Oops, I just realized that this community and the Q&A site have different purposes. I will move my question to the other site.

Hii, the error message is well written as far as getting the case right, but is there any way to enable NLA when using RDP to access an on-premise workstation that is AAD joined.

It doesn't have P2 or the per-seat upgrade that often goes with P2, so to be honest I'm not sure how authentication works exactly. Not as far as what actually is granted when I tap Approve in Authenticator on my phone. 

It does not have Azure AD DS either. Instead it uses Azure AD Connect. PHS is not enabled, could this be the problem?

Many thanks