Unable to connect windows VM via Azure Bastion

Question

Unable to connect windows VM via Azure Bastion

Abrar Adil S 401

we have a user assigned with Windows 10/11 Enterprise License assigned to the Cloud Account, We want to login to Windows VM using the Azure AD Account via Bastion.

I have Enabled the extension Windows AAD Login, and added the user with RBAC Virtual Machine User Login and Virtual Machine Administrator login and RDP port. requesting some assistance on how we can proceed further.

Abrar Adil S 401 Reputation points

2025-08-22T05:52:43.49+00:00

I have disabled the NTLM, Added the user to the Remote Desktop Groups as well
Abrar Adil S 401 Reputation points

2025-08-22T07:14:07.3533333+00:00

the account is not a domain joined account, its a cloud only id, user1@******.onmicrosoft.com, The VM is Azure AD Joined, provided necessary RBAC, bastion is in another vnet, but Vnet peering is completed, able to login to the VM using Public IP and editing the RDP file, but connectivity is not there from the Azure Bastion.
Priya ranjan Jena 265 Reputation points Microsoft External Staff Moderator

2025-08-22T07:58:55.9166667+00:00

Could you please share the error scree shot?

Thanks
Priya ranjan Jena 265 Reputation points Microsoft External Staff Moderator

2025-08-26T06:37:51.7766667+00:00

Hi Abrar,

Could you please if above comments helps you, if yes please “up-vote” for the information provided , this can be beneficial to community members.

Thanks

1 answer

Your answer

Abrar Adil S 401 Reputation points

2025-08-22T05:52:43.49+00:00

I have disabled the NTLM, Added the user to the Remote Desktop Groups as well
Abrar Adil S 401 Reputation points

2025-08-22T07:14:07.3533333+00:00

the account is not a domain joined account, its a cloud only id, user1@******.onmicrosoft.com, The VM is Azure AD Joined, provided necessary RBAC, bastion is in another vnet, but Vnet peering is completed, able to login to the VM using Public IP and editing the RDP file, but connectivity is not there from the Azure Bastion.
Priya ranjan Jena 265 Reputation points Microsoft External Staff Moderator

2025-08-22T07:58:55.9166667+00:00

Could you please share the error scree shot?

Thanks
Priya ranjan Jena 265 Reputation points Microsoft External Staff Moderator

2025-08-26T06:37:51.7766667+00:00

Hi Abrar,

Could you please if above comments helps you, if yes please “up-vote” for the information provided , this can be beneficial to community members.

Thanks

Answer 1

Hi Abrar Adil S,

Thank you for reaching out on Microsoft Q&A forum

Please be assisted with below followings for bastion service.

Extension and Permissions:

Make sure the Azure AD Login extension is correctly installed on your VM, as you have already assigned the RBAC roles (Virtual Machine User Login and Virtual Machine Administrator Login), ensure the user is indeed granted access properly without any conflicts.

Connection Settings:

When connecting through Bastion, on the Bastion connection page, make sure you are using the correct format for the username. If your VM is domain-joined, use the format: ******@domain.com.

Enable System Assigned Managed Identity

This is automatically enabled when you toggle Login with AAD credentials during VM creation.

If not, enable it manually in the VM’s Identity blade.

Network Requirements

Ensure Public IP is disassociated from the machine to make azure bastion functional.

Ensure outbound access to Azure AD endpoints over TCP port 443 is allowed.

Bastion service should be attached to same v-net.

Confirm the VM has internet connectivity and the Azure VM Agent is in a healthy state.

Please find the link below for Azure Bastion reference.

https://learn.microsoft.com/en-us/azure/bastion/bastion-overview

If you find this comment helpful, Please “up-vote” for the information provided , this can be beneficial to community members.

Kindly let us know if you have any additional questions.

Thanks

Share via

Unable to connect windows VM via Azure Bastion

1 answer

Your answer