We’re excited to announce support for authentication using Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra, with Windows Admin Center in Azure. Customers can now use Azure AD authentication with Windows Admin Center in Azure for both domain and non-domain joined server infrastructure. This exciting capability unites Azure AD authentication with Windows Admin Center to easily manage your server infrastructure.
Last year, we introduced Windows Admin Center in Azure to give you the ability to manage your Windows Server Virtual Machines (VMs) natively from the Azure Portal using your VM’s local administrator password to sign in. This works for VMs running on-premises connected to Azure Arc, or in the cloud as Azure VMs.
We also announced the ability for you to sign in to your Windows Azure Infrastructure as a Service (IaaS) VMs using Azure AD authentication via Microsoft Remote Desktop (RDP). This allows you to join Windows machines to your Azure Active Directory, with centralized control and enforcement with Azure role-based access control (Azure RBAC). With this capability, you don’t have to manage passwords or local administrator accounts to give access to Azure VMs.
Based on your feedback, we’re now supporting Azure AD credentials when using Windows Admin Center in Azure. This enables single sign-on (SSO) and seamless management for your Windows Server instances using Azure AD authentication with Windows Admin Center in Azure. If your Azure AD identity is part of the “Windows Admin Center Administrator Login” Azure RBAC role, you get access to the full suite of management capabilities that Windows Admin Center provides in the Azure Portal.
You can:
- Use Azure AD credentials to sign in to your Windows Server VMs:
- Running Windows Server 2016 or higher
- Running in Azure or Arc-enabled servers running on-premises
- Workgroup, domain-joined, or Azure AD-joined
- Reduce reliance on local administrator accounts
- Get SSO on your Windows Server machines
- Use all the protection and security with Azure AD Conditional Access and Identity Protection that are enforced for the Azure Portal (multifactor authentication, compliant device, user/sign-in risk, and others) to protect your Windows Server VMs
- Use Azure RBAC to grant the appropriate access to VMs based on need and remove it when it’s no longer needed
Here’s how to set it up
Add the “Windows Admin Center Administrator Login” role assignment:
Then, connect to Windows Admin Center as you always do:
Windows Admin Center will load without prompting for credentials:
And manage your Windows Server machines:
Getting started
If you already have Windows Admin Center deployed, all you need to do is ensure your Azure AD identity is part of the “Windows Admin Center Administrator Login” role and your “AdminCenter” extension is running v0.0.0.221 or higher. That's it! Learn more about that process in our Managing a Windows Server VM guide.
If you don’t have Windows Admin Center deployed, follow our documentation to deploy it on your Windows Server Azure IaaS VMs or Arc-enabled infrastructure.
We're so excited to offer this and can't wait to hear what you think. We'd love to hear your feedback at wacazp@microsoft.com.
Stay safe out there!
Alex Weinert (twitter: @Alex_t_weinert)
Learn more about Microsoft identity:
- Learn more about Windows Admin Center
- Get to know Microsoft Entra – a comprehensive identity and access product family
- Return to the Microsoft Entra (Azure AD) blog home
- Join the conversation on Twitter and LinkedIn
- Share product suggestions on the Entra (Azure AD) forum