![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 79%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Identity Manager
A tool for managing user identities, credentials, and access across on-premises and cloud environments
To RDP from a personal (non–Microsoft Entra/Azure AD joined) laptop to an office PC that is Microsoft Entra (Azure AD) joined, use Microsoft Entra authentication with the classic Remote Desktop Connection client and ensure all prerequisites are met.
- Verify OS and updates
- Local (personal) device and office (remote) PC must be one of:
- Windows 11 with 2022-10 cumulative update KB5018418 or later.
- Windows 10, version 20H2 or later with 2022-10 cumulative update KB5018410 or later.
- Windows Server 2022 with 2022-10 cumulative update KB5018421 or later.
- Local (personal) device and office (remote) PC must be one of:
- Enable Remote Desktop on the office PC
- On the office (Azure AD joined) PC, enable Remote Desktop as described in “Enable Remote Desktop on your PC”.
- Ensure the office PC is Microsoft Entra joined
- The remote PC must be Microsoft Entra joined or Microsoft Entra hybrid joined.
- Use hostname, not IP
- The office PC must be reachable by hostname.
- The name used in the RDP client must match the device hostname as registered in Microsoft Entra ID.
- Connecting with an IP address is not supported when using Microsoft Entra authentication.
- Configure the RDP client for Microsoft Entra authentication
- On the personal laptop, open Remote Desktop Connection (mstsc.exe).
- Go to Show Options → Advanced.
- Select Use a web account to sign in to the remote computer. This sets the
enablerdsaadauthRDP property. - On the General tab, enter the remote computer’s hostname and select Connect.
- Enter Microsoft Entra credentials
- When prompted, enter the username in
******@domain.comformat (UPN of the Microsoft Entra account that has access to the office PC).
- When prompted, enter the username in
If “logon attempt failed” continues and both devices are Microsoft Entra joined/registered in the same tenant and you’re connecting from the Windows desktop client, also ensure PKU2U authentication is allowed on both devices, as this protocol is required in some Microsoft Entra joined scenarios.
References: