RDP connect to a Microsoft Entra joined machine - macOS edition

Overview

RDP connection to a Microsoft Entra–joined machine using Entra ID cloud account from macOS is not as straightforward as it seems. Microsoft Learn has articles that describe setup and connection from Windows, but they don’t cover the macOS perspective.

My setup

• VM running in home server lab using Windows 11 24H2
• macOS with Windows App

Entra join the machine

• Settings -> Accounts -> Access work or school

• Add a work or school account -> Join this device to Microsoft Entra ID

Allow RDP connections

• Settings -> System -> Remote Desktop

Add users to Remote Desktop Users group

• Run this in terminal, and change to your UPN

net localgroup "Remote Desktop Users" /add "AzureAD\<userUPN>"

Create a custom .rdp file

• Change the hostname to your own. Do not use FQDN such as "hostname.mydomain.com".

full address:s:your-own-hostname:3389
prompt for credentials:i:1
administrative session:i:1
enablerdsaadauth:i:1
targetisaadjoined:i:1
screen mode id:i:1

Solving local DNS lookup

• Since my VM is running locally on my lab host, I decided to create a custom DNS record in my Unifi gateway.
• Unifi -> Settings -> Policy Table -> Create New Policy

Connect

• Run the .rdp file, and make sure it open in the Windows App.
• You're now prompted for web login. Log in with the user added in previous steps, and provide any additional authentication such as MFA.
• You should now be logged into the machine with your Entra ID account.

References

• Microsoft Learn | Connect to remote Microsoft Entra joined device