Microsoft Remote Desktop for MacOS: Add Network Level Authentication Option to Settings

Microsoft Remote Desktop for MacOS: Add Network Level Authentication Option to Settings
4

Upvotes

Upvote

 Feb 27 2024
4 Comments (4 New)
New

In the Microsoft Remote Desktop MacOS app, if you want to login with a Microsoft Entra (aka Azure Active Directory) account, you will get an error message saying you must disable Network Level Authentication (NLA). The error code I get is 0x3107.

 

I am able to get around this error by editing the RDP config file and setting the enablerdsaadauth and targetisaadjoined values from "0" to "1". 

 

It would be immensely helpful if this option could be added in the Microsoft Remote Desktop GUI. It looks like all the functionality is there, it just needs a GUI checkbox.

 

This option already exists in Windows Remote Desktop if you enable the "use web account" option on the advanced tab.

 

I realize this is not an issue for Azure Virtual Desktop, because the config is downloaded and set up automatically. But for everyone who is using Microsoft Entra that may need to provide instructions for users to set this up, the option would make life a lot easier.

Comments
Copper Contributor

@MikeRough, Where is the config file located on MacOS that I need to edit to allow NLA connection?

Brass Contributor

@hisaac Export your connection in the RDP app to an .rdp file. That's the config file you need to edit. You can then import it back into te app afterwards

Microsoft
Status changed to: New

Looks like this idea didn't get enough votes over the past months to be considered. We are closing this idea. 

Microsoft

@tmariscal This issue has been ongoing for several years and affecting many, many users if one searches online for the error code.

 

IMO this is a core feature that's missing, its incredibly surprising to me this isn't prioritized. The Remote Desktop/Windows app on MacOS cannot connect to enterprise machines. Suggesting to disable NLA is a security issue and often not possible because NLA is force-enabled by group policy.