Configure Active Directory Interactive (with MFA Support) in Remote Desktop Manager

This topic covers Remote Desktop Manager versions 2022.1 and later. If you are using an earlier version, please see Configure an older Remote Desktop Manager version AD Interactive (with MFA support) instead.

Active Directory Interactive (with MFA support) allows you to authenticate on your Microsoft Azure SQL data source using your Office365 account and MFA.

When creating Azure SQL Active Directory users, you must be logged in with an Azure Active Directory user. Otherwise, it will fail and you will be notified of the error.

Use the servers defined Azure Active Directory administrator to create your first Remote Desktop Manager administrator users. Once you have created it, you can use this new account to create the other users.

Settings

Microsoft SQL Azure with MFA support
Microsoft SQL Azure with MFA support

  1. In Remote Desktop Manager, go to File – Data Sources and click on Add a New Data Source.
  2. Select the Microsoft Azure SQL data source type.
  3. Specify the Name and Host of your data source.
  4. In the Login mode drop-down menu, select Active Directory Interactive (with MFA Support).
  5. In the Username field, paste the Active Directory admin email you created in Microsoft Azure SQL Database.

    On first connect, the username must be the Active Directory administrator as defined in Configure the Azure Active Directory administrator. Once you add other AD users in Remote Desktop Manager, they will be able to connect.

    RDMWin2217
    If you get the error message Unable to connect to the database! Login failed for user '<token-identified principal>'., double-check the username for spelling errors.

  6. Enter the Database to authenticate to.
  7. Click OK.

When you choose Active Directory Interactive (with MFA Support), we have no control over any of the login prompts. We send the command to the Microsoft library to authenticate; the rest is controlled on their side.

Here are some considerations:

  • Has any Conditional Access Policy been added or changed recently that might have caused this to change in behaviour?
  • If they are on an Azure AD joined machine, you can try Active Directory Integrated and see if it works better for you.