Share via

How to RDP into my local Win11 Pro using O365 Account

Jimmy John 0 Reputation points
2025-09-26T02:03:17.1633333+00:00

I'm trying to RDP into my local Win11 Pro using O365 Account, on remote computer I select "use a web account to sign in to the remote computer" within MSTSC (Remote Desktop Connection) on my other Win 11 Pro PC, yet it fails to connect.

  1. Confirmed the remote computer is using Windows 11 Pro machine
  2. Confirmed the remote computer is Azure AD joined only, using O365 user account (Added AzureAD\John@<domain>.com to the local admin and RDP local group)
  3. Tried logging in with AzureAD\John@<domain>.com and using my password (not pin)
  4. Tested with NLA on and off

And still fails to connect. Requesting assistance.

Windows for business | Windows Client for IT Pros | User experience | Remote desktop services and terminal services
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Henry Mai 6,585 Reputation points Independent Advisor
    2025-09-26T02:56:32.51+00:00

    Hello Jimmy, I am Henry and I want to help you with your issue.

    The reason the connection is failing is that the client computer (the one you are connecting from) is not configured by default to send your modern Azure AD credentials to another machine.

    To fix this, you must enable a specific Group Policy setting on your local/client PC to trust the remote PC.

    1. Open the Local Group Policy Editor:
      • Press Windows Key + R, type gpedit.msc, and press Enter.
    2. Navigate to the Correct Policy:
      • Go to: Computer Configuration > Administrative Templates > System > Credentials Delegation
    3. Configure the Policy:
      • Find and double-click the policy named "Allow delegation of default credentials".
      • Set the policy to Enabled.
      • Click the Show... button.
      • In the new window, you must add the name of your remote computer to the list. The format is critical. Add a new entry with the value: TERMSRV/<name_of_your_remote_computer> (Example: TERMSRV/MyWorkPC or TERMSRV/MyWorkPC.lan)
      • Click OK twice to save and close the policy.
    4. Connect Again:
      • You should now be able to RDP to the remote machine using the "web account" option successfully.

    This is not a bug but a security feature. Your client PC will not send your sensitive Azure AD sign-in token across the network unless you explicitly tell it which servers are trusted to receive it.

    This is the official Microsoft Learn article that documents the entire process for connecting to an Azure AD-joined PC. It explicitly states that you must configure the "Allow delegation of default credentials" policy on the client machine and add the target server's name using the TERMSRV/ prefix.

    I hope you’ll give my recommendation a try and let me know how it goes and if this answer helps, feel free to hit “Accept Answer” so others can benefit too

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.