![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 11%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 73%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
Hi Aron,
Based on your description, I can see that you’ve already verified most of the prerequisite requirements. However, I suggest checking the following additional points:
- Per-user MFA: Ensure that the user is not enabled or enforced in per-user MFA settings.
- Conditional Access Policies: If there is a Conditional Access policy requiring MFA, please make sure to exclude the "Microsoft Azure Windows Virtual Machine Sign-in" app (App ID:
372140e0-b3b7-4226-8ef9-d57986796201) from the targeted cloud apps.
Also, make sure you meet this condition:
Remote connections to VMs that are joined to Microsoft Entra ID are only allowed from Windows 10 or later PCs that are either Microsoft Entra registered (minimum build 20H1), Entra joined, or Entra hybrid joined to the same directory as the VM.
For reference, see this Microsoft Learn article: Sign in to a Windows virtual machine in Azure by using Microsoft Entra ID.
If MFA isn’t enabled through per-user MFA or conditional access policy and still unable to login into VM.
Try to if Security Defaults were enabled in your tenant. While Security Defaults typically do not affect non-admin users signing into a VM, they do require Global Administrators to complete MFA. If your account has the Global Administrator role assigned, MFA is still being enforced due to Security Defaults. As per design we can’t login into the Azure VM with Microsoft Entra ID user if the MFA is being applied on VM login.
To work around this, create a new Global Administrator account and a backup admin account, then remove the Global Administrator role from your main account. This allows you to sign in to the VM without being prompted for MFA.
If you are still unable to sign in to the VM using Entra ID credentials, please share your email address and availability for a call over private message, and I’d be happy to assist you further.