deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 21:33:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update connect-to-remote-aadj-pc.md

Browse Source 
I added some new suggested verbiage to the page.

Also some other feedback. 
- It took me a while to figure out that the Supported configurations table only applied to the Connect without Azure AD authentication section.  Can you add a table or note to the Connect with Azure AD Authentication section that either enumerates all the credential types that are supported or that makes this more clear?  To me it first made me think that credentials like FIDO2 security keys were not supported with Azure AD Authentication, but after testing I discovered that they are in fact supported.  

- Can you add notes about how long the RDP session lives by default. WIth Azure AD Authentication, even signing out of the remote desktop does not cause the user to reauth again when signing back in. The session length seems quite long. Maybe add a suggestion for CA Policy Session Controls to limit the session length also. 

- The App name/appID needed in the CA Policy isn't easy to find, so I put a specific mention of it in the page.
This commit is contained in:
Erik Parkkonen
2023-03-17 08:47:08 -07:00
committed by GitHub
parent 53b8f048ab
commit c7685c7057
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
windows/client-management/connect-to-remote-aadj-pc.md
View File

@ -49,13 +49,14 @@ There's no requirement for the local device to be joined to a domain or Azure AD
To connect to the remote computer:
- Launch **Remote Desktop Connection** from Windows Search, or by running `mstsc.exe`.
- Specify the name of the remote computer.
- Specify the **name** of the remote computer (IP address cannot be used when **Use a web account to sign in to the remote computer** option is used.)
- Select **Use a web account to sign in to the remote computer** option in the **Advanced** tab. This option is equivalent to the `enablerdsaadauth` RDP property. For more information, see [Supported RDP properties with Remote Desktop Services](/windows-server/remote/remote-desktop-services/clients/rdp-files).
- When prompted for credentials, specify your user name in `user@domain.com` format.
- You're then prompted to allow the remote desktop connection when connecting to a new PC. Azure AD remembers up to 15 hosts for 30 days before prompting again. If you see this dialogue, select **Yes** to connect.
> [!IMPORTANT]
> If your organization has configured and is using [Azure AD Conditional Access](/azure/active-directory/conditional-access/overview), your device must satisfy the conditional access requirements to allow connection to the remote computer.
> If your organization has configured and is using [Azure AD Conditional Access](/azure/active-directory/conditional-access/overview), your device must satisfy the conditional access requirements to allow connection to the remote computer. Conditional Access Policies can be used to "Require multi-factor authentication", "Require authentication strength" and session controls like "Sign-in frequency" by applying the Conditional Access Policy to the specific application **Microsoft Remote Desktop (a4a365df-50f1-4397-bc59-1a1564b8bb9c)**
### Disconnection when the session is locked