarios in the ActiveX is to check with their own tool RDCMan (https://learn.microsoft.com/en-us/sysinternals/downloads/rdcman). If you can get it to work there, we should be able to make it work in Royal TS as well.


If features/functionality is missing from the ActiveX (RDCMan), users should let Microsoft know through the Windows Feedback Hub app or, even better, using an Enterprise Agreement if available.


That being said, we implemented the following setting recently:

I'm not sure if this resolves your issue but I thought it's worth a try.

Login or Signup to post a comment