Edit

Share via


How to connect using Remote Desktop and sign on to an Azure virtual machine running Windows

Applies to: ✔️ Windows VMs ✔️ Flexible scale sets

You can create a remote desktop connection to a virtual machine (VM) running Windows in Azure.

To connect to a Windows VM from a Mac, you will need to install an RDP client for Mac such as Microsoft Remote Desktop.

Prerequisites

  • In order to connect to a Windows Virtual Machine via RDP you need TCP connectivity to the machine on the port where Remote Desktop service is listening (3389 by default). You can validate an appropriate port is open for RDP using the troubleshooter or by checking manually in your VM settings. To check if the TCP port is open (assuming default):

    1. Navigate to the page for the VM. From the service menu, under Networking, select Network settings.
    2. On the Network settings page, check to see if there's a rule which allows TCP on port 3389 from the IP address of the computer you're using to connect to the VM. If the rule exists, you can move to the next section.
    3. If there isn't a rule, add one by selecting + Create port rule > Inbound port rule.
    4. From the Service dropdown, select RDP.
    5. Edit Priority and Source if necessary.
    6. For Name, type Port_3389.
    7. When finished, select Add.
    8. You should now have an RDP rule in the table of inbound port rules.
  • Your VM must have a public IP address. To check if your VM has a public IP address, select Overview from the service menu and look at the Networking section. If you see an IP address next to Public IP address, then your VM has a public IP. To learn more about adding a public IP address to an existing VM, see Associate a public IP address to a virtual machine.

  • Verify your VM is running. From the VM Overview, in the essentials section, verify the status of the VM is Running. To start the VM, select Start at the top of the page.

Connect to the virtual machine

Follow these steps:

  1. Go to the Azure portal to connect to a VM. Search for and select Virtual machines.

  2. Select the virtual machine from the list.

  3. At the beginning of the virtual machine page, select Connect.

  4. On the Connect page, select Native RDP. By default, Native RDP is the top connection method — you may have to select "More ways to connect" and "Connect via RDP" first. Next, select the appropriate IP address and Port number. In most cases, the default IP address (Local IP Range) and port (3389) should be used. Select Download RDP File and ignore any warning about the RDP file harming your device. If the VM has a Just-In-Time (JIT) policy set, you first need to select the Request access button to request access before you can connect via the downloaded RDP file. For more information about the just-in-time policy, see Manage virtual machine access using the just in time policy.

  5. Open the downloaded RDP file and select Connect when prompted. You will get a warning that the .rdp file is from an unknown publisher. This is expected. In the Remote Desktop Connection window, select Connect to continue.

    Screenshot of a warning about an unknown publisher.

  6. If you're not automatically logged on to the VM, select More choices in the Windows Security window and then Use a different account. Enter the credentials for an account on the virtual machine and then select OK.

    Local account: This is usually the local account user name and password that you specified when you created the virtual machine. In this case, the domain is the name of the virtual machine and it is entered as vmname\username.

    Domain joined VM: If the VM belongs to a domain, enter the user name in the format Domain\Username. The account also needs to either be in the Administrators group or have been granted remote access privileges to the VM.

    Domain controller: If the VM is a domain controller, enter the user name and password of a domain administrator account for that domain.

  7. Select Yes to verify the identity of the virtual machine and finish logging on.

    Screenshot showing a message about verifying the identity of the VM.

    Tip

    If the Connect button in the portal is grayed-out and you aren't connected to Azure via an ExpressRoute or Site-to-Site VPN connection, you'll need to create and assign your VM a public IP address before you can use RDP. For more information, see Public IP addresses in Azure.

Connect to the virtual machine using PowerShell

If you're using PowerShell and have the Azure PowerShell module installed, you may also connect using the Get-AzRemoteDesktopFile cmdlet, as shown here. Make sure you're logged in to your Azure account using Connect-AzAccount before running the command.

  1. This example will immediately launch the RDP connection, taking you through similar prompts as above.

    Get-AzRemoteDesktopFile -ResourceGroupName "RgName" -Name "VmName" -Launch
    
  2. You may also save the RDP file for future use.

    Get-AzRemoteDesktopFile -ResourceGroupName "RgName" -Name "VmName" -LocalPath "C:\Path\to\folder"