![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 50%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 22%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETG%3C/text%3E%3C/svg%3E)
Hi @Anushree N,
Thank you for reaching out on Microsoft Q&A forum.
When Microsoft Entra ID authentication does not appear as a login option while connecting to a Windows VM through Azure Bastion, it usually means that one or more documented prerequisites are not fully met. As per Microsoft documentation, Entra ID authentication for RDP via Bastion in the Azure portal is still in Public Preview, and the option is displayed only if all conditions are satisfied; otherwise, it is hidden by design.
First, confirm that the Azure Bastion SKU is Standard or higher. Entra ID authentication is not supported on the Basic SKU, and in such cases the portal will not present Entra ID as an authentication method. Next, ensure the VM meets OS requirements—Windows Server 2022 or later is supported, which aligns with your configuration.
Additionally, the VM must have the AADLoginForWindows extension installed and in a Succeeded state. This extension enables Entra ID–based sign‑in, and without it the Bastion connection blade will not surface the Entra ID login option. The connecting user must also be explicitly assigned either the Virtual Machine Administrator Login or Virtual Machine User Login RBAC role on the VM or its scope; having Owner or Contributor alone is not sufficient for sign‑in permissions.
It’s also important to note that Microsoft Entra ID authentication for RDP in the Azure portal via Bastion is currently in Public Preview and is being rolled out gradually across regions. If the feature is not yet enabled in a specific region, such as North Europe, the portal may not show the Entra ID option even when the VM is correctly configured. In such cases, Microsoft recommends using Azure Bastion with the native RDP client (via Azure CLI) as a supported alternative for Entra ID–based authentication.
Kindly let us know if the above helps or you need further assistance on this issue.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
