Entra ID login is finally coming to RDP in the Azure portal

Microsoft is rolling out public preview support for Entra ID authentication for RDP connections directly inside the Azure portal. For years, Azure Bastion has offered secure RDP and SSH access, but with one catch: portal-based RDP still relied on traditional VM credentials or a password stored in Key Vault. It worked, but it felt dated. Now, Microsoft is finally fixing that.

Until now, using Bastion inside the browser meant digging up a VM’s local username and password. With Entra ID stepping in, that treasure hunt is over. This new preview lets you log in directly with your organization identity, no local credentials required. It’s a smoother, centralized, one-click experience that also tightens security by removing scattered passwords from the equation.

It also follows Microsoft’s wider push towards identity-driven access everywhere, from SSH to native RDP clients, and now, finally, to the Azure portal’s built-in session.

How to try it?

• Make sure the user has the Virtual Machine User Login or the Virtual Machine Administrator Login role.
• Confirm the VM has the AADLoginForWindows extension enabled (you can add it during or after VM creation).
• Head to the VM in the Azure portal > Connect > Bastion.
• Choose Microsoft Entra ID as the authentication type.
• Finally, click Connect, and you’re in.

This preview makes Bastion feel far more modern and user-friendly. And for IT teams looking to eliminate credential sprawl, it’s an upgrade worth testing right away.