Microsoft documentation says "To allow a user to sign in to the VM over RDP, you must assign the Virtual Machine Administrator Login or Virtual Machine User Login role to the Virtual Machine resource."
However, this is not the behavior I'm seeing, i.e. created a VM and can RDP to it without having any of the 'Virtual Machine Admin/User Login' roles. This is a problem because I was hoping to use this role assignment for restricting who can access the VM.
Here are more details about how the VM is configured:
- Runs Windows 11 image
- Created an NSG to restrict IP addresses that can RDP to VM
Microsoft Entra IDis enabled, and the VM is joined toMyDomaindomain (Settings > Accounts > Access work or school > Connect > Join this device to Microsoft Entra ID)- Added "NT AUTHORITY\Authenticated Users" to Remote Desktop Users